I restarted in safe mode. I followed all instructions and rebooted to normal mode. I downloaded the two programs to the desktop. Then as I was going to run the first program when firefox started auto scrolling. I closed firefox and started the first program, upon completion it would not allow me to save the file. The file name was blank and I could not type anything in the box for name. Should I run the programs in safe mode?
Solved Malware causing havoc
- Thread starter harveydf
- Start date
I ran both programs in safe mode. Here is the log.
MiniToolBox by Farbar
Ran by Harveydf (administrator) on 12-08-2011 at 11:59:32
Windows Vista (TM) Home Premium Service Pack 2 (X86)
***************************************************************************
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
========================= FF Proxy Settings: ==============================
========================= Hosts content: =================================
127.0.0.1 localhost
========================= IP Configuration: ================================
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
reset
set global
popd
# End of IPv4 configuration
Windows IP Configuration
Host Name . . . . . . . . . . . . : Harveydf-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : NVIDIA nForce 10/100 Mbps Ethernet
Physical Address. . . . . . . . . : 00-1E-90-66-FE-E3
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::dd1b:ac8c:8e89:88d8%8(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.64(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, August 12, 2011 11:45:52 AM
Lease Expires . . . . . . . . . . : Saturday, August 13, 2011 11:45:52 AM
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 201334416
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0E-D9-20-8F-00-1E-90-64-0C-48
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter Local Area Connection* 6:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:3c57:3229:3f57:febf(Preferred)
Link-local IPv6 Address . . . . . : fe80::3c57:3229:3f57:febf%9(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter Local Area Connection* 7:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : isatap.gateway.2wire.net
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: home
Address: 192.168.1.254
DNS request timed out.
timeout was 2 seconds.
Pinging google.com [74.125.224.147] with 32 bytes of data:
Reply from 74.125.224.147: bytes=32 time=28ms TTL=53
Reply from 74.125.224.147: bytes=32 time=26ms TTL=53
Ping statistics for 74.125.224.147:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 26ms, Maximum = 28ms, Average = 27ms
Server: home
Address: 192.168.1.254
Name: yahoo.com
Addresses: 69.147.125.65
72.30.2.43
98.137.149.56
209.191.122.70
67.195.160.76
Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=69ms TTL=54
Reply from 209.191.122.70: bytes=32 time=73ms TTL=54
Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 69ms, Maximum = 73ms, Average = 71ms
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
8 ...00 1e 90 66 fe e3 ...... NVIDIA nForce 10/100 Mbps Ethernet
1 ........................... Software Loopback Interface 1
9 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
13 ...00 00 00 00 00 00 00 e0 isatap.gateway.2wire.net
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.64 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.64 276
192.168.1.64 255.255.255.255 On-link 192.168.1.64 276
192.168.1.255 255.255.255.255 On-link 192.168.1.64 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.64 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.64 276
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
9 18 ::/0 On-link
1 306 ::1/128 On-link
9 18 2001::/32 On-link
9 266 2001:0:4137:9e76:3c57:3229:3f57:febf/128
On-link
8 276 fe80::/64 On-link
9 266 fe80::/64 On-link
9 266 fe80::3c57:3229:3f57:febf/128
On-link
8 276 fe80::dd1b:ac8c:8e89:88d8/128
On-link
1 306 ff00::/8 On-link
9 266 ff00::/8 On-link
8 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Event log errors: ===============================
Application errors:
==================
Error: (08/12/2011 03:22:38 AM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
Error: (08/11/2011 04:36:55 PM) (Source: Perflib) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
Error: (08/11/2011 00:11:28 AM) (Source: McLogEvent) (User: SYSTEM)SYSTEM
Description: MCSCAN32 Engine Initialisation failed.
Engine returned error : 3
Error: (08/10/2011 11:54:04 PM) (Source: LoadPerf) (User: )
Description: 864416
Error: (08/10/2011 11:54:01 PM) (Source: LoadPerf) (User: )
Description: WmiApRplWmiApRpl8
Error: (08/10/2011 11:54:01 PM) (Source: LoadPerf) (User: )
Description: 864416
Error: (08/10/2011 11:46:52 PM) (Source: McLogEvent) (User: SYSTEM)SYSTEM
Description: MCSCAN32 Engine Initialisation failed.
Engine returned error : 3
Error: (08/10/2011 11:42:59 PM) (Source: McLogEvent) (User: SYSTEM)SYSTEM
Description: MCSCAN32 Engine Initialisation failed.
Engine returned error : 3
Error: (08/10/2011 09:09:41 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE SECURITYCENTER.LNK> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (08/10/2011 09:09:41 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE SECURITYCENTER.LNK> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
System errors:
=============
Error: (08/12/2011 11:56:52 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
Description: 0x80070020Security Update for Windows Vista (KB2563894){90251517-2EF3-4FF2-AA8F-7B463B3D4BD9}102
Error: (08/12/2011 11:56:52 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
Description: 0x80070020Security Update for Windows Vista (KB2556532){E01D3C24-0F19-4483-B664-E6387654A2FA}102
Error: (08/12/2011 11:56:52 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
Description: 0x80070020Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Vista SP2 and Windows Server 2008 SP2 x86 (KB2539633){D25A3C25-89A8-4701-8E07-B4AC308473D3}102
Error: (08/12/2011 11:49:07 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
Description: 0x80070020Security Update for Windows Vista (KB2507938){F5B61030-0598-4938-894B-48DAF6E482C3}104
Error: (08/12/2011 11:49:07 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
Description: 0x80070020Update for Windows Vista (KB2563227){FA0D4E30-DC73-41BB-95D5-B3A4DAF7A95F}100
Error: (08/12/2011 11:49:07 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
Description: 0x80070020Update for Windows Vista (KB2533623){378A8A33-B781-4F63-82ED-23C51EEDCACF}102
Error: (08/12/2011 11:49:07 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
Description: 0x80070020Update for Windows Mail Junk E-mail Filter [August 2011] (KB905866){5B014E51-A72C-4153-8348-8E20FCE03EA5}100
Error: (08/12/2011 11:49:07 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
Description: 0x80070020Cumulative Security Update for Internet Explorer 9 for Windows Vista (KB2559049){E56F8457-94E9-4FC2-8DFF-0615405C4C39}101
Error: (08/12/2011 11:49:07 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
Description: 0x80070020Security Update for Windows Vista (KB2555917){3697DEB7-4AF1-4A4A-A16B-5FED1A2FB9D8}102
Error: (08/12/2011 11:49:07 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
Description: 0x80070020Update Rollup for ActiveX Killbits for Windows Vista (KB2562937){A72EBFCA-5B2C-4A8E-8967-234068079733}103
Microsoft Office Sessions:
=========================
Error: (06/29/2011 03:15:39 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 207868 seconds with 2700 seconds of active time. This session ended with a crash.
========================= Memory info: ===================================
Percentage of memory in use: 32%
Total physical RAM: 3325.57 MB
Available physical RAM: 2229.49 MB
Total Pagefile: 7849.06 MB
Available Pagefile: 6611.16 MB
Total Virtual: 2047.88 MB
Available Virtual: 1972.96 MB
========================= Partitions: =====================================
1 Drive c: () (Fixed) (Total:324.26 GB) (Free:244.31 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:11.03 GB) (Free:4.5 GB) NTFS
9 Drive k: (CRUZER) (Removable) (Total:7.5 GB) (Free:7.5 GB) FAT32
========================= Users: ========================================
User accounts for \\HARVEYDF-PC
Administrator Guest Harveydf
Even after disabling services and startup per your instructions, I can not connect my browsers. Explorer doesn't work either to run Esent scanner.
MiniToolBox by Farbar
Ran by Harveydf (administrator) on 12-08-2011 at 11:59:32
Windows Vista (TM) Home Premium Service Pack 2 (X86)
***************************************************************************
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
========================= FF Proxy Settings: ==============================
========================= Hosts content: =================================
127.0.0.1 localhost
========================= IP Configuration: ================================
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
reset
set global
popd
# End of IPv4 configuration
Windows IP Configuration
Host Name . . . . . . . . . . . . : Harveydf-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : NVIDIA nForce 10/100 Mbps Ethernet
Physical Address. . . . . . . . . : 00-1E-90-66-FE-E3
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::dd1b:ac8c:8e89:88d8%8(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.64(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, August 12, 2011 11:45:52 AM
Lease Expires . . . . . . . . . . : Saturday, August 13, 2011 11:45:52 AM
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 201334416
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0E-D9-20-8F-00-1E-90-64-0C-48
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter Local Area Connection* 6:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:3c57:3229:3f57:febf(Preferred)
Link-local IPv6 Address . . . . . : fe80::3c57:3229:3f57:febf%9(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter Local Area Connection* 7:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : isatap.gateway.2wire.net
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: home
Address: 192.168.1.254
DNS request timed out.
timeout was 2 seconds.
Pinging google.com [74.125.224.147] with 32 bytes of data:
Reply from 74.125.224.147: bytes=32 time=28ms TTL=53
Reply from 74.125.224.147: bytes=32 time=26ms TTL=53
Ping statistics for 74.125.224.147:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 26ms, Maximum = 28ms, Average = 27ms
Server: home
Address: 192.168.1.254
Name: yahoo.com
Addresses: 69.147.125.65
72.30.2.43
98.137.149.56
209.191.122.70
67.195.160.76
Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=69ms TTL=54
Reply from 209.191.122.70: bytes=32 time=73ms TTL=54
Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 69ms, Maximum = 73ms, Average = 71ms
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
8 ...00 1e 90 66 fe e3 ...... NVIDIA nForce 10/100 Mbps Ethernet
1 ........................... Software Loopback Interface 1
9 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
13 ...00 00 00 00 00 00 00 e0 isatap.gateway.2wire.net
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.64 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.64 276
192.168.1.64 255.255.255.255 On-link 192.168.1.64 276
192.168.1.255 255.255.255.255 On-link 192.168.1.64 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.64 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.64 276
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
9 18 ::/0 On-link
1 306 ::1/128 On-link
9 18 2001::/32 On-link
9 266 2001:0:4137:9e76:3c57:3229:3f57:febf/128
On-link
8 276 fe80::/64 On-link
9 266 fe80::/64 On-link
9 266 fe80::3c57:3229:3f57:febf/128
On-link
8 276 fe80::dd1b:ac8c:8e89:88d8/128
On-link
1 306 ff00::/8 On-link
9 266 ff00::/8 On-link
8 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Event log errors: ===============================
Application errors:
==================
Error: (08/12/2011 03:22:38 AM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
Error: (08/11/2011 04:36:55 PM) (Source: Perflib) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
Error: (08/11/2011 00:11:28 AM) (Source: McLogEvent) (User: SYSTEM)SYSTEM
Description: MCSCAN32 Engine Initialisation failed.
Engine returned error : 3
Error: (08/10/2011 11:54:04 PM) (Source: LoadPerf) (User: )
Description: 864416
Error: (08/10/2011 11:54:01 PM) (Source: LoadPerf) (User: )
Description: WmiApRplWmiApRpl8
Error: (08/10/2011 11:54:01 PM) (Source: LoadPerf) (User: )
Description: 864416
Error: (08/10/2011 11:46:52 PM) (Source: McLogEvent) (User: SYSTEM)SYSTEM
Description: MCSCAN32 Engine Initialisation failed.
Engine returned error : 3
Error: (08/10/2011 11:42:59 PM) (Source: McLogEvent) (User: SYSTEM)SYSTEM
Description: MCSCAN32 Engine Initialisation failed.
Engine returned error : 3
Error: (08/10/2011 09:09:41 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE SECURITYCENTER.LNK> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (08/10/2011 09:09:41 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE SECURITYCENTER.LNK> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
System errors:
=============
Error: (08/12/2011 11:56:52 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
Description: 0x80070020Security Update for Windows Vista (KB2563894){90251517-2EF3-4FF2-AA8F-7B463B3D4BD9}102
Error: (08/12/2011 11:56:52 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
Description: 0x80070020Security Update for Windows Vista (KB2556532){E01D3C24-0F19-4483-B664-E6387654A2FA}102
Error: (08/12/2011 11:56:52 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
Description: 0x80070020Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Vista SP2 and Windows Server 2008 SP2 x86 (KB2539633){D25A3C25-89A8-4701-8E07-B4AC308473D3}102
Error: (08/12/2011 11:49:07 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
Description: 0x80070020Security Update for Windows Vista (KB2507938){F5B61030-0598-4938-894B-48DAF6E482C3}104
Error: (08/12/2011 11:49:07 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
Description: 0x80070020Update for Windows Vista (KB2563227){FA0D4E30-DC73-41BB-95D5-B3A4DAF7A95F}100
Error: (08/12/2011 11:49:07 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
Description: 0x80070020Update for Windows Vista (KB2533623){378A8A33-B781-4F63-82ED-23C51EEDCACF}102
Error: (08/12/2011 11:49:07 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
Description: 0x80070020Update for Windows Mail Junk E-mail Filter [August 2011] (KB905866){5B014E51-A72C-4153-8348-8E20FCE03EA5}100
Error: (08/12/2011 11:49:07 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
Description: 0x80070020Cumulative Security Update for Internet Explorer 9 for Windows Vista (KB2559049){E56F8457-94E9-4FC2-8DFF-0615405C4C39}101
Error: (08/12/2011 11:49:07 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
Description: 0x80070020Security Update for Windows Vista (KB2555917){3697DEB7-4AF1-4A4A-A16B-5FED1A2FB9D8}102
Error: (08/12/2011 11:49:07 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
Description: 0x80070020Update Rollup for ActiveX Killbits for Windows Vista (KB2562937){A72EBFCA-5B2C-4A8E-8967-234068079733}103
Microsoft Office Sessions:
=========================
Error: (06/29/2011 03:15:39 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 207868 seconds with 2700 seconds of active time. This session ended with a crash.
========================= Memory info: ===================================
Percentage of memory in use: 32%
Total physical RAM: 3325.57 MB
Available physical RAM: 2229.49 MB
Total Pagefile: 7849.06 MB
Available Pagefile: 6611.16 MB
Total Virtual: 2047.88 MB
Available Virtual: 1972.96 MB
========================= Partitions: =====================================
1 Drive c: () (Fixed) (Total:324.26 GB) (Free:244.31 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:11.03 GB) (Free:4.5 GB) NTFS
9 Drive k: (CRUZER) (Removable) (Total:7.5 GB) (Free:7.5 GB) FAT32
========================= Users: ========================================
User accounts for \\HARVEYDF-PC
Administrator Guest Harveydf
Even after disabling services and startup per your instructions, I can not connect my browsers. Explorer doesn't work either to run Esent scanner.
I'm sorry, that was the wrong log.
Results of screen317's Security Check version 0.99.7
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
McAfee SecurityCenter
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java(TM) 6 Update 26
Java(TM) SE Runtime Environment 6 Update 1
Out of date Java installed!
Adobe Flash Player 10.3.181.34
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````
Results of screen317's Security Check version 0.99.7
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
McAfee SecurityCenter
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java(TM) 6 Update 26
Java(TM) SE Runtime Environment 6 Update 1
Out of date Java installed!
Adobe Flash Player 10.3.181.34
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````
Broni
Posts: 56,041 +517
Uninstall Java(TM) SE Runtime Environment 6 Update 1
Update Adobe Reader
You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.
Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.
Update Adobe Reader
You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.
Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.
I don't have internet in the safe mode, but will reboot into normal mode and give it a try. I have not had a working connection there for some time, but I will try. I will have to search for the link first, because I have not been able to access our forum on the sick machine for quite awhile now. By the way congrats on the thread with funkduck, I saw you and him solved his problems. It gives me hope.
Broni
Posts: 56,041 +517
The problem with you is, that I'm not even sure if this is about an infection.
If you're unable to run Eset download this tool on good computer and move it to bad computer.
Please click HERE to download Kaspersky Virus Removal Tool.
If you're unable to run Eset download this tool on good computer and move it to bad computer.
Please click HERE to download Kaspersky Virus Removal Tool.
- Double click on the file you just downloaded and let it install.
- It will install to your desktop (be patient; it may take a while).
- Accept license agreement and click "Start" button.
- Click on Settings button
- In Scan scope leave pre-checked items as they're and also checkmark My Computer
- In Actions checkmark Select action: (disinfect; delete if disinfection fails) instead of preselected Prompt on detection
- Click on Automatic Scan tab and then click on Start scanning button.
- Before it is done it may prompt for action regardless of the setting so choose delete if prompted.
- When the scan is done NO log will be produced.
- Click on Report button then on Automatic Scan report tab.
- Right click anywhere within right pane, click Select All then right click again and click Copy.
- This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
- You can save this on the desktop.
- Post the contents of the document in your next reply.
Broni
Posts: 56,041 +517
Hi Broni
Things are not good. The second machine is infected, and there was a third machine on the network and it to has symtoms too . Before Kasperky died it gave me some clues. When Kasperky finished running on machine 1, I opened the log of the quick scan and copied and pasted it to notepad. I should have realized something was up because the pasted selection was trying to being erased from the bottom up, as I pasted the text. When I closed Kasperky it erased the log. But I saw the log, first it archived Kaspersky as a rar.exe file in one line and password protected it in the next. It packed sys 32 wlanapi.dll and moved it to a folder called pe_patch_stolen. It packed 21 .sys files and moved them to sys1132 folder. It renamed combofix and pack it to a directory called UPX, there it archived 21 files and ziped 2 others. It packed and archived Hijackthis.exe and sifxinst. It renamed aswmbr.exe and moved it to a folder upx.
On the second computer there was more damage.
There is a rar program on the root of c drive and it has a x thru the uninstall icon. This explains how I could boot in normal mode but not much functionality.
If you been holding back the big guns, I think we need them now.
Things are not good. The second machine is infected, and there was a third machine on the network and it to has symtoms too . Before Kasperky died it gave me some clues. When Kasperky finished running on machine 1, I opened the log of the quick scan and copied and pasted it to notepad. I should have realized something was up because the pasted selection was trying to being erased from the bottom up, as I pasted the text. When I closed Kasperky it erased the log. But I saw the log, first it archived Kaspersky as a rar.exe file in one line and password protected it in the next. It packed sys 32 wlanapi.dll and moved it to a folder called pe_patch_stolen. It packed 21 .sys files and moved them to sys1132 folder. It renamed combofix and pack it to a directory called UPX, there it archived 21 files and ziped 2 others. It packed and archived Hijackthis.exe and sifxinst. It renamed aswmbr.exe and moved it to a folder upx.
On the second computer there was more damage.
There is a rar program on the root of c drive and it has a x thru the uninstall icon. This explains how I could boot in normal mode but not much functionality.
If you been holding back the big guns, I think we need them now.
Broni
Posts: 56,041 +517
Let's see, if we can look at your computer booting from an external source.
Please download OTLPE (filesize 120,9 MB)
Please download OTLPE (filesize 120,9 MB)
- When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
- Reboot your system using the boot CD you just created.
- Note : If you do not know how to set your computer to boot from CD follow the steps HERE
- Your system should now display a REATOGO-X-PE desktop.
- Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
- Double-click on the OTLPE icon.
- When asked Do you wish to load the remote registry, select Yes
- When asked Do you wish to load remote user profile(s) for scanning, select Yes
- Ensure the box Automatically Load All Remaining Users" is checked and press OK
- OTL should now start.
- Press Run Scan to start the scan.
- When finished, the file will be saved in drive C:\OTL.txt
- Copy this file to your USB drive if you do not have internet connection on this system
- Please post the contents of the OTL.txt file in your reply.
I'm afraid in my haste I probably caused the program to fail. I executed the exe and didn't run it as a administrator. After the program ran, I got the message a program may have not installed properly, so I ran it a again, that is when I got the message. The good news is the disc works. Here is the log.
OTL logfile created on: 8/14/2011 10:31:05 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 87.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): c:\pagefile.sys 4603 4603 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 324.26 Gb Total Space | 241.63 Gb Free Space | 74.52% Space Free | Partition Type: NTFS
Drive H: | 11.03 Gb Total Space | 4.51 Gb Free Space | 40.87% Space Free | Partition Type: NTFS
Drive I: | 24.41 Gb Total Space | 24.33 Gb Free Space | 99.65% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled] -- -- (Apple Mobile Device)
SRV - [2011/07/06 22:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Disabled] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/20 05:04:08 | 000,176,128 | ---- | M] (AMD) [Disabled] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/04/14 17:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2011/04/14 17:01:38 | 000,171,168 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe -- (McShield)
SRV - [2011/04/14 17:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2011/02/16 18:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/10/08 00:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/08/24 00:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/03/31 00:47:31 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [Disabled] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2010/03/10 14:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 14:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 14:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 14:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 14:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/01/09 16:37:48 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/08/29 17:58:47 | 000,181,800 | ---- | M] (WildTangent, Inc.) [Disabled] -- C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Disabled] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand] -- -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand] -- -- (mfeavfk01)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - File not found [Kernel | On_Demand] -- -- (ALSysIO)
DRV - [2011/07/06 22:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/06/13 05:20:42 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2011/06/13 05:20:42 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2011/06/13 05:20:29 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2011/06/13 05:20:26 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot] -- C:\Windows\System32\drivers\tdrpman.sys -- (tdrpman)
DRV - [2011/04/20 05:43:42 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011/04/20 05:43:42 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/04/20 04:22:10 | 000,243,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/04/14 17:01:38 | 000,387,480 | ---- | M] (McAfee, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/04/14 17:01:38 | 000,314,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/04/14 17:01:38 | 000,165,032 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2011/04/14 17:01:38 | 000,153,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/04/14 17:01:38 | 000,095,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/04/14 17:01:38 | 000,084,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/04/14 17:01:38 | 000,064,584 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2011/04/14 17:01:38 | 000,056,064 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/04/14 17:01:38 | 000,052,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/11/09 18:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010/08/12 15:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
DRV - [2009/09/16 13:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 13:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2008/10/07 23:38:21 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2007/08/09 22:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/06/29 13:11:02 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/20 07:28:38 | 000,267,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2007/04/13 13:30:39 | 000,025,136 | ---- | M] (America Online) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atwpkt2.sys -- (ATWPKT2)
DRV - [2007/01/19 13:53:43 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2007/01/19 13:53:42 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2006/11/29 18:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2006/11/02 04:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/11/02 03:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel(R)
DRV - [2006/11/02 03:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006/11/02 03:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2004/04/13 13:54:58 | 000,016,509 | ---- | M] (Palm, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2004/02/04 14:27:56 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tiehdusb.sys -- (TIEHDUSB)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5662
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5662
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\Harveydf_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Harveydf_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/?_bc=1
IE - HKU\Harveydf_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Harveydf_ON_C\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\Harveydf_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\Harveydf_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Harveydf_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Startpage"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://att.my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07076007
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: ilab@intuit:1.7
FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:2.1.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.5.21amo
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {C6F77964-B0B5-4953-A144-93051184EC0C}:1.4
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.5
FF - prefs.js..extensions.enabledItems: {cd617375-6743-4ee8-bac4-fbf10f35729e}:2.8.7
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1:
FF - HKCU\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Users\Harveydf\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/08/10 03:26:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/30 23:24:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/14 17:43:54 | 000,000,000 | ---D | M]
[2008/09/01 01:53:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Extensions
[2011/08/12 17:25:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions
[2011/08/09 00:04:22 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010/06/25 16:16:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/26 21:42:12 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2011/06/30 04:56:44 | 000,000,000 | ---D | M] (FlashResizer) -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions\{C6F77964-B0B5-4953-A144-93051184EC0C}
[2011/08/09 00:18:06 | 000,000,000 | ---D | M] ("RightToClick") -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}
[2011/05/26 21:42:12 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/03/15 22:50:42 | 000,000,000 | ---D | M] ("ThumbStrips") -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions\ilab@intuit
[2008/03/28 13:36:45 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions\moveplayer@movenetworks.com
[2011/03/26 23:56:20 | 000,000,000 | ---D | M] (SkipScreen) -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions\SkipScreen@SkipScreen
[2011/05/26 21:42:14 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions\zotero@chnm.gmu.edu
[2011/08/11 20:33:22 | 000,005,457 | ---- | M] () -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\searchplugins\startpage.xml
[2011/08/11 08:14:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/30 01:46:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/18 12:45:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/18 23:45:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/19 16:02:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/09 02:17:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2008/09/01 01:53:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2011/08/10 03:26:29 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2007/08/24 07:52:00 | 000,300,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll
[2011/04/14 17:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2011/05/04 07:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/06/30 04:44:11 | 006,271,648 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll
O1 HOSTS File: ([2011/08/11 23:37:45 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110510034359.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Windows\System32\BAE.dll (Gateway Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\Harveydf_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Harveydf_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Harveydf_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 1
O7 - HKU\Harveydf_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O7 - HKU\Harveydf_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\Harveydf_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/08/14 22:44:10 | 127,231,689 | ---- | C] (Igor Pavlov) -- C:\Users\Harveydf\Desktop\OTLPENet.exe
[2011/08/14 19:19:58 | 004,171,239 | ---- | C] (Swearware) -- C:\Users\Harveydf\Desktop\Harvey_081411.exe
[2011/08/14 19:19:58 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Harveydf\Desktop\esetsmartinstaller_enu_081411.exe
[2011/08/12 18:26:25 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Harveydf\Desktop\TFC.exe
[2011/08/12 18:17:43 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/08/12 18:17:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/08/12 14:58:24 | 001,404,720 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Harveydf\Desktop\tdsskiller.exe
[2011/08/12 00:31:16 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Harveydf\Desktop\OTL.exe
[2011/08/11 23:47:26 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/08/11 23:37:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/08/11 23:20:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/08/11 23:20:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/08/11 23:20:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/08/11 23:20:47 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/08/11 23:18:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/11 22:37:20 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Users\Harveydf\Desktop\aswMBR.exe
[2011/08/11 19:41:13 | 000,607,017 | R--- | C] (Swearware) -- C:\Users\Harveydf\Desktop\dds.scr
[2011/08/11 19:12:45 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/08/11 19:12:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/11 19:12:41 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/08/11 19:12:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/11 18:42:24 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Harveydf\Desktop\mbam-setup-1.51.1.1800.exe
[2011/08/11 17:11:36 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/08/10 06:07:58 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/08/10 06:07:57 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/08/10 06:07:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/08/10 06:07:56 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/08/10 06:07:56 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/08/10 06:07:55 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/08/10 04:27:18 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/08/10 04:26:36 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/08/10 04:26:36 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/08/04 09:52:22 | 000,000,000 | ---D | C] -- C:\Users\Harveydf\AppData\Roaming\ImgBurn
[2011/08/04 09:46:53 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2011/08/04 05:50:15 | 000,000,000 | ---D | C] -- C:\Users\Harveydf\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/08/02 02:43:57 | 000,188,808 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Windows\System32\drivers\eudisk.sys
[2011/08/02 02:43:57 | 000,021,896 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Windows\System32\drivers\eufs.sys
[2011/08/02 02:43:57 | 000,015,240 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Windows\System32\drivers\eudskacs.sys
[2011/08/02 02:43:56 | 000,031,112 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Windows\System32\drivers\eubakup.sys
========== Files - Modified Within 30 Days ==========
[2011/08/14 23:37:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/14 23:37:47 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/14 23:37:47 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/14 23:29:37 | 000,708,516 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/14 23:29:37 | 000,144,490 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/14 23:22:10 | 3488,079,872 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/14 22:39:31 | 127,231,689 | ---- | M] (Igor Pavlov) -- C:\Users\Harveydf\Desktop\OTLPENet.exe
[2011/08/14 19:13:02 | 102,303,544 | ---- | M] () -- C:\Users\Harveydf\Desktop\kapersky2_081411.exe
[2011/08/14 18:44:13 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Harveydf\Desktop\esetsmartinstaller_enu_081411.exe
[2011/08/14 18:12:26 | 004,171,239 | ---- | M] (Swearware) -- C:\Users\Harveydf\Desktop\Harvey_081411.exe
[2011/08/14 00:20:23 | 001,008,092 | ---- | M] () -- C:\Users\Harveydf\Desktop\rkill.scr
[2011/08/12 21:42:24 | 102,027,600 | ---- | M] () -- C:\Users\Harveydf\Desktop\setup_11.0.0.1245.x01_2011_08_13_03_10.exe
[2011/08/12 18:26:35 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Harveydf\Desktop\TFC.exe
[2011/08/12 18:26:00 | 000,879,028 | ---- | M] () -- C:\Users\Harveydf\Desktop\SecurityCheck.exe
[2011/08/12 18:17:43 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2011/08/12 18:17:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/08/12 14:33:40 | 001,404,720 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Harveydf\Desktop\tdsskiller.exe
[2011/08/12 14:31:52 | 000,376,189 | ---- | M] () -- C:\Users\Harveydf\Desktop\MiniToolBox.exe
[2011/08/12 00:31:17 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Harveydf\Desktop\OTL.exe
[2011/08/11 23:54:20 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/08/11 23:37:45 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/08/11 23:09:57 | 000,000,512 | ---- | M] () -- C:\MBR081411.dat
[2011/08/11 23:09:57 | 000,000,512 | ---- | M] () -- C:\Users\Harveydf\Desktop\MBR.dat
[2011/08/11 22:51:28 | 001,008,092 | ---- | M] () -- C:\Users\Harveydf\Desktop\rkill.com
[2011/08/11 22:37:44 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Users\Harveydf\Desktop\aswMBR.exe
[2011/08/11 19:41:16 | 000,607,017 | R--- | M] (Swearware) -- C:\Users\Harveydf\Desktop\dds.scr
[2011/08/11 19:27:49 | 000,302,592 | ---- | M] () -- C:\Users\Harveydf\Desktop\ufhbk1mo.exe
[2011/08/11 19:12:45 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/11 19:12:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/11 18:44:08 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Harveydf\Desktop\mbam-setup-1.51.1.1800.exe
[2011/08/11 16:03:55 | 000,308,659 | ---- | M] () -- C:\Users\Harveydf\AppData\Local\census.cache
[2011/08/11 16:03:36 | 000,188,735 | ---- | M] () -- C:\Users\Harveydf\AppData\Local\ars.cache
[2011/08/11 15:44:13 | 000,000,036 | ---- | M] () -- C:\Users\Harveydf\AppData\Local\housecall.guid.cache
[2011/08/11 06:23:30 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/11 03:11:18 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3010283643-4083402107-944152190-1000UA.job
[2011/08/11 02:46:39 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/10 07:01:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3010283643-4083402107-944152190-1000Core.job
[2011/08/07 07:47:20 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Extras and Upgrades
[2011/08/02 00:03:36 | 000,002,365 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/08/01 06:13:30 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/07/21 22:54:43 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/07/21 22:47:24 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/07/21 22:46:48 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/07/21 22:45:41 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/07/21 22:44:36 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/07/21 22:43:07 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
========== Files Created - No Company Name ==========
[2011/08/14 19:54:51 | 000,000,512 | ---- | C] () -- C:\MBR081411.dat
[2011/08/14 19:19:55 | 102,303,544 | ---- | C] () -- C:\Users\Harveydf\Desktop\kapersky2_081411.exe
[2011/08/14 00:21:47 | 001,008,092 | ---- | C] () -- C:\Users\Harveydf\Desktop\rkill.scr
[2011/08/12 21:46:11 | 102,027,600 | ---- | C] () -- C:\Users\Harveydf\Desktop\setup_11.0.0.1245.x01_2011_08_13_03_10.exe
[2011/08/12 21:01:51 | 3488,079,872 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/12 18:25:56 | 000,879,028 | ---- | C] () -- C:\Users\Harveydf\Desktop\SecurityCheck.exe
[2011/08/12 14:58:10 | 000,376,189 | ---- | C] () -- C:\Users\Harveydf\Desktop\MiniToolBox.exe
[2011/08/11 23:54:20 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/08/11 23:20:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/08/11 23:20:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/08/11 23:20:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/08/11 23:20:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/08/11 23:20:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/08/11 23:09:57 | 000,000,512 | ---- | C] () -- C:\Users\Harveydf\Desktop\MBR.dat
[2011/08/11 22:51:22 | 001,008,092 | ---- | C] () -- C:\Users\Harveydf\Desktop\rkill.com
[2011/08/11 19:27:49 | 000,302,592 | ---- | C] () -- C:\Users\Harveydf\Desktop\ufhbk1mo.exe
[2011/08/11 19:12:45 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/11 16:03:55 | 000,308,659 | ---- | C] () -- C:\Users\Harveydf\AppData\Local\census.cache
[2011/08/11 16:03:36 | 000,188,735 | ---- | C] () -- C:\Users\Harveydf\AppData\Local\ars.cache
[2011/08/11 15:44:13 | 000,000,036 | ---- | C] () -- C:\Users\Harveydf\AppData\Local\housecall.guid.cache
[2011/08/02 02:43:56 | 000,037,256 | ---- | C] () -- C:\Windows\System32\drivers\EUBKMON.sys
[2011/06/11 20:55:18 | 000,000,022 | -HS- | C] () -- C:\Users\Harveydf\AppData\Roaming\Sys2662.Config.Repository.bin
[2011/05/15 22:26:53 | 000,075,776 | ---- | C] () -- C:\Windows\SendToClip.exe
[2011/04/03 02:25:43 | 000,000,035 | ---- | C] () -- C:\Windows\A5W.INI
[2011/04/03 02:25:12 | 000,000,191 | ---- | C] () -- C:\Windows\PowerReg.dat
[2011/03/23 23:50:21 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011/03/17 20:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/03/01 00:30:06 | 000,233,012 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/01/27 01:12:00 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010/08/15 17:20:55 | 001,055,498 | ---- | C] () -- C:\Windows\System32\libodbc++.dll
[2009/09/18 09:27:46 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/18 09:27:45 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 18:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 18:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/03/28 16:04:34 | 000,008,212 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2009/01/23 01:11:05 | 000,000,001 | ---- | C] () -- C:\Windows\System32\uuddc32.dll
[2008/09/17 06:00:26 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/08/09 23:10:10 | 000,000,000 | ---- | C] () -- C:\Windows\QuickInstall.INI
[2008/04/01 20:03:07 | 000,004,096 | -H-- | C] () -- C:\Users\Harveydf\AppData\Local\keyfile3.drm
[2008/03/24 14:58:28 | 000,148,918 | ---- | C] () -- C:\Windows\hpoins19.dat
[2008/03/24 14:57:59 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2008/02/29 22:46:54 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/02/24 03:31:46 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008/02/20 02:29:25 | 000,000,864 | ---- | C] () -- C:\Users\Harveydf\AppData\Roaming\wklnhst.dat
[2008/02/19 01:02:42 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/02/18 19:29:01 | 000,028,160 | ---- | C] () -- C:\Users\Harveydf\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/14 15:32:52 | 000,012,632 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2007/11/23 20:38:35 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007/11/23 20:04:15 | 000,547,840 | ---- | C] () -- C:\Windows\zHotkey.exe
[2007/11/23 20:04:15 | 000,532,544 | ---- | C] () -- C:\Windows\PIC.dll
[2007/11/23 20:04:15 | 000,036,864 | ---- | C] () -- C:\Windows\ShowWnd.exe
[2007/11/23 20:04:15 | 000,024,576 | ---- | C] () -- C:\Windows\HKNTDLL.dll
[2006/11/22 18:16:18 | 000,003,612 | ---- | C] () -- C:\Windows\ReaderString.ini
[2006/11/21 14:50:06 | 000,000,037 | ---- | C] () -- C:\Windows\sunkist.ini
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 002,383,608 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,708,516 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,144,490 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/06/11 20:01:15 | 000,352,256 | ---- | C] () -- C:\Windows\System32\HotlineClient.exe
========== LOP Check ==========
[2010/05/31 21:20:42 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Aureas85
[2009/04/27 00:25:15 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Avery
[2011/08/04 05:50:15 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/10/07 23:38:08 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\DAEMON Tools
[2010/08/15 17:25:54 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Dev-Cpp
[2011/05/14 15:18:52 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\DisplayTune
[2009/08/21 00:02:36 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Elluminate
[2008/03/06 00:42:43 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\ESRI
[2011/05/15 22:31:27 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\GPSMaster
[2008/08/09 22:41:59 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\HotSync
[2011/08/01 23:53:46 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Image Zone Express
[2011/08/04 09:55:19 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\ImgBurn
[2011/04/10 19:51:04 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\InfraRecorder
[2008/08/09 23:02:28 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Leadertech
[2011/02/08 01:50:00 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Mobipocket
[2008/03/24 15:27:11 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Printer Info Cache
[2008/02/19 00:20:57 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\SampleView
[2008/03/08 01:17:51 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Spare Backup
[2008/02/20 02:29:37 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Template
[2011/04/09 03:43:38 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\uTorrent
[2010/11/07 20:08:07 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\XMind
[2008/02/18 19:23:47 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2010/05/31 21:20:42 | 000,000,000 | ---D | M] -- C:\ProgramData\Aureas85
[2008/02/18 19:23:47 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2008/02/18 19:23:47 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2011/02/05 14:28:47 | 000,000,000 | ---D | M] -- C:\ProgramData\eBcEbKd09128
[2011/05/07 16:11:10 | 000,000,000 | ---D | M] -- C:\ProgramData\ErrorEND
[2008/02/18 19:23:47 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2008/08/09 22:44:13 | 000,000,000 | ---D | M] -- C:\ProgramData\HotSync
[2011/06/13 05:20:44 | 000,000,000 | ---D | M] -- C:\ProgramData\Maxtor
[2008/02/28 02:13:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Napster
[2008/02/24 02:16:59 | 000,000,000 | ---D | M] -- C:\ProgramData\NetZero
[2008/02/18 19:23:47 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2008/02/18 19:23:47 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2008/02/19 01:04:24 | 000,000,000 | ---D | M] -- C:\ProgramData\Viewpoint
[2007/11/23 20:34:00 | 000,000,000 | ---D | M] -- C:\ProgramData\WildTangent
[2011/06/30 23:27:53 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/08/14 23:37:47 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
OTL logfile created on: 8/14/2011 10:31:05 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 87.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): c:\pagefile.sys 4603 4603 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 324.26 Gb Total Space | 241.63 Gb Free Space | 74.52% Space Free | Partition Type: NTFS
Drive H: | 11.03 Gb Total Space | 4.51 Gb Free Space | 40.87% Space Free | Partition Type: NTFS
Drive I: | 24.41 Gb Total Space | 24.33 Gb Free Space | 99.65% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled] -- -- (Apple Mobile Device)
SRV - [2011/07/06 22:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Disabled] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/20 05:04:08 | 000,176,128 | ---- | M] (AMD) [Disabled] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/04/14 17:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2011/04/14 17:01:38 | 000,171,168 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe -- (McShield)
SRV - [2011/04/14 17:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2011/02/16 18:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/10/08 00:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/08/24 00:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/03/31 00:47:31 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [Disabled] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2010/03/10 14:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 14:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 14:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 14:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 14:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/01/09 16:37:48 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/08/29 17:58:47 | 000,181,800 | ---- | M] (WildTangent, Inc.) [Disabled] -- C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Disabled] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand] -- -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand] -- -- (mfeavfk01)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - File not found [Kernel | On_Demand] -- -- (ALSysIO)
DRV - [2011/07/06 22:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/06/13 05:20:42 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2011/06/13 05:20:42 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2011/06/13 05:20:29 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2011/06/13 05:20:26 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot] -- C:\Windows\System32\drivers\tdrpman.sys -- (tdrpman)
DRV - [2011/04/20 05:43:42 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011/04/20 05:43:42 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/04/20 04:22:10 | 000,243,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/04/14 17:01:38 | 000,387,480 | ---- | M] (McAfee, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/04/14 17:01:38 | 000,314,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/04/14 17:01:38 | 000,165,032 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2011/04/14 17:01:38 | 000,153,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/04/14 17:01:38 | 000,095,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/04/14 17:01:38 | 000,084,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/04/14 17:01:38 | 000,064,584 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2011/04/14 17:01:38 | 000,056,064 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/04/14 17:01:38 | 000,052,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/11/09 18:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010/08/12 15:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
DRV - [2009/09/16 13:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 13:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2008/10/07 23:38:21 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2007/08/09 22:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/06/29 13:11:02 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/20 07:28:38 | 000,267,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2007/04/13 13:30:39 | 000,025,136 | ---- | M] (America Online) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atwpkt2.sys -- (ATWPKT2)
DRV - [2007/01/19 13:53:43 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2007/01/19 13:53:42 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2006/11/29 18:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2006/11/02 04:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/11/02 03:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel(R)
DRV - [2006/11/02 03:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006/11/02 03:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2004/04/13 13:54:58 | 000,016,509 | ---- | M] (Palm, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2004/02/04 14:27:56 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tiehdusb.sys -- (TIEHDUSB)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5662
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5662
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\Harveydf_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Harveydf_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/?_bc=1
IE - HKU\Harveydf_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Harveydf_ON_C\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\Harveydf_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\Harveydf_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Harveydf_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Startpage"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://att.my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07076007
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: ilab@intuit:1.7
FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:2.1.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.5.21amo
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {C6F77964-B0B5-4953-A144-93051184EC0C}:1.4
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.5
FF - prefs.js..extensions.enabledItems: {cd617375-6743-4ee8-bac4-fbf10f35729e}:2.8.7
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1:
FF - HKCU\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Users\Harveydf\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/08/10 03:26:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/30 23:24:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/14 17:43:54 | 000,000,000 | ---D | M]
[2008/09/01 01:53:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Extensions
[2011/08/12 17:25:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions
[2011/08/09 00:04:22 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010/06/25 16:16:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/26 21:42:12 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2011/06/30 04:56:44 | 000,000,000 | ---D | M] (FlashResizer) -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions\{C6F77964-B0B5-4953-A144-93051184EC0C}
[2011/08/09 00:18:06 | 000,000,000 | ---D | M] ("RightToClick") -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}
[2011/05/26 21:42:12 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/03/15 22:50:42 | 000,000,000 | ---D | M] ("ThumbStrips") -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions\ilab@intuit
[2008/03/28 13:36:45 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions\moveplayer@movenetworks.com
[2011/03/26 23:56:20 | 000,000,000 | ---D | M] (SkipScreen) -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions\SkipScreen@SkipScreen
[2011/05/26 21:42:14 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\extensions\zotero@chnm.gmu.edu
[2011/08/11 20:33:22 | 000,005,457 | ---- | M] () -- C:\Users\Harveydf\AppData\Roaming\Mozilla\Firefox\Profiles\lppj4d9t.default\searchplugins\startpage.xml
[2011/08/11 08:14:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/30 01:46:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/18 12:45:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/18 23:45:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/19 16:02:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/09 02:17:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2008/09/01 01:53:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2011/08/10 03:26:29 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2007/08/24 07:52:00 | 000,300,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll
[2011/04/14 17:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2011/05/04 07:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/06/30 04:44:11 | 006,271,648 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll
O1 HOSTS File: ([2011/08/11 23:37:45 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110510034359.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Windows\System32\BAE.dll (Gateway Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\Harveydf_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Harveydf_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Harveydf_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 1
O7 - HKU\Harveydf_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O7 - HKU\Harveydf_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\Harveydf_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/08/14 22:44:10 | 127,231,689 | ---- | C] (Igor Pavlov) -- C:\Users\Harveydf\Desktop\OTLPENet.exe
[2011/08/14 19:19:58 | 004,171,239 | ---- | C] (Swearware) -- C:\Users\Harveydf\Desktop\Harvey_081411.exe
[2011/08/14 19:19:58 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Harveydf\Desktop\esetsmartinstaller_enu_081411.exe
[2011/08/12 18:26:25 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Harveydf\Desktop\TFC.exe
[2011/08/12 18:17:43 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/08/12 18:17:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/08/12 14:58:24 | 001,404,720 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Harveydf\Desktop\tdsskiller.exe
[2011/08/12 00:31:16 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Harveydf\Desktop\OTL.exe
[2011/08/11 23:47:26 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/08/11 23:37:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/08/11 23:20:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/08/11 23:20:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/08/11 23:20:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/08/11 23:20:47 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/08/11 23:18:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/11 22:37:20 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Users\Harveydf\Desktop\aswMBR.exe
[2011/08/11 19:41:13 | 000,607,017 | R--- | C] (Swearware) -- C:\Users\Harveydf\Desktop\dds.scr
[2011/08/11 19:12:45 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/08/11 19:12:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/11 19:12:41 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/08/11 19:12:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/11 18:42:24 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Harveydf\Desktop\mbam-setup-1.51.1.1800.exe
[2011/08/11 17:11:36 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/08/10 06:07:58 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/08/10 06:07:57 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/08/10 06:07:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/08/10 06:07:56 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/08/10 06:07:56 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/08/10 06:07:55 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/08/10 04:27:18 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/08/10 04:26:36 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/08/10 04:26:36 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/08/04 09:52:22 | 000,000,000 | ---D | C] -- C:\Users\Harveydf\AppData\Roaming\ImgBurn
[2011/08/04 09:46:53 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2011/08/04 05:50:15 | 000,000,000 | ---D | C] -- C:\Users\Harveydf\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/08/02 02:43:57 | 000,188,808 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Windows\System32\drivers\eudisk.sys
[2011/08/02 02:43:57 | 000,021,896 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Windows\System32\drivers\eufs.sys
[2011/08/02 02:43:57 | 000,015,240 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Windows\System32\drivers\eudskacs.sys
[2011/08/02 02:43:56 | 000,031,112 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Windows\System32\drivers\eubakup.sys
========== Files - Modified Within 30 Days ==========
[2011/08/14 23:37:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/14 23:37:47 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/14 23:37:47 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/14 23:29:37 | 000,708,516 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/14 23:29:37 | 000,144,490 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/14 23:22:10 | 3488,079,872 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/14 22:39:31 | 127,231,689 | ---- | M] (Igor Pavlov) -- C:\Users\Harveydf\Desktop\OTLPENet.exe
[2011/08/14 19:13:02 | 102,303,544 | ---- | M] () -- C:\Users\Harveydf\Desktop\kapersky2_081411.exe
[2011/08/14 18:44:13 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Harveydf\Desktop\esetsmartinstaller_enu_081411.exe
[2011/08/14 18:12:26 | 004,171,239 | ---- | M] (Swearware) -- C:\Users\Harveydf\Desktop\Harvey_081411.exe
[2011/08/14 00:20:23 | 001,008,092 | ---- | M] () -- C:\Users\Harveydf\Desktop\rkill.scr
[2011/08/12 21:42:24 | 102,027,600 | ---- | M] () -- C:\Users\Harveydf\Desktop\setup_11.0.0.1245.x01_2011_08_13_03_10.exe
[2011/08/12 18:26:35 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Harveydf\Desktop\TFC.exe
[2011/08/12 18:26:00 | 000,879,028 | ---- | M] () -- C:\Users\Harveydf\Desktop\SecurityCheck.exe
[2011/08/12 18:17:43 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2011/08/12 18:17:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/08/12 14:33:40 | 001,404,720 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Harveydf\Desktop\tdsskiller.exe
[2011/08/12 14:31:52 | 000,376,189 | ---- | M] () -- C:\Users\Harveydf\Desktop\MiniToolBox.exe
[2011/08/12 00:31:17 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Harveydf\Desktop\OTL.exe
[2011/08/11 23:54:20 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/08/11 23:37:45 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/08/11 23:09:57 | 000,000,512 | ---- | M] () -- C:\MBR081411.dat
[2011/08/11 23:09:57 | 000,000,512 | ---- | M] () -- C:\Users\Harveydf\Desktop\MBR.dat
[2011/08/11 22:51:28 | 001,008,092 | ---- | M] () -- C:\Users\Harveydf\Desktop\rkill.com
[2011/08/11 22:37:44 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Users\Harveydf\Desktop\aswMBR.exe
[2011/08/11 19:41:16 | 000,607,017 | R--- | M] (Swearware) -- C:\Users\Harveydf\Desktop\dds.scr
[2011/08/11 19:27:49 | 000,302,592 | ---- | M] () -- C:\Users\Harveydf\Desktop\ufhbk1mo.exe
[2011/08/11 19:12:45 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/11 19:12:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/11 18:44:08 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Harveydf\Desktop\mbam-setup-1.51.1.1800.exe
[2011/08/11 16:03:55 | 000,308,659 | ---- | M] () -- C:\Users\Harveydf\AppData\Local\census.cache
[2011/08/11 16:03:36 | 000,188,735 | ---- | M] () -- C:\Users\Harveydf\AppData\Local\ars.cache
[2011/08/11 15:44:13 | 000,000,036 | ---- | M] () -- C:\Users\Harveydf\AppData\Local\housecall.guid.cache
[2011/08/11 06:23:30 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/11 03:11:18 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3010283643-4083402107-944152190-1000UA.job
[2011/08/11 02:46:39 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/10 07:01:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3010283643-4083402107-944152190-1000Core.job
[2011/08/07 07:47:20 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Extras and Upgrades
[2011/08/02 00:03:36 | 000,002,365 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/08/01 06:13:30 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/07/21 22:54:43 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/07/21 22:47:24 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/07/21 22:46:48 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/07/21 22:45:41 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/07/21 22:44:36 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/07/21 22:43:07 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
========== Files Created - No Company Name ==========
[2011/08/14 19:54:51 | 000,000,512 | ---- | C] () -- C:\MBR081411.dat
[2011/08/14 19:19:55 | 102,303,544 | ---- | C] () -- C:\Users\Harveydf\Desktop\kapersky2_081411.exe
[2011/08/14 00:21:47 | 001,008,092 | ---- | C] () -- C:\Users\Harveydf\Desktop\rkill.scr
[2011/08/12 21:46:11 | 102,027,600 | ---- | C] () -- C:\Users\Harveydf\Desktop\setup_11.0.0.1245.x01_2011_08_13_03_10.exe
[2011/08/12 21:01:51 | 3488,079,872 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/12 18:25:56 | 000,879,028 | ---- | C] () -- C:\Users\Harveydf\Desktop\SecurityCheck.exe
[2011/08/12 14:58:10 | 000,376,189 | ---- | C] () -- C:\Users\Harveydf\Desktop\MiniToolBox.exe
[2011/08/11 23:54:20 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/08/11 23:20:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/08/11 23:20:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/08/11 23:20:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/08/11 23:20:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/08/11 23:20:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/08/11 23:09:57 | 000,000,512 | ---- | C] () -- C:\Users\Harveydf\Desktop\MBR.dat
[2011/08/11 22:51:22 | 001,008,092 | ---- | C] () -- C:\Users\Harveydf\Desktop\rkill.com
[2011/08/11 19:27:49 | 000,302,592 | ---- | C] () -- C:\Users\Harveydf\Desktop\ufhbk1mo.exe
[2011/08/11 19:12:45 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/11 16:03:55 | 000,308,659 | ---- | C] () -- C:\Users\Harveydf\AppData\Local\census.cache
[2011/08/11 16:03:36 | 000,188,735 | ---- | C] () -- C:\Users\Harveydf\AppData\Local\ars.cache
[2011/08/11 15:44:13 | 000,000,036 | ---- | C] () -- C:\Users\Harveydf\AppData\Local\housecall.guid.cache
[2011/08/02 02:43:56 | 000,037,256 | ---- | C] () -- C:\Windows\System32\drivers\EUBKMON.sys
[2011/06/11 20:55:18 | 000,000,022 | -HS- | C] () -- C:\Users\Harveydf\AppData\Roaming\Sys2662.Config.Repository.bin
[2011/05/15 22:26:53 | 000,075,776 | ---- | C] () -- C:\Windows\SendToClip.exe
[2011/04/03 02:25:43 | 000,000,035 | ---- | C] () -- C:\Windows\A5W.INI
[2011/04/03 02:25:12 | 000,000,191 | ---- | C] () -- C:\Windows\PowerReg.dat
[2011/03/23 23:50:21 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011/03/17 20:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/03/01 00:30:06 | 000,233,012 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/01/27 01:12:00 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010/08/15 17:20:55 | 001,055,498 | ---- | C] () -- C:\Windows\System32\libodbc++.dll
[2009/09/18 09:27:46 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/18 09:27:45 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 18:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 18:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/03/28 16:04:34 | 000,008,212 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2009/01/23 01:11:05 | 000,000,001 | ---- | C] () -- C:\Windows\System32\uuddc32.dll
[2008/09/17 06:00:26 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/08/09 23:10:10 | 000,000,000 | ---- | C] () -- C:\Windows\QuickInstall.INI
[2008/04/01 20:03:07 | 000,004,096 | -H-- | C] () -- C:\Users\Harveydf\AppData\Local\keyfile3.drm
[2008/03/24 14:58:28 | 000,148,918 | ---- | C] () -- C:\Windows\hpoins19.dat
[2008/03/24 14:57:59 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2008/02/29 22:46:54 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/02/24 03:31:46 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008/02/20 02:29:25 | 000,000,864 | ---- | C] () -- C:\Users\Harveydf\AppData\Roaming\wklnhst.dat
[2008/02/19 01:02:42 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/02/18 19:29:01 | 000,028,160 | ---- | C] () -- C:\Users\Harveydf\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/14 15:32:52 | 000,012,632 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2007/11/23 20:38:35 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007/11/23 20:04:15 | 000,547,840 | ---- | C] () -- C:\Windows\zHotkey.exe
[2007/11/23 20:04:15 | 000,532,544 | ---- | C] () -- C:\Windows\PIC.dll
[2007/11/23 20:04:15 | 000,036,864 | ---- | C] () -- C:\Windows\ShowWnd.exe
[2007/11/23 20:04:15 | 000,024,576 | ---- | C] () -- C:\Windows\HKNTDLL.dll
[2006/11/22 18:16:18 | 000,003,612 | ---- | C] () -- C:\Windows\ReaderString.ini
[2006/11/21 14:50:06 | 000,000,037 | ---- | C] () -- C:\Windows\sunkist.ini
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 002,383,608 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,708,516 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,144,490 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/06/11 20:01:15 | 000,352,256 | ---- | C] () -- C:\Windows\System32\HotlineClient.exe
========== LOP Check ==========
[2010/05/31 21:20:42 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Aureas85
[2009/04/27 00:25:15 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Avery
[2011/08/04 05:50:15 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/10/07 23:38:08 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\DAEMON Tools
[2010/08/15 17:25:54 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Dev-Cpp
[2011/05/14 15:18:52 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\DisplayTune
[2009/08/21 00:02:36 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Elluminate
[2008/03/06 00:42:43 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\ESRI
[2011/05/15 22:31:27 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\GPSMaster
[2008/08/09 22:41:59 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\HotSync
[2011/08/01 23:53:46 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Image Zone Express
[2011/08/04 09:55:19 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\ImgBurn
[2011/04/10 19:51:04 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\InfraRecorder
[2008/08/09 23:02:28 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Leadertech
[2011/02/08 01:50:00 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Mobipocket
[2008/03/24 15:27:11 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Printer Info Cache
[2008/02/19 00:20:57 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\SampleView
[2008/03/08 01:17:51 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Spare Backup
[2008/02/20 02:29:37 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\Template
[2011/04/09 03:43:38 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\uTorrent
[2010/11/07 20:08:07 | 000,000,000 | ---D | M] -- C:\Users\Harveydf\AppData\Roaming\XMind
[2008/02/18 19:23:47 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2010/05/31 21:20:42 | 000,000,000 | ---D | M] -- C:\ProgramData\Aureas85
[2008/02/18 19:23:47 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2008/02/18 19:23:47 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2011/02/05 14:28:47 | 000,000,000 | ---D | M] -- C:\ProgramData\eBcEbKd09128
[2011/05/07 16:11:10 | 000,000,000 | ---D | M] -- C:\ProgramData\ErrorEND
[2008/02/18 19:23:47 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2008/08/09 22:44:13 | 000,000,000 | ---D | M] -- C:\ProgramData\HotSync
[2011/06/13 05:20:44 | 000,000,000 | ---D | M] -- C:\ProgramData\Maxtor
[2008/02/28 02:13:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Napster
[2008/02/24 02:16:59 | 000,000,000 | ---D | M] -- C:\ProgramData\NetZero
[2008/02/18 19:23:47 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2008/02/18 19:23:47 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2008/02/19 01:04:24 | 000,000,000 | ---D | M] -- C:\ProgramData\Viewpoint
[2007/11/23 20:34:00 | 000,000,000 | ---D | M] -- C:\ProgramData\WildTangent
[2011/06/30 23:27:53 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/08/14 23:37:47 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
Windows has updates, but won't configure.McAfees says its on, but when you open real time scanning its off, and won't turn on. I can't open any browser, but browser short cuts are good. Eset is scanning in normal mode, however it is at 32 percent and has been scanning for over 2 hours. It has found 2 threats, win32/hiderun.application and win32/toolbar.zugo.application.
Eset finished, with no other threats found. I have gone over my tracks and found Gmer was not run correctly. Maybe this Helps.
2011/08/15 14:33:17.0592 1236 TDSS rootkit removing tool 2.5.15.0 Aug 11 2011 16:32:13
2011/08/15 14:33:19.0199 1236 ================================================================================
2011/08/15 14:33:19.0199 1236 SystemInfo:
2011/08/15 14:33:19.0199 1236
2011/08/15 14:33:19.0199 1236 OS Version: 6.0.6002 ServicePack: 2.0
2011/08/15 14:33:19.0199 1236 Product type: Workstation
2011/08/15 14:33:19.0199 1236 ComputerName: HARVEYDF-PC
2011/08/15 14:33:19.0199 1236 UserName: Harveydf
2011/08/15 14:33:19.0199 1236 Windows directory: C:\Windows
2011/08/15 14:33:19.0199 1236 System windows directory: C:\Windows
2011/08/15 14:33:19.0199 1236 Processor architecture: Intel x86
2011/08/15 14:33:19.0199 1236 Number of processors: 4
2011/08/15 14:33:19.0199 1236 Page size: 0x1000
2011/08/15 14:33:19.0199 1236 Boot type: Normal boot
2011/08/15 14:33:19.0199 1236 ================================================================================
2011/08/15 14:33:19.0761 1236 Initialize success
2011/08/15 14:33:23.0723 1724 ================================================================================
2011/08/15 14:33:23.0723 1724 Scan started
2011/08/15 14:33:23.0723 1724 Mode: Manual;
2011/08/15 14:33:23.0723 1724 ================================================================================
2011/08/15 14:33:24.0035 1724 6594252drv (d45d320418ad6c36cefb59c34540257a) C:\Windows\system32\DRIVERS\6594252drv.sys
2011/08/15 14:33:24.0207 1724 ac97intc (4b56caafed0b0b996341d74ce0e76565) C:\Windows\system32\drivers\ac97intc.sys
2011/08/15 14:33:24.0254 1724 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/08/15 14:33:24.0300 1724 adfs (73685e15ef8b0bd9c30f1af413f13d49) C:\Windows\system32\drivers\adfs.sys
2011/08/15 14:33:24.0441 1724 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/08/15 14:33:24.0488 1724 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/08/15 14:33:24.0534 1724 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/08/15 14:33:24.0581 1724 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/08/15 14:33:24.0628 1724 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/08/15 14:33:25.0954 1724 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/08/15 14:33:25.0985 1724 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/08/15 14:33:26.0032 1724 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/08/15 14:33:26.0172 1724 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/08/15 14:33:26.0204 1724 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/08/15 14:33:26.0235 1724 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/08/15 14:33:26.0250 1724 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/08/15 14:33:26.0453 1724 amdkmdag (f89643a2ca001b1162061e306f8bf267) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/08/15 14:33:26.0718 1724 amdkmdap (fb68e1b9cec598f0f69503f3aebb45dd) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/08/15 14:33:26.0906 1724 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/08/15 14:33:26.0937 1724 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/08/15 14:33:26.0999 1724 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/15 14:33:27.0030 1724 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/08/15 14:33:27.0218 1724 atikmdag (f89643a2ca001b1162061e306f8bf267) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/08/15 14:33:27.0327 1724 ATWPKT2 (0d74d0aa2eccb5e2019b5e10c38afd19) C:\Windows\system32\drivers\ATWPKT2.SYS
2011/08/15 14:33:27.0436 1724 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
2011/08/15 14:33:27.0467 1724 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/08/15 14:33:27.0545 1724 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/15 14:33:27.0623 1724 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/08/15 14:33:27.0639 1724 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/08/15 14:33:27.0686 1724 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/08/15 14:33:27.0717 1724 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/08/15 14:33:27.0748 1724 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/08/15 14:33:27.0764 1724 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/08/15 14:33:27.0795 1724 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/08/15 14:33:27.0857 1724 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/15 14:33:27.0904 1724 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/15 14:33:27.0951 1724 cfwids (7fd604cd7a7a0ff8975af61bdf64c577) C:\Windows\system32\drivers\cfwids.sys
2011/08/15 14:33:28.0029 1724 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/08/15 14:33:28.0076 1724 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/08/15 14:33:28.0107 1724 CmBatt (0fed59edb4a83ff17f1778827b88ab1a) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/15 14:33:28.0138 1724 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/08/15 14:33:28.0169 1724 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/15 14:33:28.0200 1724 cpuz135 (c2eb4539a4f6ab6edd01bdc191619975) C:\Windows\system32\drivers\cpuz135_x32.sys
2011/08/15 14:33:28.0325 1724 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/08/15 14:33:28.0356 1724 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/08/15 14:33:28.0403 1724 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/08/15 14:33:28.0497 1724 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/08/15 14:33:28.0544 1724 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/08/15 14:33:28.0590 1724 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/08/15 14:33:28.0637 1724 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/08/15 14:33:28.0668 1724 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/08/15 14:33:28.0731 1724 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/15 14:33:28.0762 1724 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/08/15 14:33:28.0793 1724 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/08/15 14:33:28.0856 1724 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/08/15 14:33:28.0934 1724 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/08/15 14:33:28.0965 1724 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/08/15 14:33:28.0996 1724 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/15 14:33:29.0043 1724 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/08/15 14:33:29.0074 1724 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/08/15 14:33:29.0105 1724 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/15 14:33:29.0136 1724 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/08/15 14:33:29.0183 1724 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/15 14:33:29.0214 1724 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/08/15 14:33:29.0246 1724 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/08/15 14:33:29.0370 1724 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/08/15 14:33:29.0417 1724 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/15 14:33:29.0448 1724 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/08/15 14:33:29.0480 1724 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/08/15 14:33:29.0526 1724 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/15 14:33:29.0573 1724 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/08/15 14:33:29.0636 1724 HSF_DPV (1882827f41dee51c70e24c567c35bfb5) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/08/15 14:33:29.0792 1724 HSXHWBS2 (5f60f0ad32d43b9ab9ac9373117d8e54) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
2011/08/15 14:33:29.0948 1724 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/08/15 14:33:29.0994 1724 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/08/15 14:33:30.0026 1724 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/15 14:33:30.0088 1724 ialm (8318e04a6455ced1020bcc5039b62cfa) C:\Windows\system32\DRIVERS\ialmnt5.sys
2011/08/15 14:33:30.0166 1724 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/08/15 14:33:30.0213 1724 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/08/15 14:33:30.0306 1724 IntcAzAudAddService (4e38a2883df3ba382a59132b3e7d709e) C:\Windows\system32\drivers\RTKVHDA.sys
2011/08/15 14:33:30.0416 1724 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/08/15 14:33:30.0447 1724 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/15 14:33:30.0494 1724 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/15 14:33:30.0556 1724 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/08/15 14:33:30.0618 1724 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/08/15 14:33:30.0665 1724 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/08/15 14:33:30.0712 1724 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/08/15 14:33:30.0759 1724 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/15 14:33:30.0790 1724 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/08/15 14:33:30.0821 1724 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/08/15 14:33:30.0852 1724 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/15 14:33:30.0884 1724 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/15 14:33:30.0930 1724 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/15 14:33:30.0993 1724 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/15 14:33:31.0040 1724 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/08/15 14:33:31.0071 1724 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/08/15 14:33:31.0102 1724 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/08/15 14:33:31.0149 1724 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/08/15 14:33:31.0211 1724 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\Windows\system32\drivers\mbam.sys
2011/08/15 14:33:31.0383 1724 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/08/15 14:33:31.0414 1724 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/08/15 14:33:31.0461 1724 mfeapfk (113445fc6a858ef453cded5b0a0df665) C:\Windows\system32\drivers\mfeapfk.sys
2011/08/15 14:33:31.0492 1724 mfeavfk (dbf6e1b388d5c070d438c61adb990c30) C:\Windows\system32\drivers\mfeavfk.sys
2011/08/15 14:33:31.0601 1724 mfebopk (a528b15e330edb83ea649be318d841d5) C:\Windows\system32\drivers\mfebopk.sys
2011/08/15 14:33:31.0648 1724 mfefirek (c7da1b8003c89acedaa13768f7a1c622) C:\Windows\system32\drivers\mfefirek.sys
2011/08/15 14:33:31.0742 1724 mfehidk (5e9679bb2fc4fa38ec8ca906c47acd46) C:\Windows\system32\drivers\mfehidk.sys
2011/08/15 14:33:31.0851 1724 mfenlfk (3a1aa28066785449da570462e0532d0c) C:\Windows\system32\DRIVERS\mfenlfk.sys
2011/08/15 14:33:31.0944 1724 mferkdet (ce1711f7c3f72f6762abd241dcfd5ee1) C:\Windows\system32\drivers\mferkdet.sys
2011/08/15 14:33:32.0054 1724 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\Windows\system32\drivers\mferkdk.sys
2011/08/15 14:33:32.0163 1724 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\Windows\system32\drivers\mfesmfk.sys
2011/08/15 14:33:32.0272 1724 mfewfpk (b2baac6bbedda3e26e82db13fa0e5bee) C:\Windows\system32\drivers\mfewfpk.sys
2011/08/15 14:33:32.0366 1724 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/08/15 14:33:32.0397 1724 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/15 14:33:32.0428 1724 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/15 14:33:32.0459 1724 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/15 14:33:32.0506 1724 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/08/15 14:33:32.0537 1724 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/08/15 14:33:32.0584 1724 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/15 14:33:32.0615 1724 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/08/15 14:33:32.0693 1724 MREMP50 (80b2ec735495823ae5771a5f603e73bd) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2011/08/15 14:33:32.0771 1724 MRESP50 (37d7c22f7e26da90e2d2d260e5d27846) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2011/08/15 14:33:32.0896 1724 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/08/15 14:33:32.0927 1724 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/15 14:33:33.0068 1724 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/15 14:33:33.0208 1724 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/15 14:33:33.0333 1724 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/08/15 14:33:33.0364 1724 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/08/15 14:33:33.0411 1724 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/08/15 14:33:33.0442 1724 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/08/15 14:33:33.0489 1724 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/15 14:33:33.0520 1724 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/15 14:33:33.0536 1724 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/08/15 14:33:33.0582 1724 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/08/15 14:33:33.0614 1724 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/15 14:33:33.0629 1724 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/08/15 14:33:33.0645 1724 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/08/15 14:33:33.0692 1724 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/15 14:33:33.0738 1724 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/08/15 14:33:33.0770 1724 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/15 14:33:33.0816 1724 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/15 14:33:33.0848 1724 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/15 14:33:33.0894 1724 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/08/15 14:33:33.0926 1724 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/15 14:33:33.0957 1724 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/15 14:33:34.0097 1724 NETw2v32 (6e9edc1020b319e7676387b8cdf2398c) C:\Windows\system32\DRIVERS\NETw2v32.sys
2011/08/15 14:33:34.0206 1724 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/08/15 14:33:34.0253 1724 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/08/15 14:33:34.0284 1724 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/15 14:33:34.0362 1724 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/08/15 14:33:34.0409 1724 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/08/15 14:33:34.0440 1724 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/08/15 14:33:34.0487 1724 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys
2011/08/15 14:33:34.0534 1724 NVNET (1efec38a852ab35883bfff3427b92b3f) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/08/15 14:33:34.0674 1724 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/08/15 14:33:34.0721 1724 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/08/15 14:33:34.0752 1724 nvstor32 (dc5f166422beebf195e3e4bb8ab4ee22) C:\Windows\system32\DRIVERS\nvstor32.sys
2011/08/15 14:33:34.0784 1724 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/08/15 14:33:34.0846 1724 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/08/15 14:33:34.0908 1724 PalmUSBD (803cf09c795290825607505d37819135) C:\Windows\system32\drivers\PalmUSBD.sys
2011/08/15 14:33:34.0971 1724 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/08/15 14:33:35.0018 1724 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/08/15 14:33:35.0049 1724 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/08/15 14:33:35.0080 1724 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/08/15 14:33:35.0111 1724 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/08/15 14:33:35.0142 1724 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/08/15 14:33:35.0189 1724 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/08/15 14:33:35.0298 1724 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/15 14:33:35.0345 1724 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
2011/08/15 14:33:35.0392 1724 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/15 14:33:35.0439 1724 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/08/15 14:33:35.0501 1724 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/08/15 14:33:35.0548 1724 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/15 14:33:35.0579 1724 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/15 14:33:35.0626 1724 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/15 14:33:35.0657 1724 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/15 14:33:35.0688 1724 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/15 14:33:35.0704 1724 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/15 14:33:35.0751 1724 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/15 14:33:35.0782 1724 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/08/15 14:33:35.0829 1724 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/15 14:33:35.0860 1724 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/08/15 14:33:35.0922 1724 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/15 14:33:35.0954 1724 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/08/15 14:33:36.0000 1724 sdbus (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys
2011/08/15 14:33:36.0047 1724 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/08/15 14:33:36.0078 1724 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/08/15 14:33:36.0110 1724 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/08/15 14:33:36.0156 1724 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/08/15 14:33:36.0188 1724 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/08/15 14:33:36.0219 1724 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/15 14:33:36.0250 1724 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/15 14:33:36.0266 1724 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/08/15 14:33:36.0312 1724 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/08/15 14:33:36.0344 1724 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/08/15 14:33:36.0375 1724 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/08/15 14:33:36.0406 1724 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/08/15 14:33:36.0468 1724 snapman (c3bf55189aa92b8f919108ef9e4accae) C:\Windows\system32\DRIVERS\snapman.sys
2011/08/15 14:33:36.0562 1724 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/08/15 14:33:36.0624 1724 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys
2011/08/15 14:33:36.0624 1724 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
2011/08/15 14:33:36.0624 1724 sptd - detected LockedFile.Multi.Generic (1)
2011/08/15 14:33:36.0671 1724 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/08/15 14:33:36.0812 1724 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/15 14:33:36.0968 1724 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/15 14:33:37.0092 1724 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/15 14:33:37.0124 1724 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/08/15 14:33:37.0155 1724 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/08/15 14:33:37.0170 1724 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/08/15 14:33:37.0248 1724 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
2011/08/15 14:33:37.0373 1724 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/15 14:33:37.0404 1724 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/15 14:33:37.0451 1724 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/08/15 14:33:37.0498 1724 tdrpman (3b7b6779eb231f731bba8f9fe67aadfc) C:\Windows\system32\DRIVERS\tdrpman.sys
2011/08/15 14:33:37.0592 1724 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/08/15 14:33:37.0638 1724 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/15 14:33:37.0685 1724 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/15 14:33:37.0748 1724 TIEHDUSB (a1124ebc672aa3ae1b327096c1dcc346) C:\Windows\system32\drivers\tiehdusb.sys
2011/08/15 14:33:37.0826 1724 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\Windows\system32\DRIVERS\tifsfilt.sys
2011/08/15 14:33:37.0919 1724 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\Windows\system32\DRIVERS\timntr.sys
2011/08/15 14:33:38.0028 1724 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/15 14:33:38.0075 1724 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/08/15 14:33:38.0122 1724 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/15 14:33:38.0153 1724 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/08/15 14:33:38.0200 1724 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/15 14:33:38.0247 1724 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/15 14:33:38.0278 1724 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/08/15 14:33:38.0309 1724 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/08/15 14:33:38.0356 1724 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/08/15 14:33:38.0387 1724 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/15 14:33:38.0450 1724 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/15 14:33:38.0481 1724 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/08/15 14:33:38.0528 1724 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/15 14:33:38.0559 1724 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/15 14:33:38.0590 1724 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/08/15 14:33:38.0637 1724 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/15 14:33:38.0668 1724 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/08/15 14:33:38.0699 1724 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/15 14:33:38.0730 1724 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/15 14:33:38.0777 1724 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/15 14:33:38.0808 1724 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/08/15 14:33:38.0840 1724 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/08/15 14:33:38.0871 1724 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/08/15 14:33:38.0902 1724 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/08/15 14:33:38.0933 1724 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/08/15 14:33:38.0996 1724 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/08/15 14:33:39.0042 1724 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/08/15 14:33:39.0074 1724 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/08/15 14:33:39.0120 1724 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/08/15 14:33:39.0152 1724 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/15 14:33:39.0183 1724 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/15 14:33:39.0214 1724 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys
2011/08/15 14:33:39.0261 1724 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/08/15 14:33:39.0308 1724 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/15 14:33:39.0401 1724 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
2011/08/15 14:33:39.0464 1724 winachsf (e096ffb754f1e45ae1bddac1275ae2c5) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/08/15 14:33:39.0666 1724 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/08/15 14:33:39.0744 1724 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/15 14:33:39.0807 1724 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/15 14:33:39.0854 1724 XAudio (e3fcf2870b5d7979b3bf10e98a71c847) C:\Windows\system32\DRIVERS\xaudio.sys
2011/08/15 14:33:39.0932 1724 MBR (0x1B8) (ff1761ef7140665743a6d636f95dfd81) \Device\Harddisk0\DR0
2011/08/15 14:33:39.0947 1724 Boot (0x1200) (10ff9c14cd7c653f910b683224932980) \Device\Harddisk0\DR0\Partition0
2011/08/15 14:33:39.0978 1724 Boot (0x1200) (c1dc6e02b93052c89b63df3fa485b757) \Device\Harddisk0\DR0\Partition1
2011/08/15 14:33:39.0994 1724 Boot (0x1200) (be874b919c17bd6da2c09a168ca44d65) \Device\Harddisk0\DR0\Partition2
2011/08/15 14:33:40.0010 1724 ================================================================================
2011/08/15 14:33:40.0010 1724 Scan finished
2011/08/15 14:33:40.0010 1724 ================================================================================
2011/08/15 14:33:40.0010 2400 Detected object count: 1
2011/08/15 14:33:40.0010 2400 Actual detected object count: 1
2011/08/15 14:33:50.0196 2400 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/08/15 14:33:17.0592 1236 TDSS rootkit removing tool 2.5.15.0 Aug 11 2011 16:32:13
2011/08/15 14:33:19.0199 1236 ================================================================================
2011/08/15 14:33:19.0199 1236 SystemInfo:
2011/08/15 14:33:19.0199 1236
2011/08/15 14:33:19.0199 1236 OS Version: 6.0.6002 ServicePack: 2.0
2011/08/15 14:33:19.0199 1236 Product type: Workstation
2011/08/15 14:33:19.0199 1236 ComputerName: HARVEYDF-PC
2011/08/15 14:33:19.0199 1236 UserName: Harveydf
2011/08/15 14:33:19.0199 1236 Windows directory: C:\Windows
2011/08/15 14:33:19.0199 1236 System windows directory: C:\Windows
2011/08/15 14:33:19.0199 1236 Processor architecture: Intel x86
2011/08/15 14:33:19.0199 1236 Number of processors: 4
2011/08/15 14:33:19.0199 1236 Page size: 0x1000
2011/08/15 14:33:19.0199 1236 Boot type: Normal boot
2011/08/15 14:33:19.0199 1236 ================================================================================
2011/08/15 14:33:19.0761 1236 Initialize success
2011/08/15 14:33:23.0723 1724 ================================================================================
2011/08/15 14:33:23.0723 1724 Scan started
2011/08/15 14:33:23.0723 1724 Mode: Manual;
2011/08/15 14:33:23.0723 1724 ================================================================================
2011/08/15 14:33:24.0035 1724 6594252drv (d45d320418ad6c36cefb59c34540257a) C:\Windows\system32\DRIVERS\6594252drv.sys
2011/08/15 14:33:24.0207 1724 ac97intc (4b56caafed0b0b996341d74ce0e76565) C:\Windows\system32\drivers\ac97intc.sys
2011/08/15 14:33:24.0254 1724 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/08/15 14:33:24.0300 1724 adfs (73685e15ef8b0bd9c30f1af413f13d49) C:\Windows\system32\drivers\adfs.sys
2011/08/15 14:33:24.0441 1724 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/08/15 14:33:24.0488 1724 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/08/15 14:33:24.0534 1724 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/08/15 14:33:24.0581 1724 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/08/15 14:33:24.0628 1724 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/08/15 14:33:25.0954 1724 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/08/15 14:33:25.0985 1724 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/08/15 14:33:26.0032 1724 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/08/15 14:33:26.0172 1724 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/08/15 14:33:26.0204 1724 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/08/15 14:33:26.0235 1724 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/08/15 14:33:26.0250 1724 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/08/15 14:33:26.0453 1724 amdkmdag (f89643a2ca001b1162061e306f8bf267) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/08/15 14:33:26.0718 1724 amdkmdap (fb68e1b9cec598f0f69503f3aebb45dd) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/08/15 14:33:26.0906 1724 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/08/15 14:33:26.0937 1724 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/08/15 14:33:26.0999 1724 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/15 14:33:27.0030 1724 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/08/15 14:33:27.0218 1724 atikmdag (f89643a2ca001b1162061e306f8bf267) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/08/15 14:33:27.0327 1724 ATWPKT2 (0d74d0aa2eccb5e2019b5e10c38afd19) C:\Windows\system32\drivers\ATWPKT2.SYS
2011/08/15 14:33:27.0436 1724 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
2011/08/15 14:33:27.0467 1724 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/08/15 14:33:27.0545 1724 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/15 14:33:27.0623 1724 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/08/15 14:33:27.0639 1724 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/08/15 14:33:27.0686 1724 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/08/15 14:33:27.0717 1724 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/08/15 14:33:27.0748 1724 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/08/15 14:33:27.0764 1724 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/08/15 14:33:27.0795 1724 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/08/15 14:33:27.0857 1724 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/15 14:33:27.0904 1724 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/15 14:33:27.0951 1724 cfwids (7fd604cd7a7a0ff8975af61bdf64c577) C:\Windows\system32\drivers\cfwids.sys
2011/08/15 14:33:28.0029 1724 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/08/15 14:33:28.0076 1724 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/08/15 14:33:28.0107 1724 CmBatt (0fed59edb4a83ff17f1778827b88ab1a) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/15 14:33:28.0138 1724 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/08/15 14:33:28.0169 1724 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/15 14:33:28.0200 1724 cpuz135 (c2eb4539a4f6ab6edd01bdc191619975) C:\Windows\system32\drivers\cpuz135_x32.sys
2011/08/15 14:33:28.0325 1724 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/08/15 14:33:28.0356 1724 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/08/15 14:33:28.0403 1724 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/08/15 14:33:28.0497 1724 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/08/15 14:33:28.0544 1724 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/08/15 14:33:28.0590 1724 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/08/15 14:33:28.0637 1724 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/08/15 14:33:28.0668 1724 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/08/15 14:33:28.0731 1724 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/15 14:33:28.0762 1724 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/08/15 14:33:28.0793 1724 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/08/15 14:33:28.0856 1724 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/08/15 14:33:28.0934 1724 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/08/15 14:33:28.0965 1724 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/08/15 14:33:28.0996 1724 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/15 14:33:29.0043 1724 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/08/15 14:33:29.0074 1724 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/08/15 14:33:29.0105 1724 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/15 14:33:29.0136 1724 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/08/15 14:33:29.0183 1724 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/15 14:33:29.0214 1724 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/08/15 14:33:29.0246 1724 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/08/15 14:33:29.0370 1724 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/08/15 14:33:29.0417 1724 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/15 14:33:29.0448 1724 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/08/15 14:33:29.0480 1724 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/08/15 14:33:29.0526 1724 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/15 14:33:29.0573 1724 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/08/15 14:33:29.0636 1724 HSF_DPV (1882827f41dee51c70e24c567c35bfb5) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/08/15 14:33:29.0792 1724 HSXHWBS2 (5f60f0ad32d43b9ab9ac9373117d8e54) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
2011/08/15 14:33:29.0948 1724 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/08/15 14:33:29.0994 1724 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/08/15 14:33:30.0026 1724 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/15 14:33:30.0088 1724 ialm (8318e04a6455ced1020bcc5039b62cfa) C:\Windows\system32\DRIVERS\ialmnt5.sys
2011/08/15 14:33:30.0166 1724 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/08/15 14:33:30.0213 1724 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/08/15 14:33:30.0306 1724 IntcAzAudAddService (4e38a2883df3ba382a59132b3e7d709e) C:\Windows\system32\drivers\RTKVHDA.sys
2011/08/15 14:33:30.0416 1724 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/08/15 14:33:30.0447 1724 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/15 14:33:30.0494 1724 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/15 14:33:30.0556 1724 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/08/15 14:33:30.0618 1724 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/08/15 14:33:30.0665 1724 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/08/15 14:33:30.0712 1724 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/08/15 14:33:30.0759 1724 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/15 14:33:30.0790 1724 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/08/15 14:33:30.0821 1724 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/08/15 14:33:30.0852 1724 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/15 14:33:30.0884 1724 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/15 14:33:30.0930 1724 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/15 14:33:30.0993 1724 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/15 14:33:31.0040 1724 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/08/15 14:33:31.0071 1724 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/08/15 14:33:31.0102 1724 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/08/15 14:33:31.0149 1724 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/08/15 14:33:31.0211 1724 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\Windows\system32\drivers\mbam.sys
2011/08/15 14:33:31.0383 1724 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/08/15 14:33:31.0414 1724 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/08/15 14:33:31.0461 1724 mfeapfk (113445fc6a858ef453cded5b0a0df665) C:\Windows\system32\drivers\mfeapfk.sys
2011/08/15 14:33:31.0492 1724 mfeavfk (dbf6e1b388d5c070d438c61adb990c30) C:\Windows\system32\drivers\mfeavfk.sys
2011/08/15 14:33:31.0601 1724 mfebopk (a528b15e330edb83ea649be318d841d5) C:\Windows\system32\drivers\mfebopk.sys
2011/08/15 14:33:31.0648 1724 mfefirek (c7da1b8003c89acedaa13768f7a1c622) C:\Windows\system32\drivers\mfefirek.sys
2011/08/15 14:33:31.0742 1724 mfehidk (5e9679bb2fc4fa38ec8ca906c47acd46) C:\Windows\system32\drivers\mfehidk.sys
2011/08/15 14:33:31.0851 1724 mfenlfk (3a1aa28066785449da570462e0532d0c) C:\Windows\system32\DRIVERS\mfenlfk.sys
2011/08/15 14:33:31.0944 1724 mferkdet (ce1711f7c3f72f6762abd241dcfd5ee1) C:\Windows\system32\drivers\mferkdet.sys
2011/08/15 14:33:32.0054 1724 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\Windows\system32\drivers\mferkdk.sys
2011/08/15 14:33:32.0163 1724 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\Windows\system32\drivers\mfesmfk.sys
2011/08/15 14:33:32.0272 1724 mfewfpk (b2baac6bbedda3e26e82db13fa0e5bee) C:\Windows\system32\drivers\mfewfpk.sys
2011/08/15 14:33:32.0366 1724 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/08/15 14:33:32.0397 1724 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/15 14:33:32.0428 1724 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/15 14:33:32.0459 1724 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/15 14:33:32.0506 1724 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/08/15 14:33:32.0537 1724 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/08/15 14:33:32.0584 1724 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/15 14:33:32.0615 1724 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/08/15 14:33:32.0693 1724 MREMP50 (80b2ec735495823ae5771a5f603e73bd) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2011/08/15 14:33:32.0771 1724 MRESP50 (37d7c22f7e26da90e2d2d260e5d27846) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2011/08/15 14:33:32.0896 1724 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/08/15 14:33:32.0927 1724 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/15 14:33:33.0068 1724 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/15 14:33:33.0208 1724 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/15 14:33:33.0333 1724 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/08/15 14:33:33.0364 1724 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/08/15 14:33:33.0411 1724 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/08/15 14:33:33.0442 1724 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/08/15 14:33:33.0489 1724 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/15 14:33:33.0520 1724 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/15 14:33:33.0536 1724 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/08/15 14:33:33.0582 1724 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/08/15 14:33:33.0614 1724 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/15 14:33:33.0629 1724 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/08/15 14:33:33.0645 1724 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/08/15 14:33:33.0692 1724 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/15 14:33:33.0738 1724 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/08/15 14:33:33.0770 1724 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/15 14:33:33.0816 1724 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/15 14:33:33.0848 1724 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/15 14:33:33.0894 1724 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/08/15 14:33:33.0926 1724 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/15 14:33:33.0957 1724 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/15 14:33:34.0097 1724 NETw2v32 (6e9edc1020b319e7676387b8cdf2398c) C:\Windows\system32\DRIVERS\NETw2v32.sys
2011/08/15 14:33:34.0206 1724 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/08/15 14:33:34.0253 1724 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/08/15 14:33:34.0284 1724 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/15 14:33:34.0362 1724 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/08/15 14:33:34.0409 1724 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/08/15 14:33:34.0440 1724 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/08/15 14:33:34.0487 1724 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys
2011/08/15 14:33:34.0534 1724 NVNET (1efec38a852ab35883bfff3427b92b3f) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/08/15 14:33:34.0674 1724 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/08/15 14:33:34.0721 1724 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/08/15 14:33:34.0752 1724 nvstor32 (dc5f166422beebf195e3e4bb8ab4ee22) C:\Windows\system32\DRIVERS\nvstor32.sys
2011/08/15 14:33:34.0784 1724 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/08/15 14:33:34.0846 1724 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/08/15 14:33:34.0908 1724 PalmUSBD (803cf09c795290825607505d37819135) C:\Windows\system32\drivers\PalmUSBD.sys
2011/08/15 14:33:34.0971 1724 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/08/15 14:33:35.0018 1724 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/08/15 14:33:35.0049 1724 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/08/15 14:33:35.0080 1724 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/08/15 14:33:35.0111 1724 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/08/15 14:33:35.0142 1724 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/08/15 14:33:35.0189 1724 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/08/15 14:33:35.0298 1724 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/15 14:33:35.0345 1724 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
2011/08/15 14:33:35.0392 1724 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/15 14:33:35.0439 1724 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/08/15 14:33:35.0501 1724 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/08/15 14:33:35.0548 1724 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/15 14:33:35.0579 1724 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/15 14:33:35.0626 1724 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/15 14:33:35.0657 1724 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/15 14:33:35.0688 1724 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/15 14:33:35.0704 1724 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/15 14:33:35.0751 1724 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/15 14:33:35.0782 1724 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/08/15 14:33:35.0829 1724 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/15 14:33:35.0860 1724 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/08/15 14:33:35.0922 1724 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/15 14:33:35.0954 1724 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/08/15 14:33:36.0000 1724 sdbus (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys
2011/08/15 14:33:36.0047 1724 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/08/15 14:33:36.0078 1724 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/08/15 14:33:36.0110 1724 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/08/15 14:33:36.0156 1724 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/08/15 14:33:36.0188 1724 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/08/15 14:33:36.0219 1724 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/15 14:33:36.0250 1724 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/15 14:33:36.0266 1724 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/08/15 14:33:36.0312 1724 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/08/15 14:33:36.0344 1724 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/08/15 14:33:36.0375 1724 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/08/15 14:33:36.0406 1724 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/08/15 14:33:36.0468 1724 snapman (c3bf55189aa92b8f919108ef9e4accae) C:\Windows\system32\DRIVERS\snapman.sys
2011/08/15 14:33:36.0562 1724 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/08/15 14:33:36.0624 1724 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys
2011/08/15 14:33:36.0624 1724 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
2011/08/15 14:33:36.0624 1724 sptd - detected LockedFile.Multi.Generic (1)
2011/08/15 14:33:36.0671 1724 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/08/15 14:33:36.0812 1724 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/15 14:33:36.0968 1724 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/15 14:33:37.0092 1724 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/15 14:33:37.0124 1724 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/08/15 14:33:37.0155 1724 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/08/15 14:33:37.0170 1724 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/08/15 14:33:37.0248 1724 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
2011/08/15 14:33:37.0373 1724 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/15 14:33:37.0404 1724 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/15 14:33:37.0451 1724 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/08/15 14:33:37.0498 1724 tdrpman (3b7b6779eb231f731bba8f9fe67aadfc) C:\Windows\system32\DRIVERS\tdrpman.sys
2011/08/15 14:33:37.0592 1724 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/08/15 14:33:37.0638 1724 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/15 14:33:37.0685 1724 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/15 14:33:37.0748 1724 TIEHDUSB (a1124ebc672aa3ae1b327096c1dcc346) C:\Windows\system32\drivers\tiehdusb.sys
2011/08/15 14:33:37.0826 1724 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\Windows\system32\DRIVERS\tifsfilt.sys
2011/08/15 14:33:37.0919 1724 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\Windows\system32\DRIVERS\timntr.sys
2011/08/15 14:33:38.0028 1724 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/15 14:33:38.0075 1724 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/08/15 14:33:38.0122 1724 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/15 14:33:38.0153 1724 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/08/15 14:33:38.0200 1724 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/15 14:33:38.0247 1724 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/15 14:33:38.0278 1724 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/08/15 14:33:38.0309 1724 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/08/15 14:33:38.0356 1724 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/08/15 14:33:38.0387 1724 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/15 14:33:38.0450 1724 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/15 14:33:38.0481 1724 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/08/15 14:33:38.0528 1724 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/15 14:33:38.0559 1724 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/15 14:33:38.0590 1724 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/08/15 14:33:38.0637 1724 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/15 14:33:38.0668 1724 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/08/15 14:33:38.0699 1724 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/15 14:33:38.0730 1724 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/15 14:33:38.0777 1724 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/15 14:33:38.0808 1724 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/08/15 14:33:38.0840 1724 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/08/15 14:33:38.0871 1724 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/08/15 14:33:38.0902 1724 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/08/15 14:33:38.0933 1724 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/08/15 14:33:38.0996 1724 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/08/15 14:33:39.0042 1724 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/08/15 14:33:39.0074 1724 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/08/15 14:33:39.0120 1724 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/08/15 14:33:39.0152 1724 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/15 14:33:39.0183 1724 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/15 14:33:39.0214 1724 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys
2011/08/15 14:33:39.0261 1724 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/08/15 14:33:39.0308 1724 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/15 14:33:39.0401 1724 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
2011/08/15 14:33:39.0464 1724 winachsf (e096ffb754f1e45ae1bddac1275ae2c5) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/08/15 14:33:39.0666 1724 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/08/15 14:33:39.0744 1724 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/15 14:33:39.0807 1724 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/15 14:33:39.0854 1724 XAudio (e3fcf2870b5d7979b3bf10e98a71c847) C:\Windows\system32\DRIVERS\xaudio.sys
2011/08/15 14:33:39.0932 1724 MBR (0x1B8) (ff1761ef7140665743a6d636f95dfd81) \Device\Harddisk0\DR0
2011/08/15 14:33:39.0947 1724 Boot (0x1200) (10ff9c14cd7c653f910b683224932980) \Device\Harddisk0\DR0\Partition0
2011/08/15 14:33:39.0978 1724 Boot (0x1200) (c1dc6e02b93052c89b63df3fa485b757) \Device\Harddisk0\DR0\Partition1
2011/08/15 14:33:39.0994 1724 Boot (0x1200) (be874b919c17bd6da2c09a168ca44d65) \Device\Harddisk0\DR0\Partition2
2011/08/15 14:33:40.0010 1724 ================================================================================
2011/08/15 14:33:40.0010 1724 Scan finished
2011/08/15 14:33:40.0010 1724 ================================================================================
2011/08/15 14:33:40.0010 2400 Detected object count: 1
2011/08/15 14:33:40.0010 2400 Actual detected object count: 1
2011/08/15 14:33:50.0196 2400 LockedFile.Multi.Generic(sptd) - User select action: Skip
Broni
Posts: 56,041 +517
Nothing there.
I suggest you uninstall McAfee using this tool: http://www.softpedia.com/get/Tweak/Uninstallers/McAfee-Consumer-Product-Removal-Tool.shtml
Install fresh copy.
I suggest you uninstall McAfee using this tool: http://www.softpedia.com/get/Tweak/Uninstallers/McAfee-Consumer-Product-Removal-Tool.shtml
Install fresh copy.
I was still going over your posts, when I got your last message. I uninstalled Java runtime en6 update 1, and deleted the cache, then rebooted. The browsers works. I uninstalled mcafees, and installed a fresh mcafee antivirus plus elite edition. I had to uninstall mbam during the download. I did a quick scan, it showed nothing. I had turned windows updates off earlier, but during the scanning, real time scanning went off momentarily, I reenabled it. Windows update is on again, I turned it off again. It sad there were 13 mbs of updates to install. These are the same updates that have not configured correctly for some time now. Your move.
Similar threads
Latest posts
-
Apple iOS 26 will freeze iPhone FaceTime video if it detects nudity- Squid Surprise replied
-
Most graphics cards still priced way above MSRP, led by Nvidia's RTX 5080 and 5090- Megalomaniac replied
-
MSI MAG 272QP X50 500Hz Review: Brighter, Faster OLED Gaming- dipankar replied
