View Full Version : Infected by trojan, several issues
Kman1566
2014-01-25, 13:31
Hello, I was unable to update Mcafee yesterday and ran a scan with no items found by Mcafee. I then ran Malwarebytes and found "Trojan.Agent.IE". Then I ran IO Bit antimalware and it found "Trojan.Generic". I used the online Mcafee Virtual Tech which found 13 registry keys were not as expected which it seemed to fix but was not able to fix "mfencbdc driver settings" or "proxy server settings". I ran erunt sucessfully. I attempted to run dds...first try locked up computer and had to manually power down and restart. I tried 1 more time and windows shut down (blue screen with notice to protect my computer from damage). I restarted and noticed the home page on firefox had changed. I also ran Spybot with no items detected. Any help would be greatly appriciated. Thanks, Kman
:snwelcome:
Lets try a different scanner and see what it comes up with
OTL by OldTimer
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
Kman1566
2014-01-27, 17:50
Hello Ken545, Thank you for your help. FYI after I made my post the other day I attempted to disconnect my internet connection by disabling it in the taskbar which is what I usually do when not using the internet and I recieved a message that I could not due to a protocol or system setting. Below are the requested results.
OTL logfile created on: 1/27/2014 10:03:08 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Kevin\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 56.34% Memory free
4.85 Gb Paging File | 4.03 Gb Available in Paging File | 83.08% Paging File free
Paging file location(s): C:\pagefile.sys 3072 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 456.37 Gb Total Space | 359.14 Gb Free Space | 78.70% Space Free | Partition Type: NTFS
Drive F: | 591.21 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: TOYBOX | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Kevin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Kevin\My Documents\Downloads\Advanced SystemCare 7\ASC.exe (IObit)
PRC - C:\Documents and Settings\Kevin\My Documents\Downloads\Advanced SystemCare 7\ASCTray.exe (IObit)
PRC - C:\Documents and Settings\Kevin\My Documents\Downloads\Advanced SystemCare 7\ASCService.exe (IObit)
PRC - C:\Program Files\McAfee\MSC\McAPExe.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee\MSC\mcupdmgr.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\Platform\MSM\McSmtFwk.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
PRC - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe (Seagate)
PRC - C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe (American Power Conversion Corporation)
PRC - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
PRC - C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe (Dell)
PRC - C:\WINDOWS\system32\dlcdcoms.exe ()
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
========== Modules (No Company Name) ==========
MOD - C:\Documents and Settings\Kevin\My Documents\Downloads\Advanced SystemCare 7\Scan.dll ()
MOD - C:\Documents and Settings\Kevin\My Documents\Downloads\Advanced SystemCare 7\sqlite3.dll ()
MOD - C:\Documents and Settings\Kevin\My Documents\Downloads\Advanced SystemCare 7\webres.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\dlcdcfg.dll ()
MOD - C:\WINDOWS\system32\spool\drivers\w32x86\3\dlcdHPEC.DLL ()
MOD - C:\WINDOWS\system32\spool\drivers\w32x86\3\dlcdFLIB.DLL ()
MOD - C:\WINDOWS\system32\dlcdserv.dll ()
MOD - C:\WINDOWS\system32\dlcdlmpm.dll ()
MOD - C:\WINDOWS\system32\dlcdpplc.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 944\dlcdpplc.dll ()
MOD - C:\WINDOWS\system32\dlcdcoms.exe ()
MOD - C:\WINDOWS\system32\dlcdcomc.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 944\dlcdcomc.dll ()
MOD - C:\WINDOWS\system32\dlcdprox.dll ()
MOD - C:\WINDOWS\system32\dlcdusb1.dll ()
MOD - C:\WINDOWS\system32\spool\drivers\w32x86\3\dlcdcfg.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 944\dlcdcfg.dll ()
MOD - C:\WINDOWS\system32\dlcdcnv4.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 944\dlcddrec.dll ()
========== Services (SafeList) ==========
SRV - (KodakCCS) -- C:\WINDOWS\system32\drivers\KodakCCS.exe File not found
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdvancedSystemCareService7) -- C:\Documents and Settings\Kevin\My Documents\Downloads\Advanced SystemCare 7\ASCService.exe (IObit)
SRV - (LiveUpdateSvc) -- C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe (IObit)
SRV - (McAPExe) -- C:\Program Files\McAfee\MSC\McAPExe.exe (McAfee, Inc.)
SRV - (mfecore) -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.)
SRV - (IMFservice) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
SRV - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV - (SecureUpdateSvc) -- C:\Program Files\Secure Speed Dial\IE\SecureUpdate.exe ()
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcpltsvc) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcbootdelaystartsvc) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (HomeNetSvc) -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (JavaQuickStarterService) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation)
SRV - (SgtSch2Svc) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe (Seagate)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (ELService) -- C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe (Intel Corporation)
SRV - (APC UPS Service) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
SRV - (dlcd_device) -- C:\WINDOWS\system32\dlcdcoms.exe ()
SRV - (IAANTMon) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
========== Driver Services (SafeList) ==========
DRV - (Winsock - Google Desktop Search Backup Before Last Install) -- File not found
DRV - (Winsock - Google Desktop Search Backup Before First Install) -- File not found
DRV - (WDICA) -- File not found
DRV - (wanatw) -- system32\DRIVERS\wanatw4.sys File not found
DRV - (usbcm) -- system32\DRIVERS\usbcm.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (geyekrjacvpwrp) -- C:\WINDOWS\system32\drivers\geyekrwdaulytl.sys File not found
DRV - (Changer) -- File not found
DRV - (bvrp_pci) -- File not found
DRV - (LHidUsb) -- C:\WINDOWS\system32\drivers\LHidUsb.sys (Logitech, Inc.)
DRV - (mfencrk) -- C:\WINDOWS\system32\drivers\mfencrk.sys (McAfee, Inc.)
DRV - (mfencbdc) -- C:\WINDOWS\system32\drivers\mfencbdc.sys (McAfee, Inc.)
DRV - (RegFilter) -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys (IObit.com)
DRV - (UrlFilter) -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys (IObit.com)
DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (HipShieldK) -- C:\WINDOWS\system32\drivers\HipShieldK.sys (McAfee, Inc.)
DRV - (FileMonitor) -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys (IObit)
DRV - (timounter) -- C:\WINDOWS\system32\drivers\timntr.sys (Acronis)
DRV - (vididr) -- C:\WINDOWS\system32\drivers\vididr.sys (Acronis)
DRV - (vidsflt53) -- C:\WINDOWS\system32\drivers\vsflt53.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\drivers\snapman.sys (Acronis)
DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (ELhid) -- C:\WINDOWS\system32\drivers\ELhid.sys (Intel Corporation)
DRV - (ELmon) -- C:\WINDOWS\system32\drivers\ELmon.sys (Intel Corporation)
DRV - (ELkbd) -- C:\WINDOWS\system32\drivers\ELkbd.sys (Intel Corporation)
DRV - (ELmou) -- C:\WINDOWS\system32\drivers\ELmou.sys (Intel Corporation)
DRV - (ELacpi) -- C:\WINDOWS\system32\drivers\ELacpi.sys (Intel Corporation)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr7/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&client=dell
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com?type=198484&fr=spigot-yhp-ie
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\..\URLSearchHook: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files\IObit Apps Toolbar\IE\7.1\iobitappsToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\..\SearchScopes,DefaultScope = {0FF4A0C4-D3EB-438E-A53E-A94C5694C916}
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\..\SearchScopes\{0FF4A0C4-D3EB-438E-A53E-A94C5694C916}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\..\SearchScopes\{306851AB-2967-45E2-B485-4E5B3C1A21E5}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=198484"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: moveplayer%40movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledAddons: %7B1650a312-02bc-40ee-977e-83f158701739%7D:26.6
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {1650a312-02bc-40ee-977e-83f158701739}:26.6
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\Kevin\Application Data\nprhapengine.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/28 19:21:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/28 19:21:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/28 19:21:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/01/19 22:04:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/01/16 09:09:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2014/01/20 12:02:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739}: C:\Program Files\SiteAdvisor\6261\FF\ [2008/06/23 17:52:42 | 000,000,000 | ---D | M]
[2008/09/07 18:57:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Extensions
[2014/01/25 06:06:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions
[2010/04/27 15:01:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2014/01/25 06:07:00 | 000,000,000 | ---D | M] (Ads Removal) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\adsremoval@adsremoval.net
[2009/03/10 18:26:56 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\moveplayer@movenetworks.com
[2014/01/25 06:06:16 | 000,000,000 | ---D | M] (AccelerateTab) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net
[2007/04/12 19:51:42 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\searchplugins\siteadvisor.xml
[2013/05/18 21:00:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/12 07:34:28 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/12/12 07:34:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions
[2013/12/12 07:34:13 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/06/23 17:52:42 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\SITEADVISOR\6261\FF
[2012/08/11 10:09:13 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
O1 HOSTS File: ([2014/01/21 01:01:45 | 000,451,153 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 15488 more lines...
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (IObit Apps Toolbar) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files\IObit Apps Toolbar\IE\7.1\iobitappsToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Reg Error: Value error.) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
O2 - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Documents and Settings\Kevin\My Documents\Downloads\IObit Uninstaller\UninstallExplorer32.dll (IObit)
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O3 - HKLM\..\Toolbar: (IObit Apps Toolbar) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files\IObit Apps Toolbar\IE\7.1\iobitappsToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
O3 - HKLM\..\Toolbar: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Documents and Settings\Kevin\My Documents\Downloads\IObit Uninstaller\UninstallExplorer32.dll (IObit)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
O4 - HKLM..\Run: [DLCDCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.DLL ()
O4 - HKLM..\Run: [dlcdmon.exe] C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe (Dell)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006..\Run: [Advanced SystemCare 7] C:\Documents and Settings\Kevin\My Documents\Downloads\Advanced SystemCare 7\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006..\RunOnce: [DelayShred] c:\program files\mcafee.com\shredder\SHRED32.EXE (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\Kevin\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342719157853 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 184.63.96.68 184.63.96.69
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00363636-33FF-484C-A8F8-89AC0BAF378A}: DhcpNameServer = 184.63.96.68 184.63.96.69
O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6a7c86ed-15f7-11e2-9f10-ca672b9b391e}\Shell - "" = AutoRun
O33 - MountPoints2\{6a7c86ed-15f7-11e2-9f10-ca672b9b391e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6a7c86ed-15f7-11e2-9f10-ca672b9b391e}\Shell\AutoRun\command - "" = E:\unlock.exe autoplay=true
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2014/01/27 09:58:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kevin\Desktop\OTL.exe
[2014/01/26 09:39:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2014/01/25 05:51:16 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Kevin\Desktop\dds.scr
[2014/01/24 15:33:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IObit Malware Fighter
[2014/01/24 15:17:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Driver Booster
[2014/01/24 13:41:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
[2014/01/24 13:40:40 | 000,052,312 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/01/24 13:05:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Application Data\TechCheck
[2014/01/24 08:35:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2014/01/20 16:06:11 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2014/01/20 16:06:11 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe
[2014/01/20 15:53:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Application Data\ElevatedDiagnostics
[2014/01/20 15:30:22 | 000,037,804 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LHidUsb.sys
[2014/01/20 15:29:29 | 000,083,808 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\NicInstE.dll
[2014/01/20 15:29:28 | 000,028,272 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\NicCo2.dll
[2014/01/20 15:15:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood(2)
[2014/01/07 11:11:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\My Documents\Job Hunt 2014
[2013/12/31 10:58:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IObit Uninstaller
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/01/27 09:58:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kevin\Desktop\OTL.exe
[2014/01/26 09:38:04 | 000,445,890 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/01/26 09:38:04 | 000,073,096 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/01/26 09:13:18 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2014/01/26 09:12:58 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\Driver Booster Update.job
[2014/01/26 09:10:43 | 000,000,332 | ---- | M] () -- C:\WINDOWS\tasks\ASC7_PerformanceMonitor.job
[2014/01/26 09:10:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/01/26 09:10:38 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\Driver Booster Scan.job
[2014/01/26 09:10:25 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-590471348-4020301897-3148249993-1006.job
[2014/01/26 09:10:25 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-590471348-4020301897-3148249993-1007.job
[2014/01/26 09:10:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/01/26 09:09:56 | 2145,554,432 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/25 22:42:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/01/25 05:51:16 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Kevin\Desktop\dds.scr
[2014/01/24 15:33:41 | 000,000,844 | ---- | M] () -- C:\Documents and Settings\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\IObit Malware Fighter.lnk
[2014/01/24 13:40:40 | 000,052,312 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/01/21 07:54:16 | 000,023,325 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2014/01/21 01:01:45 | 000,451,153 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/01/20 15:30:23 | 000,037,804 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LHidUsb.sys
[2014/01/20 15:29:29 | 000,309,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\Prounstl.exe
[2014/01/20 15:29:29 | 000,083,808 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\NicInstE.dll
[2014/01/20 15:29:29 | 000,028,272 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\NicCo2.dll
[2014/01/20 15:29:28 | 000,121,440 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\e1000msg.dll
[2014/01/20 15:29:28 | 000,002,876 | ---- | M] () -- C:\WINDOWS\System32\e1e5132.din
[2014/01/20 15:09:16 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-590471348-4020301897-3148249993-1006.job
[2014/01/20 13:12:22 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/01/20 13:09:14 | 000,000,230 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2014/01/20 12:29:35 | 000,000,057 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2014/01/15 20:13:00 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-590471348-4020301897-3148249993-1007.job
[2014/01/07 12:39:25 | 000,000,427 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\Shortcut to Job Hunt 2014.lnk
[2013/12/31 11:47:01 | 001,828,993 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\Special Edition Use Care Guide Keurig K65.pdf
[2013/12/31 11:07:51 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/01/26 09:09:56 | 2145,554,432 | -HS- | C] () -- C:\hiberfil.sys
[2014/01/24 15:33:41 | 000,000,844 | ---- | C] () -- C:\Documents and Settings\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\IObit Malware Fighter.lnk
[2014/01/24 15:17:20 | 000,000,270 | ---- | C] () -- C:\WINDOWS\tasks\Driver Booster Scan.job
[2014/01/24 15:17:19 | 000,000,272 | ---- | C] () -- C:\WINDOWS\tasks\Driver Booster Update.job
[2014/01/20 13:09:14 | 000,000,230 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2014/01/19 22:05:42 | 000,002,951 | ---- | C] () -- C:\WINDOWS\System32\drivers\mfencbdc.inf
[2014/01/19 22:05:42 | 000,002,641 | ---- | C] () -- C:\WINDOWS\System32\drivers\mfencrk.inf
[2014/01/07 12:39:25 | 000,000,427 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\Shortcut to Job Hunt 2014.lnk
[2013/12/31 11:47:11 | 001,828,993 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\Special Edition Use Care Guide Keurig K65.pdf
[2013/09/08 18:48:32 | 000,268,968 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2012/03/25 08:45:30 | 000,000,825 | ---- | C] () -- C:\Documents and Settings\Kevin\Application Data\burnaware.ini
[2012/02/18 08:10:39 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2009/12/22 17:09:59 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\kodakpcd.ini
[2007/02/05 10:04:23 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\Kevin\Application Data\FixVTS.ini
[2006/11/23 10:52:56 | 000,001,894 | ---- | C] () -- C:\Documents and Settings\Kevin\default.pls
[2006/07/13 21:05:11 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2006/03/25 00:03:49 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Kevin\Application Data\dvd.bmk
[2006/03/08 20:31:14 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/03/07 19:32:19 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\fusioncache.dat
========== ZeroAccess Check ==========
[2005/08/16 05:39:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2007/12/25 13:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2011/07/30 16:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2014/01/25 06:05:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2013/03/09 19:57:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Licenses
[2006/03/30 15:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MCA30.tmp
[2006/03/30 15:47:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MCA3A.tmp
[2007/10/23 16:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2012/08/28 15:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2014/01/20 12:54:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ProductData
[2012/09/05 17:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2011/08/23 19:32:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2013/12/31 10:53:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/02/03 13:24:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TSMDelux
[2012/08/28 18:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2013/11/22 22:26:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
[2011/08/20 07:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2013/01/22 08:16:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{BDDB56DE-AE4E-48A2-B856-FB60C8498453}
[2013/01/22 08:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
[2012/09/05 17:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\A7389BEA-FD6B-409A-A860-F7619255E4AB
[2013/01/02 23:52:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\calibre
[2011/07/30 16:06:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\DJ ToneXpress
[2014/01/20 15:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\ElevatedDiagnostics
[2014/01/20 15:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\IObit
[2013/06/14 17:46:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\IObit Apps
[2006/03/07 21:11:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Leadertech
[2007/01/26 12:11:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\My Games
[2012/08/28 19:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Oracle
[2012/08/28 15:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\PCDr
[2007/02/05 09:52:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\RipIt4Me
[2012/05/20 09:25:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Kevin\Application Data\RPPrivate
[2012/09/05 17:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Seagate
[2010/02/22 09:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Skinux
[2014/01/24 13:05:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\TechCheck
[2006/03/26 16:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\Leadertech
[2009/12/24 12:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\Skinux
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F9819010
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >
Kman1566
2014-01-27, 17:51
OTL Extras logfile created on: 1/27/2014 10:03:09 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Kevin\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 56.34% Memory free
4.85 Gb Paging File | 4.03 Gb Available in Paging File | 83.08% Paging File free
Paging file location(s): C:\pagefile.sys 3072 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 456.37 Gb Total Space | 359.14 Gb Free Space | 78.70% Space Free | Partition Type: NTFS
Drive F: | 591.21 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: TOYBOX | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-590471348-4020301897-3148249993-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Media Player\wmplayer.exe" = C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\Microsoft Games\Age of Empires III\age3.exe" = C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires 3 -- (Ensemble Studios)
"C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Civilization4.exe" = C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 Gold -- (Firaxis Games)
"C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Warlords\Civ4Warlords.exe" = C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Warlords\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4: Warlords -- (Firaxis Games)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{1752D07B-9BEB-414F-9B51-AA529101F0E5}" = calibre
"{1945A4B5-73B6-4DE9-99A3-05261B7FDED0}" = Shared C Run-time for x86
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{33F8945B-9460-49C7-9193-DA320345CF15}" = Hanes T-ShirtMaker Deluxe 4.0.1.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B901CB2-9DAF-43FC-BDD2-4149AF19381C}" = Hallmark Card Studio 2006 Deluxe
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CEA6811-DFAD-4892-828D-49941FE3B779}" = Intel(R) PROSet for Wired Connections
"{50AF9AC4-6E62-405A-A269-C02B70A21E64}" = 944plc32
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{55502C49-F061-428C-BF26-06ECDFB3AC29}" = Sid Meier's Civilization 4 Gold
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7D9B77E1-0078-0001-4447-ADD4C0A93D1D}" = Sansa Media Converter
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8C22F265-DE76-44D1-8A79-A71D819137DA}" = Intel(R) Quick Resume Technology Drivers
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8FB2A014-A0B0-42D8-8E18-9AFC6A6E2814}" = Seagate DiscWizard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{903CE8F7-6C7B-41E6-A1CF-3BF1176264EC}" = Intel® Viiv™
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.9)
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B9242864-2841-4ADE-86E0-8F90F91B04DD}" = Logitech Gaming Software
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Google
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EA0F950C-D926-4366-A60C-9E7B71DB1FF2}" = IObit Apps Toolbar v7.1
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher Enhanced Edition
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FC053571-8507-44E4-8B6D-AACEAB8CA57C}" = Sansa Media Converter
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced SystemCare 7_is1" = Advanced SystemCare 7
"ATI Display Driver" = ATI Display Driver
"BurnAware Free_is1" = BurnAware Free 4.7
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Dell Photo AIO Printer 944" = Dell Photo AIO Printer 944
"Driver Booster_is1" = Driver Booster
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDXCopyPlatinum" = DVD X Copy Platinum 4.0.3
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ERUNT_is1" = ERUNT 1.1j
"FTDICOMM" = FTDI USB Serial Converter Drivers
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"Intel® Quick Resume Technology" = Intel(R) Quick Resume Technology Drivers
"IObit Malware Fighter_is1" = IObit Malware Fighter
"IObitUninstall" = IObit Uninstaller
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"McAfee Virtual Technician" = McAfee Virtual Technician
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Nero BurnRights!UninstallKey" = Nero BurnRights
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"PROSet" = Intel(R) Network Connections Drivers
"RealPlayer 15.0" = RealPlayer
"Scanning Suite" = Scanning Suite
"Snes9x" = Snes9x
"SpywareBlaster_is1" = SpywareBlaster 5.0
"StreetPlugin" = Learn2 Player (Uninstall Only)
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-590471348-4020301897-3148249993-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 1/16/2014 10:04:12 AM | Computer Name = TOYBOX | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.
Error - 1/16/2014 10:04:12 AM | Computer Name = TOYBOX | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.
Error - 1/16/2014 10:04:12 AM | Computer Name = TOYBOX | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.
Error - 1/16/2014 10:04:12 AM | Computer Name = TOYBOX | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.
Error - 1/16/2014 10:04:12 AM | Computer Name = TOYBOX | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.
Error - 1/16/2014 10:04:12 AM | Computer Name = TOYBOX | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.
Error - 1/19/2014 3:06:04 AM | Computer Name = TOYBOX | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.
Error - 1/19/2014 11:03:43 PM | Computer Name = TOYBOX | Source = McLogEvent | ID = 5022
Description =
Error - 1/19/2014 11:03:53 PM | Computer Name = TOYBOX | Source = McLogEvent | ID = 5022
Description =
Error - 1/19/2014 11:03:56 PM | Computer Name = TOYBOX | Source = McLogEvent | ID = 5022
Description =
[ IntelDH Events ]
Error - 1/20/2014 2:12:27 PM | Computer Name = TOYBOX | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.
Error - 1/20/2014 3:57:12 PM | Computer Name = TOYBOX | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.
Error - 1/20/2014 4:09:39 PM | Computer Name = TOYBOX | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.
Error - 1/20/2014 4:17:45 PM | Computer Name = TOYBOX | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.
Error - 1/20/2014 4:44:01 PM | Computer Name = TOYBOX | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.
Error - 1/20/2014 5:15:44 PM | Computer Name = TOYBOX | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.
Error - 1/20/2014 5:27:55 PM | Computer Name = TOYBOX | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.
Error - 1/24/2014 1:43:38 PM | Computer Name = TOYBOX | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.
Error - 1/25/2014 7:05:57 AM | Computer Name = TOYBOX | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.
Error - 1/25/2014 7:15:15 AM | Computer Name = TOYBOX | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.
[ System Events ]
Error - 1/26/2014 10:10:44 AM | Computer Name = TOYBOX | Source = Service Control Manager | ID = 7023
Description = The Intel® Quick Resume Technology Drivers service terminated with
the following error: %%203
Error - 1/26/2014 10:12:53 AM | Computer Name = TOYBOX | Source = Service Control Manager | ID = 7022
Description = The McAfee Boot Delay Start Service service hung on starting.
Error - 1/26/2014 10:12:53 AM | Computer Name = TOYBOX | Source = Service Control Manager | ID = 7034
Description = The SecureUpdate service terminated unexpectedly. It has done this
1 time(s).
Error - 1/26/2014 10:12:53 AM | Computer Name = TOYBOX | Source = Service Control Manager | ID = 7034
Description = The LiveUpdate service terminated unexpectedly. It has done this
1 time(s).
Error - 1/27/2014 10:55:13 AM | Computer Name = TOYBOX | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 162.72.121.23 on
the Network Card with network address 0013720E4A65.
Error - 1/27/2014 11:15:55 AM | Computer Name = TOYBOX | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom1.
Error - 1/27/2014 11:16:02 AM | Computer Name = TOYBOX | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom1.
Error - 1/27/2014 11:16:09 AM | Computer Name = TOYBOX | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom1.
Error - 1/27/2014 11:16:17 AM | Computer Name = TOYBOX | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom1.
Error - 1/27/2014 11:16:24 AM | Computer Name = TOYBOX | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom1.
< End of report >
Hi,
Read this please, this means that us and most of the malware forums will most likely drop support in a few months for the XP Operating System, also no more windows updates so this will leave you very vulnerable to getting infected
http://techpageone.dell.com/technology/windows-xp-end-road/?dgc=BA&cid=272099&lid=5049884&acd=12309189674467600#.UuaUqhAo6Ul
This program is malware, see if you can uninstall it via Add Remove Programs in the Control Panel
C:\Program Files\Secure Speed Dial
You also have one file that suggests your infected with a rootkit
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RC1.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
Kman1566
2014-01-27, 20:24
I am unable to fine Secure Speed Dial in the Add/Remove programs listing. Also my Mcafee window does not have the options listings on the left of the window and I am unable to disable the firewall through the normal window. My window only has 4 boxes that allow me to go to individual settings and I was able to turn the Spyware checking to Off. I was able to download Conbofix to my desktop...should I run it and follow previous instructions?
Kman1566
2014-01-27, 21:47
I attempted to run Combofix- it did update the windows recovery console but windows shut down all 3 times I tried to run it once the scan stareted... it did also give me the warning that Mcafee antispyware and antivirus were still running and I am unable to disable them.
Lets try this other program
Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan
Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now
Copy and paste the log in your next reply
A copy of the log will be saved automatically to the root of the drive (typically C:\)
Kman1566
2014-01-27, 22:40
Scan found 1 threat, here is the log
[InfectedObject]
Type: Service
Name: geyekrjacvpwrp
Type: Kernel driver (0x1)
Start: System (0x1)
ImagePath: \systemroot\system32\drivers\geyekrwdaulytl.sys
I did not update the tool though a version update was available.
Kman1566
2014-01-27, 22:49
My apologies...wrong document, here is the log.
15:24:42.0906 5436 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:24:44.0906 5436 ============================================================
15:24:44.0906 5436 Current date / time: 2014/01/27 15:24:44.0906
15:24:44.0906 5436 SystemInfo:
15:24:44.0906 5436
15:24:44.0906 5436 OS Version: 5.1.2600 ServicePack: 3.0
15:24:44.0906 5436 Product type: Workstation
15:24:44.0906 5436 ComputerName: TOYBOX
15:24:44.0906 5436 UserName: Kevin
15:24:44.0906 5436 Windows directory: C:\WINDOWS
15:24:44.0906 5436 System windows directory: C:\WINDOWS
15:24:44.0906 5436 Processor architecture: Intel x86
15:24:44.0906 5436 Number of processors: 2
15:24:44.0906 5436 Page size: 0x1000
15:24:44.0906 5436 Boot type: Normal boot
15:24:44.0906 5436 ============================================================
15:24:46.0609 5436 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:24:46.0625 5436 ============================================================
15:24:46.0625 5436 \Device\Harddisk0\DR0:
15:24:46.0625 5436 MBR partitions:
15:24:46.0625 5436 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x33800, BlocksNum 0x390BC800
15:24:46.0625 5436 ============================================================
15:24:46.0671 5436 C: <-> \Device\Harddisk0\DR0\Partition1
15:24:46.0671 5436 ============================================================
15:24:46.0671 5436 Initialize success
15:24:46.0671 5436 ============================================================
15:26:20.0781 0836 ============================================================
15:26:20.0781 0836 Scan started
15:26:20.0781 0836 Mode: Manual;
15:26:20.0781 0836 ============================================================
15:26:21.0218 0836 ================ Scan system memory ========================
15:26:21.0218 0836 System memory - ok
15:26:21.0218 0836 ================ Scan services =============================
15:26:23.0093 0836 Abiosdsk - ok
15:26:23.0140 0836 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
15:26:23.0296 0836 abp480n5 - ok
15:26:23.0421 0836 ACDaemon - ok
15:26:23.0453 0836 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:26:23.0640 0836 ACPI - ok
15:26:23.0656 0836 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
15:26:23.0703 0836 ACPIEC - ok
15:26:23.0765 0836 [ 1BA1AB4141A92EB34DA99F1249CA2D4D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:26:23.0765 0836 AdobeFlashPlayerUpdateSvc - ok
15:26:23.0796 0836 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
15:26:23.0953 0836 adpu160m - ok
15:26:24.0156 0836 [ F5456293D2604BCE2BEC07FC6186A341 ] AdvancedSystemCareService7 C:\Documents and Settings\Kevin\My Documents\Downloads\Advanced SystemCare 7\ASCService.exe
15:26:24.0515 0836 AdvancedSystemCareService7 - ok
15:26:24.0546 0836 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
15:26:24.0593 0836 aec - ok
15:26:24.0640 0836 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
15:26:24.0828 0836 AFD - ok
15:26:24.0859 0836 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
15:26:25.0015 0836 agp440 - ok
15:26:25.0031 0836 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
15:26:25.0078 0836 agpCPQ - ok
15:26:25.0093 0836 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
15:26:25.0250 0836 Aha154x - ok
15:26:25.0265 0836 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
15:26:25.0437 0836 aic78u2 - ok
15:26:25.0453 0836 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
15:26:25.0609 0836 aic78xx - ok
15:26:25.0625 0836 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
15:26:25.0765 0836 Alerter - ok
15:26:25.0828 0836 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
15:26:25.0984 0836 ALG - ok
15:26:26.0015 0836 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
15:26:26.0171 0836 AliIde - ok
15:26:26.0171 0836 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
15:26:26.0218 0836 alim1541 - ok
15:26:26.0250 0836 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
15:26:26.0296 0836 amdagp - ok
15:26:26.0312 0836 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
15:26:26.0484 0836 amsint - ok
15:26:26.0531 0836 [ DC45AB27932447B598848B10650313C5 ] APC UPS Service C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
15:26:26.0796 0836 APC UPS Service - ok
15:26:26.0921 0836 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:26:26.0937 0836 Apple Mobile Device - ok
15:26:26.0968 0836 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
15:26:27.0109 0836 AppMgmt - ok
15:26:27.0140 0836 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
15:26:27.0296 0836 asc - ok
15:26:27.0312 0836 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
15:26:27.0468 0836 asc3350p - ok
15:26:27.0484 0836 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
15:26:27.0640 0836 asc3550 - ok
15:26:27.0687 0836 [ B979979AB8027F7F53FB16EC4229B7DB ] Aspi32 C:\WINDOWS\system32\drivers\Aspi32.sys
15:26:27.0843 0836 Aspi32 - ok
15:26:27.0953 0836 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:26:28.0015 0836 aspnet_state - ok
15:26:28.0031 0836 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:26:28.0078 0836 AsyncMac - ok
15:26:28.0093 0836 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
15:26:28.0250 0836 atapi - ok
15:26:28.0265 0836 Atdisk - ok
15:26:28.0281 0836 [ ABC57A6F6070BAF9786C318F59F29F0B ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
15:26:28.0375 0836 Ati HotKey Poller - ok
15:26:28.0437 0836 [ 03621F7F968FF63713943405DEB777F9 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
15:26:28.0671 0836 ati2mtag - ok
15:26:28.0718 0836 [ F9C24D25D9FF29F894995A64812B4D85 ] atksgt C:\WINDOWS\system32\DRIVERS\atksgt.sys
15:26:28.0890 0836 atksgt - ok
15:26:28.0906 0836 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:26:28.0953 0836 Atmarpc - ok
15:26:28.0984 0836 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
15:26:29.0125 0836 AudioSrv - ok
15:26:29.0156 0836 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
15:26:29.0203 0836 audstub - ok
15:26:29.0250 0836 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
15:26:29.0296 0836 Beep - ok
15:26:29.0328 0836 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
15:26:29.0515 0836 BITS - ok
15:26:29.0578 0836 [ 1C87705CCB2F60172B0FC86B5D82F00D ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:26:29.0593 0836 Bonjour Service - ok
15:26:29.0625 0836 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
15:26:29.0765 0836 Browser - ok
15:26:29.0765 0836 bvrp_pci - ok
15:26:29.0796 0836 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
15:26:29.0953 0836 cbidf - ok
15:26:29.0968 0836 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
15:26:29.0968 0836 cbidf2k - ok
15:26:29.0968 0836 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
15:26:30.0125 0836 cd20xrnt - ok
15:26:30.0156 0836 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
15:26:30.0203 0836 Cdaudio - ok
15:26:30.0250 0836 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
15:26:30.0312 0836 Cdfs - ok
15:26:30.0343 0836 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:26:30.0609 0836 Cdrom - ok
15:26:30.0640 0836 [ D787C026F15BD8F762AB5829428FAA9C ] cfwids C:\WINDOWS\system32\drivers\cfwids.sys
15:26:30.0640 0836 cfwids - ok
15:26:30.0640 0836 Changer - ok
15:26:30.0687 0836 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
15:26:30.0734 0836 CiSvc - ok
15:26:30.0750 0836 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
15:26:30.0812 0836 ClipSrv - ok
15:26:30.0843 0836 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:26:30.0890 0836 clr_optimization_v2.0.50727_32 - ok
15:26:30.0921 0836 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
15:26:30.0968 0836 CmdIde - ok
15:26:30.0984 0836 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:26:31.0140 0836 Compbatt - ok
15:26:31.0140 0836 COMSysApp - ok
15:26:31.0156 0836 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
15:26:31.0218 0836 Cpqarray - ok
15:26:31.0234 0836 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
15:26:31.0375 0836 CryptSvc - ok
15:26:31.0406 0836 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
15:26:31.0468 0836 dac2w2k - ok
15:26:31.0484 0836 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
15:26:31.0640 0836 dac960nt - ok
15:26:31.0671 0836 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
15:26:31.0687 0836 DcomLaunch - ok
15:26:31.0718 0836 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
15:26:31.0718 0836 Dhcp - ok
15:26:31.0734 0836 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
15:26:31.0890 0836 Disk - ok
15:26:31.0953 0836 [ D8D58A84F3ECE3359DF95FD2E459B330 ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS
15:26:32.0109 0836 DLABOIOM - ok
15:26:32.0125 0836 [ EC6AE8BC9F773382D2EED49E4DFDAE2A ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
15:26:32.0281 0836 DLACDBHM - ok
15:26:32.0281 0836 [ 27C78078BD9C4F2DE2AD3EB04BFE101B ] DLADResN C:\WINDOWS\system32\DLA\DLADResN.SYS
15:26:32.0421 0836 DLADResN - ok
15:26:32.0437 0836 [ 7F2D93E560B763EF5D11422D78DA8ED0 ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
15:26:32.0609 0836 DLAIFS_M - ok
15:26:32.0609 0836 [ F643637DE6AAC57E38D197AA63D9EA74 ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
15:26:32.0765 0836 DLAOPIOM - ok
15:26:32.0781 0836 [ 340705474807F57A46D59D18FC2959F1 ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS
15:26:32.0937 0836 DLAPoolM - ok
15:26:32.0968 0836 [ 0605B66052F82B6F07204DBDB61C13FF ] DLARTL_N C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
15:26:33.0125 0836 DLARTL_N - ok
15:26:33.0140 0836 [ 6984EA763907C045CE813468882BC587 ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
15:26:33.0312 0836 DLAUDFAM - ok
15:26:33.0343 0836 [ 12B30C449CFD36ADBED53EB6560933C6 ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
15:26:33.0515 0836 DLAUDF_M - ok
15:26:33.0515 0836 dlcd_device - ok
15:26:33.0531 0836 dmadmin - ok
15:26:33.0546 0836 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
15:26:33.0625 0836 dmboot - ok
15:26:33.0625 0836 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
15:26:33.0812 0836 dmio - ok
15:26:33.0843 0836 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
15:26:33.0984 0836 dmload - ok
15:26:34.0031 0836 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
15:26:34.0171 0836 dmserver - ok
15:26:34.0203 0836 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
15:26:34.0359 0836 DMusic - ok
15:26:34.0390 0836 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
15:26:34.0531 0836 Dnscache - ok
15:26:34.0562 0836 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
15:26:34.0703 0836 Dot3svc - ok
15:26:34.0718 0836 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
15:26:34.0765 0836 dpti2o - ok
15:26:34.0781 0836 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
15:26:34.0937 0836 drmkaud - ok
15:26:34.0953 0836 [ FD0F95981FEF9073659D8EC58E40AA3C ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
15:26:35.0125 0836 DRVMCDB - ok
15:26:35.0156 0836 [ B4869D320428CDC5EC4D7F5E808E99B5 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
15:26:35.0328 0836 DRVNDDM - ok
15:26:35.0375 0836 [ FE80901578E7E3DA70299A5AEB2B7FBD ] DSBrokerService C:\Program Files\DellSupport\brkrsvc.exe
15:26:35.0421 0836 DSBrokerService - ok
15:26:35.0453 0836 [ 413F2D5F9D802688242C23B38F767ECB ] DSproct C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
15:26:35.0609 0836 DSproct - ok
15:26:35.0640 0836 [ DFEABB7CFFFADEA4A912AB95BDC3177A ] dsunidrv C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
15:26:35.0687 0836 dsunidrv - ok
15:26:35.0703 0836 [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
15:26:35.0875 0836 E100B - ok
15:26:35.0906 0836 [ D334D3052BDD61F8A5F0A59D31466BAC ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
15:26:35.0968 0836 e1express - ok
15:26:36.0000 0836 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
15:26:36.0140 0836 EapHost - ok
15:26:36.0234 0836 [ 5D1347AA5AE6E2F77D7F4F8372D95AC9 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
15:26:36.0312 0836 ehRecvr - ok
15:26:36.0312 0836 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
15:26:36.0484 0836 ehSched - ok
15:26:36.0531 0836 [ 1976FEDF6D7F87135C9B7F5CB4C8C868 ] ELacpi C:\WINDOWS\system32\DRIVERS\ELacpi.sys
15:26:36.0671 0836 ELacpi - ok
15:26:36.0703 0836 [ AE65C02444907966378454138B9F99F0 ] ELhid C:\WINDOWS\system32\DRIVERS\ELhid.sys
15:26:36.0859 0836 ELhid - ok
15:26:36.0875 0836 [ E485C3BA1DADDEEF3E14FEA1E8FDA6E1 ] ELkbd C:\WINDOWS\system32\DRIVERS\ELkbd.sys
15:26:37.0031 0836 ELkbd - ok
15:26:37.0046 0836 [ 0D87CB825ED6CB2EBCC147A10A42F1D6 ] ELmon C:\WINDOWS\system32\DRIVERS\ELmon.sys
15:26:37.0203 0836 ELmon - ok
15:26:37.0203 0836 [ A4ADD3847B67BACAB6FC851A2B60FDB3 ] ELmou C:\WINDOWS\system32\DRIVERS\ELmou.sys
15:26:37.0359 0836 ELmou - ok
15:26:37.0468 0836 [ D1DE16926C682DCD3D99AE5500CA5522 ] ELService C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
15:26:37.0687 0836 ELService - ok
15:26:37.0703 0836 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
15:26:37.0843 0836 ERSvc - ok
15:26:37.0859 0836 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
15:26:37.0953 0836 Eventlog - ok
15:26:37.0984 0836 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\Es.dll
15:26:38.0140 0836 EventSystem - ok
15:26:38.0156 0836 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
15:26:38.0328 0836 Fastfat - ok
15:26:38.0375 0836 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
15:26:38.0406 0836 FastUserSwitchingCompatibility - ok
15:26:38.0421 0836 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
15:26:38.0468 0836 Fdc - ok
15:26:38.0609 0836 [ 9840396B26E424046AD335C98B3F16C3 ] FileMonitor C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys
15:26:38.0937 0836 FileMonitor - ok
15:26:38.0968 0836 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
15:26:39.0156 0836 Fips - ok
15:26:39.0187 0836 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:26:39.0359 0836 Flpydisk - ok
15:26:39.0390 0836 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
15:26:39.0453 0836 FltMgr - ok
15:26:39.0515 0836 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:26:39.0578 0836 FontCache3.0.0.0 - ok
15:26:39.0656 0836 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:26:39.0703 0836 Fs_Rec - ok
15:26:39.0734 0836 [ B283F1BC1FF852BD232449A4B3E3CE63 ] FTDIBUS C:\WINDOWS\system32\drivers\ftdibus.sys
15:26:39.0921 0836 FTDIBUS - ok
15:26:39.0937 0836 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:26:39.0984 0836 Ftdisk - ok
15:26:40.0000 0836 geyekrjacvpwrp ( Rootkit.Win32.TDSS.tdl2 ) - infected
15:26:40.0000 0836 geyekrjacvpwrp - detected Rootkit.Win32.TDSS.tdl2 (0)
15:26:40.0031 0836 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:26:40.0203 0836 Gpc - ok
15:26:40.0218 0836 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:26:40.0437 0836 HDAudBus - ok
15:26:40.0531 0836 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:26:40.0656 0836 helpsvc - ok
15:26:40.0703 0836 [ 748031FF4FE45CCC47546294905FEAB8 ] HidBatt C:\WINDOWS\system32\DRIVERS\HidBatt.sys
15:26:40.0843 0836 HidBatt - ok
15:26:40.0890 0836 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
15:26:41.0015 0836 HidServ - ok
15:26:41.0031 0836 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:26:41.0187 0836 HidUsb - ok
15:26:41.0234 0836 [ 156765F692192EA9039A6C4A809312FD ] HipShieldK C:\WINDOWS\system32\drivers\HipShieldK.sys
15:26:41.0234 0836 HipShieldK - ok
15:26:41.0281 0836 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
15:26:41.0437 0836 hkmsvc - ok
15:26:41.0546 0836 [ 5007E21208DA68F60EBF43352BDFE6D0 ] HomeNetSvc C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
15:26:41.0546 0836 HomeNetSvc - ok
15:26:41.0562 0836 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
15:26:41.0734 0836 hpn - ok
15:26:41.0765 0836 [ 77E4FF0B73BC0AEAAF39BF0C8104231F ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
15:26:41.0921 0836 HSFHWBS2 - ok
15:26:41.0937 0836 [ 60E1604729A15EF4A3B05F298427B3B1 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
15:26:42.0140 0836 HSF_DP - ok
15:26:42.0187 0836 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
15:26:42.0500 0836 HTTP - ok
15:26:42.0531 0836 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
15:26:42.0671 0836 HTTPFilter - ok
15:26:42.0687 0836 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
15:26:42.0843 0836 i2omgmt - ok
15:26:42.0859 0836 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
15:26:43.0015 0836 i2omp - ok
15:26:43.0031 0836 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:26:43.0078 0836 i8042prt - ok
15:26:43.0156 0836 [ D43E91E271C041BB86A6223462A41D28 ] IAANTMon C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
15:26:43.0375 0836 IAANTMon - ok
15:26:43.0390 0836 [ 9A65E42664D1534B68512CAAD0EFE963 ] iastor C:\WINDOWS\system32\drivers\iastor.sys
15:26:43.0406 0836 iastor - ok
15:26:43.0500 0836 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
15:26:43.0671 0836 IDriverT - ok
15:26:43.0750 0836 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:26:43.0812 0836 idsvc - ok
15:26:43.0828 0836 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
15:26:43.0984 0836 Imapi - ok
15:26:44.0031 0836 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
15:26:44.0078 0836 ImapiService - ok
15:26:44.0125 0836 [ EAEA4B0005869A4ABE6070BD364143B7 ] IMFservice C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
15:26:44.0312 0836 IMFservice - ok
15:26:44.0343 0836 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
15:26:44.0500 0836 ini910u - ok
15:26:44.0531 0836 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
15:26:44.0718 0836 IntelIde - ok
15:26:44.0781 0836 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:26:44.0968 0836 intelppm - ok
15:26:44.0984 0836 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
15:26:45.0140 0836 Ip6Fw - ok
15:26:45.0156 0836 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:26:45.0328 0836 IpFilterDriver - ok
15:26:45.0343 0836 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:26:45.0390 0836 IpInIp - ok
15:26:45.0406 0836 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:26:45.0484 0836 IpNat - ok
15:26:45.0515 0836 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:26:45.0671 0836 IPSec - ok
15:26:45.0687 0836 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
15:26:45.0843 0836 IRENUM - ok
15:26:45.0859 0836 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:26:46.0015 0836 isapnp - ok
15:26:46.0046 0836 [ 4AC11B2250106774F694DF2DB4FFED61 ] Iviaspi C:\WINDOWS\system32\drivers\iviaspi.sys
15:26:46.0203 0836 Iviaspi - ok
15:26:46.0312 0836 [ 4F2143570D2250CA4C4A4C98553C82CD ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
15:26:46.0328 0836 JavaQuickStarterService - ok
15:26:46.0328 0836 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:26:46.0484 0836 Kbdclass - ok
15:26:46.0484 0836 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:26:46.0531 0836 kbdhid - ok
15:26:46.0562 0836 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
15:26:46.0750 0836 kmixer - ok
15:26:46.0750 0836 KodakCCS - ok
15:26:46.0781 0836 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
15:26:46.0828 0836 KSecDD - ok
15:26:46.0843 0836 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
15:26:47.0000 0836 lanmanserver - ok
15:26:47.0031 0836 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
15:26:47.0171 0836 lanmanworkstation - ok
15:26:47.0171 0836 lbrtfdc - ok
15:26:47.0203 0836 [ AC05A1B5C66D693B1598FD83617D1820 ] LHidUsb C:\WINDOWS\system32\Drivers\LHidUsb.Sys
15:26:47.0468 0836 LHidUsb - ok
15:26:47.0500 0836 [ 8CCF9ED46D52AF1375875F74A91FFACF ] lirsgt C:\WINDOWS\system32\DRIVERS\lirsgt.sys
15:26:47.0656 0836 lirsgt - ok
15:26:47.0718 0836 [ 935E2093CEED8198C820B7F60BB63167 ] LiveUpdateSvc C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
15:26:47.0937 0836 LiveUpdateSvc - ok
15:26:47.0968 0836 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
15:26:48.0109 0836 LmHosts - ok
15:26:48.0296 0836 [ 5467B4D77044E4FF56E8FEB9D2F6FE5A ] McAPExe C:\Program Files\McAfee\MSC\McAPExe.exe
15:26:48.0296 0836 McAPExe - ok
15:26:48.0328 0836 [ 5007E21208DA68F60EBF43352BDFE6D0 ] mcbootdelaystartsvc C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
15:26:48.0328 0836 mcbootdelaystartsvc - ok
15:26:48.0343 0836 [ 5007E21208DA68F60EBF43352BDFE6D0 ] McMPFSvc C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
15:26:48.0343 0836 McMPFSvc - ok
15:26:48.0343 0836 [ 5007E21208DA68F60EBF43352BDFE6D0 ] McNaiAnn C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
15:26:48.0343 0836 McNaiAnn - ok
15:26:48.0500 0836 [ 3A01047FFF666D33EBDE3513D20DA1F5 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
15:26:48.0500 0836 McODS - ok
15:26:48.0515 0836 [ 5007E21208DA68F60EBF43352BDFE6D0 ] mcpltsvc C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
15:26:48.0515 0836 mcpltsvc - ok
15:26:48.0515 0836 [ 5007E21208DA68F60EBF43352BDFE6D0 ] McProxy C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
15:26:48.0531 0836 McProxy - ok
15:26:48.0609 0836 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
15:26:48.0781 0836 McrdSvc - ok
15:26:48.0875 0836 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
15:26:48.0875 0836 MDM - ok
15:26:48.0890 0836 [ EEAEA6514BA7C9D273B5E87C4E1AAB30 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
15:26:49.0031 0836 mdmxsdk - ok
15:26:49.0078 0836 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
15:26:49.0203 0836 Messenger - ok
15:26:49.0234 0836 [ 75A2B9F70B77AA3DB15E96BDAAE484A2 ] mfeapfk C:\WINDOWS\system32\drivers\mfeapfk.sys
15:26:49.0234 0836 mfeapfk - ok
15:26:49.0265 0836 [ 070850EFFC731B4A22FB7DDEAD41B943 ] mfeavfk C:\WINDOWS\system32\drivers\mfeavfk.sys
15:26:49.0265 0836 mfeavfk - ok
15:26:49.0265 0836 [ FC28E41FE9D4F3283FB41717C0BF0109 ] mfebopk C:\WINDOWS\system32\drivers\mfebopk.sys
15:26:49.0265 0836 mfebopk - ok
15:26:49.0343 0836 [ A507872B611576AF33BCF473231391F9 ] mfecore C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
15:26:49.0343 0836 mfecore - ok
15:26:49.0421 0836 [ 7A9F90099CBF6FA6D4011E10F36EF0C7 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
15:26:49.0421 0836 mfefire - ok
15:26:49.0437 0836 [ 768AA2C44C589EA27E80E4EC05BD5F76 ] mfefirek C:\WINDOWS\system32\drivers\mfefirek.sys
15:26:49.0437 0836 mfefirek - ok
15:26:49.0468 0836 [ 24E6ABD47FD50FC187FFC3583A14F339 ] mfehidk C:\WINDOWS\system32\drivers\mfehidk.sys
15:26:49.0484 0836 mfehidk - ok
15:26:49.0500 0836 [ 286C46ADBF17272A479C91116FA50524 ] mfencbdc C:\WINDOWS\system32\DRIVERS\mfencbdc.sys
15:26:49.0500 0836 mfencbdc - ok
15:26:49.0531 0836 [ 0C9EA2919A7EB871FF9BAFB3A11C145E ] mfencrk C:\WINDOWS\system32\DRIVERS\mfencrk.sys
15:26:49.0531 0836 mfencrk - ok
15:26:49.0531 0836 [ B475C9545475B44EA23CE22119149440 ] mfendisk C:\WINDOWS\system32\DRIVERS\mfendisk.sys
15:26:49.0546 0836 mfendisk - ok
15:26:49.0593 0836 [ B475C9545475B44EA23CE22119149440 ] mfendiskmp C:\WINDOWS\system32\DRIVERS\mfendisk.sys
15:26:49.0593 0836 mfendiskmp - ok
15:26:49.0640 0836 [ E487B1ABF6B4E17AEE023022FA927841 ] mfetdi2k C:\WINDOWS\system32\drivers\mfetdi2k.sys
15:26:49.0640 0836 mfetdi2k - ok
15:26:49.0656 0836 [ A1262E7DC2394EA04AB97D48752F7332 ] mfevtp C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
15:26:49.0656 0836 mfevtp - ok
15:26:49.0687 0836 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
15:26:49.0828 0836 MHN - ok
15:26:49.0906 0836 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
15:26:50.0171 0836 MHNDRV - ok
15:26:50.0203 0836 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
15:26:50.0250 0836 mnmdd - ok
15:26:50.0281 0836 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
15:26:50.0359 0836 mnmsrvc - ok
15:26:50.0390 0836 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
15:26:50.0546 0836 Modem - ok
15:26:50.0593 0836 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
15:26:50.0781 0836 MODEMCSA - ok
15:26:50.0796 0836 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:26:50.0843 0836 Mouclass - ok
15:26:50.0890 0836 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:26:50.0968 0836 mouhid - ok
15:26:51.0015 0836 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
15:26:51.0062 0836 MountMgr - ok
15:26:51.0109 0836 [ 3B9398E0146855B1DC0E3D9769C80F01 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:26:51.0171 0836 MozillaMaintenance - ok
15:26:51.0218 0836 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
15:26:51.0375 0836 mraid35x - ok
15:26:51.0406 0836 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:26:51.0484 0836 MRxDAV - ok
15:26:51.0500 0836 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:26:51.0843 0836 MRxSmb - ok
15:26:51.0859 0836 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
15:26:51.0921 0836 MSDTC - ok
15:26:51.0968 0836 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
15:26:52.0000 0836 Msfs - ok
15:26:52.0015 0836 MSIServer - ok
15:26:52.0031 0836 [ 5007E21208DA68F60EBF43352BDFE6D0 ] MSK80Service C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
15:26:52.0031 0836 MSK80Service - ok
15:26:52.0062 0836 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:26:52.0203 0836 MSKSSRV - ok
15:26:52.0218 0836 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:26:52.0375 0836 MSPCLOCK - ok
15:26:52.0390 0836 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
15:26:52.0531 0836 MSPQM - ok
15:26:52.0546 0836 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:26:52.0734 0836 mssmbios - ok
15:26:52.0750 0836 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
15:26:52.0906 0836 Mup - ok
15:26:52.0937 0836 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
15:26:53.0093 0836 napagent - ok
15:26:53.0109 0836 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
15:26:53.0187 0836 NDIS - ok
15:26:53.0234 0836 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:26:53.0375 0836 NdisTapi - ok
15:26:53.0390 0836 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:26:53.0437 0836 Ndisuio - ok
15:26:53.0453 0836 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:26:53.0500 0836 NdisWan - ok
15:26:53.0515 0836 [ 2F597BB467E05B1FE3830EABD821B8E0 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
15:26:53.0687 0836 NDProxy - ok
15:26:53.0687 0836 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
15:26:53.0859 0836 NetBIOS - ok
15:26:53.0890 0836 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
15:26:54.0062 0836 NetBT - ok
15:26:54.0093 0836 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
15:26:54.0171 0836 NetDDE - ok
15:26:54.0171 0836 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
15:26:54.0171 0836 NetDDEdsdm - ok
15:26:54.0203 0836 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
15:26:54.0250 0836 Netlogon - ok
15:26:54.0265 0836 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
15:26:54.0406 0836 Netman - ok
15:26:54.0500 0836 [ 9DA26B773BD04B867A8E9F427CD048FC ] NetSvc C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
15:26:54.0718 0836 NetSvc - ok
15:26:54.0765 0836 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:26:54.0812 0836 NetTcpPortSharing - ok
15:26:54.0843 0836 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
15:26:54.0843 0836 Nla - ok
15:26:54.0875 0836 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
15:26:55.0031 0836 Npfs - ok
15:26:55.0046 0836 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
15:26:55.0265 0836 Ntfs - ok
15:26:55.0281 0836 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
15:26:55.0281 0836 NtLmSsp - ok
15:26:55.0328 0836 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
15:26:55.0484 0836 NtmsSvc - ok
15:26:55.0515 0836 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
15:26:55.0562 0836 Null - ok
15:26:55.0625 0836 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:26:55.0750 0836 nv - ok
15:26:55.0781 0836 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:26:55.0828 0836 NwlnkFlt - ok
15:26:55.0859 0836 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:26:56.0015 0836 NwlnkFwd - ok
15:26:56.0031 0836 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:26:56.0093 0836 ose - ok
15:26:56.0125 0836 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
15:26:56.0312 0836 Parport - ok
15:26:56.0328 0836 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
15:26:56.0484 0836 PartMgr - ok
15:26:56.0531 0836 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
15:26:56.0593 0836 ParVdm - ok
15:26:56.0609 0836 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
15:26:56.0765 0836 PCI - ok
15:26:56.0765 0836 PCIDump - ok
15:26:56.0781 0836 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
15:26:56.0828 0836 PCIIde - ok
15:26:56.0843 0836 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
15:26:57.0000 0836 Pcmcia - ok
15:26:57.0031 0836 [ C3224A794B4FE2F6D0D5434A9FCAD26D ] Pcouffin C:\WINDOWS\system32\Drivers\Pcouffin.sys
15:26:57.0203 0836 Pcouffin - ok
15:26:57.0218 0836 PDCOMP - ok
15:26:57.0218 0836 PDFRAME - ok
15:26:57.0234 0836 PDRELI - ok
15:26:57.0234 0836 PDRFRAME - ok
15:26:57.0265 0836 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
15:26:57.0437 0836 perc2 - ok
15:26:57.0453 0836 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
15:26:57.0500 0836 perc2hib - ok
15:26:57.0656 0836 [ F042EE4C8D66248D9B86DCF52ABAE416 ] PEVSystemStart C:\ComboFix\pev.3XE
15:26:59.0015 0836 PEVSystemStart - ok
15:26:59.0046 0836 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
15:26:59.0046 0836 PlugPlay - ok
15:26:59.0062 0836 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
15:26:59.0062 0836 PolicyAgent - ok
15:26:59.0093 0836 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:26:59.0140 0836 PptpMiniport - ok
15:26:59.0156 0836 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
15:26:59.0156 0836 ProtectedStorage - ok
15:26:59.0171 0836 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
15:26:59.0328 0836 PSched - ok
15:26:59.0343 0836 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:26:59.0390 0836 Ptilink - ok
15:26:59.0421 0836 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
15:26:59.0468 0836 ql1080 - ok
15:26:59.0484 0836 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
15:26:59.0531 0836 Ql10wnt - ok
15:26:59.0562 0836 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
15:26:59.0625 0836 ql12160 - ok
15:26:59.0640 0836 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
15:26:59.0671 0836 ql1240 - ok
15:26:59.0687 0836 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
15:26:59.0734 0836 ql1280 - ok
15:26:59.0765 0836 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:26:59.0812 0836 RasAcd - ok
15:26:59.0843 0836 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
15:26:59.0984 0836 RasAuto - ok
15:27:00.0015 0836 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:27:00.0171 0836 Rasl2tp - ok
15:27:00.0187 0836 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
15:27:00.0343 0836 RasMan - ok
15:27:00.0343 0836 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:27:00.0390 0836 RasPppoe - ok
15:27:00.0390 0836 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
15:27:00.0437 0836 Raspti - ok
15:27:00.0453 0836 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:27:00.0546 0836 Rdbss - ok
15:27:00.0546 0836 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:27:00.0703 0836 RDPCDD - ok
15:27:00.0734 0836 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:27:00.0812 0836 rdpdr - ok
15:27:00.0859 0836 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
15:27:01.0156 0836 RDPWD - ok
15:27:01.0171 0836 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
15:27:01.0343 0836 RDSessMgr - ok
15:27:01.0375 0836 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
15:27:01.0640 0836 redbook - ok
15:27:01.0656 0836 [ 69AA6AF470BA8D8CE13FA45DE0D49C1C ] RegFilter C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys
15:27:01.0937 0836 RegFilter - ok
15:27:01.0953 0836 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
15:27:02.0000 0836 RemoteAccess - ok
15:27:02.0015 0836 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
15:27:02.0156 0836 RemoteRegistry - ok
15:27:02.0156 0836 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
15:27:02.0328 0836 RpcLocator - ok
15:27:02.0359 0836 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
15:27:02.0359 0836 RpcSs - ok
15:27:02.0390 0836 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
15:27:02.0578 0836 RSVP - ok
15:27:02.0593 0836 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
15:27:02.0593 0836 SamSs - ok
15:27:02.0609 0836 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
15:27:02.0671 0836 SCardSvr - ok
15:27:02.0687 0836 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
15:27:02.0828 0836 Schedule - ok
15:27:02.0859 0836 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:27:02.0890 0836 Secdrv - ok
15:27:02.0921 0836 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
15:27:03.0062 0836 seclogon - ok
15:27:03.0140 0836 [ CA9C2939BDFC5B77D73E3B07C8805C59 ] SecureUpdateSvc C:\Program Files\Secure Speed Dial\IE\SecureUpdate.exe
15:27:03.0359 0836 SecureUpdateSvc - ok
15:27:03.0375 0836 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
15:27:03.0515 0836 SENS - ok
15:27:03.0578 0836 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
15:27:03.0640 0836 serenum - ok
15:27:03.0640 0836 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
15:27:03.0796 0836 Serial - ok
15:27:03.0828 0836 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
15:27:03.0875 0836 Sfloppy - ok
15:27:03.0937 0836 [ C950D0381B42A54541CD55ADCCF3D75B ] SgtSch2Svc C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
15:27:04.0187 0836 SgtSch2Svc - ok
15:27:04.0218 0836 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
15:27:04.0390 0836 SharedAccess - ok
15:27:04.0406 0836 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
15:27:04.0406 0836 ShellHWDetection - ok
15:27:04.0421 0836 Simbad - ok
15:27:04.0468 0836 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
15:27:04.0515 0836 sisagp - ok
15:27:04.0546 0836 [ 98B44C15B4EED76AA8DCCB64A4CA11AF ] snapman C:\WINDOWS\system32\DRIVERS\snapman.sys
15:27:04.0734 0836 snapman - ok
15:27:04.0765 0836 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
15:27:04.0812 0836 Sparrow - ok
15:27:04.0843 0836 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
15:27:04.0890 0836 splitter - ok
15:27:04.0921 0836 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
15:27:05.0078 0836 Spooler - ok
15:27:05.0093 0836 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
15:27:05.0250 0836 sr - ok
15:27:05.0265 0836 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
15:27:05.0406 0836 srservice - ok
15:27:05.0437 0836 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
15:27:05.0656 0836 Srv - ok
15:27:05.0671 0836 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
15:27:05.0812 0836 SSDPSRV - ok
15:27:05.0859 0836 [ 2A2DC39623ADEF8AB3703AB9FAC4B440 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
15:27:06.0109 0836 STHDA - ok
15:27:06.0156 0836 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
15:27:06.0312 0836 StillCam - ok
15:27:06.0328 0836 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
15:27:06.0468 0836 stisvc - ok
15:27:06.0515 0836 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
15:27:06.0656 0836 swenum - ok
15:27:06.0687 0836 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
15:27:06.0843 0836 swmidi - ok
15:27:06.0843 0836 SwPrv - ok
15:27:06.0875 0836 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
15:27:07.0046 0836 symc810 - ok
15:27:07.0062 0836 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
15:27:07.0218 0836 symc8xx - ok
15:27:07.0234 0836 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
15:27:07.0281 0836 sym_hi - ok
15:27:07.0281 0836 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
15:27:07.0437 0836 sym_u3 - ok
15:27:07.0468 0836 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
15:27:07.0515 0836 sysaudio - ok
15:27:07.0546 0836 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
15:27:07.0703 0836 SysmonLog - ok
15:27:07.0734 0836 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
15:27:07.0890 0836 TapiSrv - ok
15:27:07.0921 0836 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:27:08.0015 0836 Tcpip - ok
15:27:08.0046 0836 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
15:27:08.0203 0836 TDPIPE - ok
15:27:08.0218 0836 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
15:27:08.0359 0836 TDTCP - ok
15:27:08.0390 0836 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
15:27:08.0531 0836 TermDD - ok
15:27:08.0562 0836 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
15:27:08.0718 0836 TermService - ok
15:27:08.0750 0836 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
15:27:08.0750 0836 Themes - ok
15:27:08.0796 0836 [ D8A96D0E25D43FDAC3BED09ADF39FDE9 ] timounter C:\WINDOWS\system32\DRIVERS\timntr.sys
15:27:09.0000 0836 timounter - ok
15:27:09.0046 0836 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
15:27:09.0109 0836 TlntSvr - ok
15:27:09.0140 0836 [ DF8444A8FA8FD38D8848BDD40A8403B3 ] tmcomm C:\WINDOWS\system32\drivers\tmcomm.sys
15:27:09.0187 0836 tmcomm - ok
15:27:09.0218 0836 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
15:27:09.0265 0836 TosIde - ok
15:27:09.0296 0836 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
15:27:09.0437 0836 TrkWks - ok
15:27:09.0484 0836 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
15:27:09.0656 0836 Udfs - ok
15:27:09.0687 0836 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
15:27:09.0843 0836 ultra - ok
15:27:09.0875 0836 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
15:27:10.0046 0836 Update - ok
15:27:10.0078 0836 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
15:27:10.0218 0836 upnphost - ok
15:27:10.0250 0836 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
15:27:10.0421 0836 UPS - ok
15:27:10.0437 0836 [ B1C51A3CB466C0C4AFA54F0FA199F6B8 ] UrlFilter C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys
15:27:10.0734 0836 UrlFilter - ok
15:27:10.0765 0836 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
15:27:11.0015 0836 USBAAPL - ok
15:27:11.0046 0836 [ 1B611611C28D2DF25BC057D79C6F13FC ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:27:11.0218 0836 usbccgp - ok
15:27:11.0218 0836 usbcm - ok
15:27:11.0234 0836 [ 4BAC8DF07F1D8434FC640E677A62204E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:27:11.0515 0836 usbehci - ok
15:27:11.0578 0836 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:27:11.0734 0836 usbhub - ok
15:27:11.0765 0836 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:27:11.0796 0836 usbprint - ok
15:27:11.0812 0836 [ F8EDE2B6928970DCE3D5614C27D9E7F6 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:27:11.0984 0836 usbscan - ok
15:27:12.0000 0836 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:27:12.0031 0836 USBSTOR - ok
15:27:12.0046 0836 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:27:12.0203 0836 usbuhci - ok
15:27:12.0203 0836 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
15:27:12.0375 0836 VgaSave - ok
15:27:12.0390 0836 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
15:27:12.0546 0836 viaagp - ok
15:27:12.0578 0836 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
15:27:12.0718 0836 ViaIde - ok
15:27:12.0765 0836 [ 149EC3E217F9D11E9CA6C54CE3D70C73 ] vididr C:\WINDOWS\system32\DRIVERS\vididr.sys
15:27:12.0953 0836 vididr - ok
15:27:12.0968 0836 [ E31E9CD40677B84B3ADAA7A0D80DC439 ] vidsflt53 C:\WINDOWS\system32\DRIVERS\vsflt53.sys
15:27:13.0156 0836 vidsflt53 - ok
15:27:13.0156 0836 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
15:27:13.0328 0836 VolSnap - ok
15:27:13.0359 0836 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
15:27:13.0546 0836 VSS - ok
15:27:13.0578 0836 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
15:27:13.0718 0836 w32time - ok
15:27:13.0765 0836 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:27:13.0828 0836 Wanarp - ok
15:27:13.0828 0836 wanatw - ok
15:27:13.0875 0836 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\WINDOWS\system32\DRIVERS\wdcsam.sys
15:27:14.0125 0836 WDC_SAM - ok
15:27:14.0125 0836 WDICA - ok
15:27:14.0156 0836 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
15:27:14.0328 0836 wdmaud - ok
15:27:14.0328 0836 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
15:27:14.0468 0836 WebClient - ok
15:27:14.0531 0836 [ F59ED5A43B988A18EF582BB07B2327A7 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
15:27:14.0609 0836 winachsf - ok
15:27:14.0687 0836 [ F45DD1E1365D857DD08BC23563370D0E ] WinDefend C:\Program Files\Windows Defender\MsMpEng.exe
15:27:14.0687 0836 WinDefend - ok
15:27:14.0750 0836 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
15:27:14.0796 0836 winmgmt - ok
15:27:14.0859 0836 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
15:27:15.0046 0836 WinRM - ok
15:27:15.0125 0836 [ BC3ECBCB40147BDAE3AD2FD0B4B346D8 ] WmBEnum C:\WINDOWS\system32\drivers\WmBEnum.sys
15:27:15.0265 0836 WmBEnum - ok
15:27:15.0296 0836 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
15:27:15.0421 0836 WmdmPmSN - ok
15:27:15.0468 0836 [ 19F9881D8B3484FEDB605D0216876898 ] WmFilter C:\WINDOWS\system32\drivers\WmFilter.sys
15:27:15.0609 0836 WmFilter - ok
15:27:15.0640 0836 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
15:27:15.0656 0836 Wmi - ok
15:27:15.0687 0836 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:27:15.0750 0836 WmiApSrv - ok
15:27:15.0812 0836 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
15:27:15.0890 0836 WMPNetworkSvc - ok
15:27:15.0921 0836 [ 7A51545A6409A25EEDBDBD97D019E8CC ] WmVirHid C:\WINDOWS\system32\drivers\WmVirHid.sys
15:27:16.0046 0836 WmVirHid - ok
15:27:16.0078 0836 [ 1F083B3BC73017E60C3CA85CF4A70753 ] WmXlCore C:\WINDOWS\system32\drivers\WmXlCore.sys
15:27:16.0218 0836 WmXlCore - ok
15:27:16.0250 0836 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
15:27:16.0515 0836 WpdUsb - ok
15:27:16.0609 0836 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:27:16.0656 0836 WS2IFSL - ok
15:27:16.0687 0836 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
15:27:16.0828 0836 wscsvc - ok
15:27:16.0843 0836 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
15:27:17.0015 0836 wuauserv - ok
15:27:17.0031 0836 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:27:17.0093 0836 WudfPf - ok
15:27:17.0109 0836 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:27:17.0171 0836 WudfRd - ok
15:27:17.0187 0836 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
15:27:17.0250 0836 WudfSvc - ok
15:27:17.0281 0836 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
15:27:17.0437 0836 WZCSVC - ok
15:27:17.0468 0836 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
15:27:17.0671 0836 xmlprov - ok
15:27:17.0671 0836 ================ Scan global ===============================
15:27:17.0718 0836 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
15:27:17.0875 0836 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
15:27:18.0031 0836 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
15:27:18.0062 0836 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
15:27:18.0062 0836 [Global] - ok
15:27:18.0062 0836 ================ Scan MBR ==================================
15:27:18.0078 0836 [ 5CB90281D1A59B251F6603134774EEC3 ] \Device\Harddisk0\DR0
15:27:18.0234 0836 \Device\Harddisk0\DR0 - ok
15:27:18.0234 0836 ================ Scan VBR ==================================
15:27:18.0234 0836 [ 23FB66AC9808F7118DDB9CE83F1BE91B ] \Device\Harddisk0\DR0\Partition1
15:27:18.0234 0836 \Device\Harddisk0\DR0\Partition1 - ok
15:27:18.0234 0836 ============================================================
15:27:18.0234 0836 Scan finished
15:27:18.0234 0836 ============================================================
15:27:18.0250 4844 Detected object count: 1
15:27:18.0250 4844 Actual detected object count: 1
15:28:07.0703 4844 C:\WINDOWS\system32\drivers\geyekrwdaulytl.sys - will be deleted on reboot
15:28:07.0703 4844 C:\WINDOWS\system32\geyekrxyunkoqc.dll - will be deleted on reboot
15:28:07.0703 4844 C:\WINDOWS\system32\geyekrdwivjaxl.dat - will be deleted on reboot
15:28:07.0703 4844 C:\WINDOWS\system32\geyekrtqktotxl.dll - will be deleted on reboot
15:28:07.0703 4844 C:\WINDOWS\system32\geyekriosfoonb.dat - will be deleted on reboot
15:28:07.0703 4844 HKLM\SYSTEM\ControlSet001\services\geyekrjacvpwrp - will be deleted on reboot
15:28:07.0703 4844 HKLM\SYSTEM\ControlSet002\services\geyekrjacvpwrp - will be deleted on reboot
15:28:07.0734 4844 C:\WINDOWS\system32\drivers\geyekrwdaulytl.sys - will be deleted on reboot
15:28:07.0734 4844 geyekrjacvpwrp ( Rootkit.Win32.TDSS.tdl2 ) - User select action: Delete
15:28:30.0515 3788 Deinitialize success
Go ahead and run TDSSkiller again, this time update it and select cure if any thing is found than post the log please
The files TDSSkiller found where part of a rootkit
Kman1566
2014-01-27, 23:28
When I open TDSSKILLER is prompts me to update... when selected, it opens a new window in Internet Explorer but no page opens, it just remains blank with nothing happening.....?
OK, then just run it again without updating
Kman1566
2014-01-27, 23:33
Found 0 threats
16:30:22.0736 2768 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:30:24.0736 2768 ============================================================
16:30:24.0736 2768 Current date / time: 2014/01/27 16:30:24.0736
16:30:24.0736 2768 SystemInfo:
16:30:24.0736 2768
16:30:24.0736 2768 OS Version: 5.1.2600 ServicePack: 3.0
16:30:24.0736 2768 Product type: Workstation
16:30:24.0736 2768 ComputerName: TOYBOX
16:30:24.0736 2768 UserName: Kevin
16:30:24.0736 2768 Windows directory: C:\WINDOWS
16:30:24.0736 2768 System windows directory: C:\WINDOWS
16:30:24.0736 2768 Processor architecture: Intel x86
16:30:24.0736 2768 Number of processors: 2
16:30:24.0736 2768 Page size: 0x1000
16:30:24.0736 2768 Boot type: Normal boot
16:30:24.0736 2768 ============================================================
16:30:24.0892 2768 BG loaded
16:30:25.0204 2768 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:30:25.0220 2768 ============================================================
16:30:25.0220 2768 \Device\Harddisk0\DR0:
16:30:25.0220 2768 MBR partitions:
16:30:25.0220 2768 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x33800, BlocksNum 0x390BC800
16:30:25.0220 2768 ============================================================
16:30:25.0251 2768 C: <-> \Device\Harddisk0\DR0\Partition1
16:30:25.0251 2768 ============================================================
16:30:25.0251 2768 Initialize success
16:30:25.0251 2768 ============================================================
16:31:53.0652 4272 ============================================================
16:31:53.0652 4272 Scan started
16:31:53.0652 4272 Mode: Manual;
16:31:53.0652 4272 ============================================================
16:31:53.0792 4272 ================ Scan system memory ========================
16:31:53.0808 4272 System memory - ok
16:31:53.0808 4272 ================ Scan services =============================
16:31:54.0449 4272 Abiosdsk - ok
16:31:54.0480 4272 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
16:31:54.0480 4272 abp480n5 - ok
16:31:54.0620 4272 ACDaemon - ok
16:31:54.0652 4272 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:31:54.0652 4272 ACPI - ok
16:31:54.0667 4272 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
16:31:54.0683 4272 ACPIEC - ok
16:31:54.0730 4272 [ 1BA1AB4141A92EB34DA99F1249CA2D4D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:31:54.0730 4272 AdobeFlashPlayerUpdateSvc - ok
16:31:54.0745 4272 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
16:31:54.0761 4272 adpu160m - ok
16:31:54.0917 4272 [ F5456293D2604BCE2BEC07FC6186A341 ] AdvancedSystemCareService7 C:\Documents and Settings\Kevin\My Documents\Downloads\Advanced SystemCare 7\ASCService.exe
16:31:54.0933 4272 AdvancedSystemCareService7 - ok
16:31:54.0949 4272 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
16:31:54.0949 4272 aec - ok
16:31:54.0995 4272 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
16:31:54.0995 4272 AFD - ok
16:31:55.0027 4272 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
16:31:55.0027 4272 agp440 - ok
16:31:55.0042 4272 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
16:31:55.0058 4272 agpCPQ - ok
16:31:55.0074 4272 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
16:31:55.0074 4272 Aha154x - ok
16:31:55.0089 4272 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
16:31:55.0089 4272 aic78u2 - ok
16:31:55.0105 4272 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
16:31:55.0105 4272 aic78xx - ok
16:31:55.0136 4272 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
16:31:55.0136 4272 Alerter - ok
16:31:55.0167 4272 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
16:31:55.0167 4272 ALG - ok
16:31:55.0167 4272 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
16:31:55.0167 4272 AliIde - ok
16:31:55.0199 4272 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
16:31:55.0199 4272 alim1541 - ok
16:31:55.0230 4272 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
16:31:55.0230 4272 amdagp - ok
16:31:55.0245 4272 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
16:31:55.0245 4272 amsint - ok
16:31:55.0292 4272 [ DC45AB27932447B598848B10650313C5 ] APC UPS Service C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
16:31:55.0308 4272 APC UPS Service - ok
16:31:55.0355 4272 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:31:55.0355 4272 Apple Mobile Device - ok
16:31:55.0386 4272 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
16:31:55.0386 4272 AppMgmt - ok
16:31:55.0417 4272 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
16:31:55.0417 4272 asc - ok
16:31:55.0433 4272 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
16:31:55.0433 4272 asc3350p - ok
16:31:55.0433 4272 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
16:31:55.0448 4272 asc3550 - ok
16:31:55.0495 4272 [ B979979AB8027F7F53FB16EC4229B7DB ] Aspi32 C:\WINDOWS\system32\drivers\Aspi32.sys
16:31:55.0495 4272 Aspi32 - ok
16:31:55.0589 4272 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:31:55.0605 4272 aspnet_state - ok
16:31:55.0636 4272 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:31:55.0636 4272 AsyncMac - ok
16:31:55.0652 4272 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
16:31:55.0652 4272 atapi - ok
16:31:55.0652 4272 Atdisk - ok
16:31:55.0667 4272 [ ABC57A6F6070BAF9786C318F59F29F0B ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
16:31:55.0683 4272 Ati HotKey Poller - ok
16:31:55.0745 4272 [ 03621F7F968FF63713943405DEB777F9 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
16:31:55.0761 4272 ati2mtag - ok
16:31:55.0808 4272 [ F9C24D25D9FF29F894995A64812B4D85 ] atksgt C:\WINDOWS\system32\DRIVERS\atksgt.sys
16:31:55.0808 4272 atksgt - ok
16:31:55.0839 4272 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:31:55.0855 4272 Atmarpc - ok
16:31:55.0902 4272 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
16:31:55.0902 4272 AudioSrv - ok
16:31:55.0917 4272 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
16:31:55.0917 4272 audstub - ok
16:31:55.0933 4272 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
16:31:55.0933 4272 Beep - ok
16:31:55.0964 4272 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
16:31:56.0011 4272 BITS - ok
16:31:56.0042 4272 [ 1C87705CCB2F60172B0FC86B5D82F00D ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:31:56.0058 4272 Bonjour Service - ok
16:31:56.0105 4272 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
16:31:56.0105 4272 Browser - ok
16:31:56.0120 4272 bvrp_pci - ok
16:31:56.0167 4272 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
16:31:56.0167 4272 cbidf - ok
16:31:56.0167 4272 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
16:31:56.0167 4272 cbidf2k - ok
16:31:56.0183 4272 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
16:31:56.0183 4272 cd20xrnt - ok
16:31:56.0214 4272 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
16:31:56.0214 4272 Cdaudio - ok
16:31:56.0261 4272 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
16:31:56.0261 4272 Cdfs - ok
16:31:56.0308 4272 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:31:56.0308 4272 Cdrom - ok
16:31:56.0339 4272 [ D787C026F15BD8F762AB5829428FAA9C ] cfwids C:\WINDOWS\system32\drivers\cfwids.sys
16:31:56.0339 4272 cfwids - ok
16:31:56.0355 4272 Changer - ok
16:31:56.0386 4272 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
16:31:56.0386 4272 CiSvc - ok
16:31:56.0402 4272 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
16:31:56.0417 4272 ClipSrv - ok
16:31:56.0448 4272 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:31:56.0448 4272 clr_optimization_v2.0.50727_32 - ok
16:31:56.0480 4272 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
16:31:56.0480 4272 CmdIde - ok
16:31:56.0495 4272 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
16:31:56.0495 4272 Compbatt - ok
16:31:56.0511 4272 COMSysApp - ok
16:31:56.0558 4272 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
16:31:56.0558 4272 Cpqarray - ok
16:31:56.0573 4272 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
16:31:56.0589 4272 CryptSvc - ok
16:31:56.0620 4272 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
16:31:56.0636 4272 dac2w2k - ok
16:31:56.0652 4272 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
16:31:56.0652 4272 dac960nt - ok
16:31:56.0698 4272 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
16:31:56.0698 4272 DcomLaunch - ok
16:31:56.0714 4272 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
16:31:56.0714 4272 Dhcp - ok
16:31:56.0730 4272 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
16:31:56.0730 4272 Disk - ok
16:31:56.0792 4272 [ D8D58A84F3ECE3359DF95FD2E459B330 ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS
16:31:56.0792 4272 DLABOIOM - ok
16:31:56.0792 4272 [ EC6AE8BC9F773382D2EED49E4DFDAE2A ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
16:31:56.0808 4272 DLACDBHM - ok
16:31:56.0808 4272 [ 27C78078BD9C4F2DE2AD3EB04BFE101B ] DLADResN C:\WINDOWS\system32\DLA\DLADResN.SYS
16:31:56.0808 4272 DLADResN - ok
16:31:56.0823 4272 [ 7F2D93E560B763EF5D11422D78DA8ED0 ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
16:31:56.0823 4272 DLAIFS_M - ok
16:31:56.0823 4272 [ F643637DE6AAC57E38D197AA63D9EA74 ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
16:31:56.0839 4272 DLAOPIOM - ok
16:31:56.0839 4272 [ 340705474807F57A46D59D18FC2959F1 ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS
16:31:56.0839 4272 DLAPoolM - ok
16:31:56.0855 4272 [ 0605B66052F82B6F07204DBDB61C13FF ] DLARTL_N C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
16:31:56.0855 4272 DLARTL_N - ok
16:31:56.0855 4272 [ 6984EA763907C045CE813468882BC587 ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
16:31:56.0855 4272 DLAUDFAM - ok
16:31:56.0870 4272 [ 12B30C449CFD36ADBED53EB6560933C6 ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
16:31:56.0870 4272 DLAUDF_M - ok
16:31:56.0870 4272 dlcd_device - ok
16:31:56.0886 4272 dmadmin - ok
16:31:56.0917 4272 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
16:31:56.0933 4272 dmboot - ok
16:31:56.0933 4272 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
16:31:56.0933 4272 dmio - ok
16:31:56.0948 4272 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
16:31:56.0948 4272 dmload - ok
16:31:56.0980 4272 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
16:31:56.0995 4272 dmserver - ok
16:31:56.0995 4272 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
16:31:56.0995 4272 DMusic - ok
16:31:57.0058 4272 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
16:31:57.0058 4272 Dnscache - ok
16:31:57.0089 4272 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
16:31:57.0089 4272 Dot3svc - ok
16:31:57.0105 4272 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
16:31:57.0105 4272 dpti2o - ok
16:31:57.0136 4272 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
16:31:57.0136 4272 drmkaud - ok
16:31:57.0152 4272 [ FD0F95981FEF9073659D8EC58E40AA3C ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
16:31:57.0152 4272 DRVMCDB - ok
16:31:57.0167 4272 [ B4869D320428CDC5EC4D7F5E808E99B5 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
16:31:57.0167 4272 DRVNDDM - ok
16:31:57.0214 4272 [ FE80901578E7E3DA70299A5AEB2B7FBD ] DSBrokerService C:\Program Files\DellSupport\brkrsvc.exe
16:31:57.0214 4272 DSBrokerService - ok
16:31:57.0245 4272 [ 413F2D5F9D802688242C23B38F767ECB ] DSproct C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
16:31:57.0245 4272 DSproct - ok
16:31:57.0292 4272 [ DFEABB7CFFFADEA4A912AB95BDC3177A ] dsunidrv C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
16:31:57.0292 4272 dsunidrv - ok
16:31:57.0323 4272 [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
16:31:57.0323 4272 E100B - ok
16:31:57.0355 4272 [ D334D3052BDD61F8A5F0A59D31466BAC ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
16:31:57.0355 4272 e1express - ok
16:31:57.0401 4272 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
16:31:57.0401 4272 EapHost - ok
16:31:57.0448 4272 [ 5D1347AA5AE6E2F77D7F4F8372D95AC9 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
16:31:57.0464 4272 ehRecvr - ok
16:31:57.0464 4272 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
16:31:57.0464 4272 ehSched - ok
16:31:57.0511 4272 [ 1976FEDF6D7F87135C9B7F5CB4C8C868 ] ELacpi C:\WINDOWS\system32\DRIVERS\ELacpi.sys
16:31:57.0511 4272 ELacpi - ok
16:31:57.0526 4272 [ AE65C02444907966378454138B9F99F0 ] ELhid C:\WINDOWS\system32\DRIVERS\ELhid.sys
16:31:57.0542 4272 ELhid - ok
16:31:57.0542 4272 [ E485C3BA1DADDEEF3E14FEA1E8FDA6E1 ] ELkbd C:\WINDOWS\system32\DRIVERS\ELkbd.sys
16:31:57.0542 4272 ELkbd - ok
16:31:57.0542 4272 [ 0D87CB825ED6CB2EBCC147A10A42F1D6 ] ELmon C:\WINDOWS\system32\DRIVERS\ELmon.sys
16:31:57.0558 4272 ELmon - ok
16:31:57.0558 4272 [ A4ADD3847B67BACAB6FC851A2B60FDB3 ] ELmou C:\WINDOWS\system32\DRIVERS\ELmou.sys
16:31:57.0558 4272 ELmou - ok
16:31:57.0605 4272 [ D1DE16926C682DCD3D99AE5500CA5522 ] ELService C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
16:31:57.0605 4272 ELService - ok
16:31:57.0636 4272 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
16:31:57.0636 4272 ERSvc - ok
16:31:57.0683 4272 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
16:31:57.0698 4272 Eventlog - ok
16:31:57.0714 4272 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\Es.dll
16:31:57.0714 4272 EventSystem - ok
16:31:57.0761 4272 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
16:31:57.0761 4272 Fastfat - ok
16:31:57.0808 4272 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
16:31:57.0823 4272 FastUserSwitchingCompatibility - ok
16:31:57.0839 4272 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
16:31:57.0855 4272 Fdc - ok
16:31:57.0980 4272 [ 9840396B26E424046AD335C98B3F16C3 ] FileMonitor C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys
16:31:57.0995 4272 FileMonitor - ok
16:31:58.0026 4272 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
16:31:58.0042 4272 Fips - ok
16:31:58.0058 4272 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:31:58.0058 4272 Flpydisk - ok
16:31:58.0089 4272 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
16:31:58.0089 4272 FltMgr - ok
16:31:58.0167 4272 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:31:58.0167 4272 FontCache3.0.0.0 - ok
16:31:58.0183 4272 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:31:58.0183 4272 Fs_Rec - ok
16:31:58.0214 4272 [ B283F1BC1FF852BD232449A4B3E3CE63 ] FTDIBUS C:\WINDOWS\system32\drivers\ftdibus.sys
16:31:58.0230 4272 FTDIBUS - ok
16:31:58.0245 4272 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:31:58.0245 4272 Ftdisk - ok
16:31:58.0292 4272 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:31:58.0292 4272 Gpc - ok
16:31:58.0308 4272 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:31:58.0308 4272 HDAudBus - ok
16:31:58.0370 4272 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:31:58.0370 4272 helpsvc - ok
16:31:58.0401 4272 [ 748031FF4FE45CCC47546294905FEAB8 ] HidBatt C:\WINDOWS\system32\DRIVERS\HidBatt.sys
16:31:58.0401 4272 HidBatt - ok
16:31:58.0433 4272 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
16:31:58.0433 4272 HidServ - ok
16:31:58.0448 4272 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:31:58.0448 4272 HidUsb - ok
16:31:58.0511 4272 [ 156765F692192EA9039A6C4A809312FD ] HipShieldK C:\WINDOWS\system32\drivers\HipShieldK.sys
16:31:58.0511 4272 HipShieldK - ok
16:31:58.0542 4272 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
16:31:58.0558 4272 hkmsvc - ok
16:31:58.0667 4272 [ 5007E21208DA68F60EBF43352BDFE6D0 ] HomeNetSvc C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
16:31:58.0667 4272 HomeNetSvc - ok
16:31:58.0683 4272 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
16:31:58.0698 4272 hpn - ok
16:31:58.0730 4272 [ 77E4FF0B73BC0AEAAF39BF0C8104231F ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
16:31:58.0730 4272 HSFHWBS2 - ok
16:31:58.0745 4272 [ 60E1604729A15EF4A3B05F298427B3B1 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
16:31:58.0761 4272 HSF_DP - ok
16:31:58.0808 4272 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
16:31:58.0808 4272 HTTP - ok
16:31:58.0855 4272 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
16:31:58.0855 4272 HTTPFilter - ok
16:31:58.0870 4272 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
16:31:58.0886 4272 i2omgmt - ok
16:31:58.0901 4272 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
16:31:58.0901 4272 i2omp - ok
16:31:58.0917 4272 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:31:58.0917 4272 i8042prt - ok
16:31:58.0964 4272 [ D43E91E271C041BB86A6223462A41D28 ] IAANTMon C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
16:31:58.0964 4272 IAANTMon - ok
16:31:58.0995 4272 [ 9A65E42664D1534B68512CAAD0EFE963 ] iastor C:\WINDOWS\system32\drivers\iastor.sys
16:31:58.0995 4272 iastor - ok
16:31:59.0073 4272 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
16:31:59.0073 4272 IDriverT - ok
16:31:59.0136 4272 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:31:59.0151 4272 idsvc - ok
16:31:59.0198 4272 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
16:31:59.0198 4272 Imapi - ok
16:31:59.0245 4272 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
16:31:59.0245 4272 ImapiService - ok
16:31:59.0276 4272 [ EAEA4B0005869A4ABE6070BD364143B7 ] IMFservice C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
16:31:59.0276 4272 IMFservice - ok
16:31:59.0308 4272 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
16:31:59.0308 4272 ini910u - ok
16:31:59.0323 4272 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
16:31:59.0323 4272 IntelIde - ok
16:31:59.0354 4272 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:31:59.0370 4272 intelppm - ok
16:31:59.0386 4272 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
16:31:59.0386 4272 Ip6Fw - ok
16:31:59.0417 4272 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:31:59.0417 4272 IpFilterDriver - ok
16:31:59.0433 4272 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:31:59.0433 4272 IpInIp - ok
16:31:59.0464 4272 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:31:59.0464 4272 IpNat - ok
16:31:59.0479 4272 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:31:59.0495 4272 IPSec - ok
16:31:59.0511 4272 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
16:31:59.0526 4272 IRENUM - ok
16:31:59.0558 4272 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:31:59.0558 4272 isapnp - ok
16:31:59.0589 4272 [ 4AC11B2250106774F694DF2DB4FFED61 ] Iviaspi C:\WINDOWS\system32\drivers\iviaspi.sys
16:31:59.0604 4272 Iviaspi - ok
16:31:59.0651 4272 [ 4F2143570D2250CA4C4A4C98553C82CD ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
16:31:59.0651 4272 JavaQuickStarterService - ok
16:31:59.0667 4272 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:31:59.0667 4272 Kbdclass - ok
16:31:59.0683 4272 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:31:59.0683 4272 kbdhid - ok
16:31:59.0729 4272 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
16:31:59.0729 4272 kmixer - ok
16:31:59.0745 4272 KodakCCS - ok
16:31:59.0761 4272 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
16:31:59.0776 4272 KSecDD - ok
16:31:59.0808 4272 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
16:31:59.0808 4272 lanmanserver - ok
16:31:59.0839 4272 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
16:31:59.0854 4272 lanmanworkstation - ok
16:31:59.0854 4272 lbrtfdc - ok
16:31:59.0886 4272 [ AC05A1B5C66D693B1598FD83617D1820 ] LHidUsb C:\WINDOWS\system32\Drivers\LHidUsb.Sys
16:31:59.0901 4272 LHidUsb - ok
16:31:59.0917 4272 [ 8CCF9ED46D52AF1375875F74A91FFACF ] lirsgt C:\WINDOWS\system32\DRIVERS\lirsgt.sys
16:31:59.0917 4272 lirsgt - ok
16:31:59.0964 4272 [ 935E2093CEED8198C820B7F60BB63167 ] LiveUpdateSvc C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
16:31:59.0979 4272 LiveUpdateSvc - ok
16:32:00.0026 4272 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
16:32:00.0026 4272 LmHosts - ok
16:32:00.0104 4272 [ 5467B4D77044E4FF56E8FEB9D2F6FE5A ] McAPExe C:\Program Files\McAfee\MSC\McAPExe.exe
16:32:00.0120 4272 McAPExe - ok
16:32:00.0136 4272 [ 5007E21208DA68F60EBF43352BDFE6D0 ] mcbootdelaystartsvc C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
16:32:00.0136 4272 mcbootdelaystartsvc - ok
16:32:00.0151 4272 [ 5007E21208DA68F60EBF43352BDFE6D0 ] McMPFSvc C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
16:32:00.0151 4272 McMPFSvc - ok
16:32:00.0151 4272 [ 5007E21208DA68F60EBF43352BDFE6D0 ] McNaiAnn C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
16:32:00.0151 4272 McNaiAnn - ok
16:32:00.0214 4272 [ 3A01047FFF666D33EBDE3513D20DA1F5 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
16:32:00.0214 4272 McODS - ok
16:32:00.0229 4272 [ 5007E21208DA68F60EBF43352BDFE6D0 ] mcpltsvc C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
16:32:00.0229 4272 mcpltsvc - ok
16:32:00.0229 4272 [ 5007E21208DA68F60EBF43352BDFE6D0 ] McProxy C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
16:32:00.0229 4272 McProxy - ok
16:32:00.0292 4272 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
16:32:00.0292 4272 McrdSvc - ok
16:32:00.0354 4272 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
16:32:00.0354 4272 MDM - ok
16:32:00.0370 4272 [ EEAEA6514BA7C9D273B5E87C4E1AAB30 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
16:32:00.0370 4272 mdmxsdk - ok
16:32:00.0401 4272 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
16:32:00.0401 4272 Messenger - ok
16:32:00.0448 4272 [ 75A2B9F70B77AA3DB15E96BDAAE484A2 ] mfeapfk C:\WINDOWS\system32\drivers\mfeapfk.sys
16:32:00.0448 4272 mfeapfk - ok
16:32:00.0464 4272 [ 070850EFFC731B4A22FB7DDEAD41B943 ] mfeavfk C:\WINDOWS\system32\drivers\mfeavfk.sys
16:32:00.0464 4272 mfeavfk - ok
16:32:00.0479 4272 [ FC28E41FE9D4F3283FB41717C0BF0109 ] mfebopk C:\WINDOWS\system32\drivers\mfebopk.sys
16:32:00.0495 4272 mfebopk - ok
16:32:00.0542 4272 [ A507872B611576AF33BCF473231391F9 ] mfecore C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
16:32:00.0542 4272 mfecore - ok
16:32:00.0589 4272 [ 7A9F90099CBF6FA6D4011E10F36EF0C7 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
16:32:00.0589 4272 mfefire - ok
16:32:00.0604 4272 [ 768AA2C44C589EA27E80E4EC05BD5F76 ] mfefirek C:\WINDOWS\system32\drivers\mfefirek.sys
16:32:00.0620 4272 mfefirek - ok
16:32:00.0667 4272 [ 24E6ABD47FD50FC187FFC3583A14F339 ] mfehidk C:\WINDOWS\system32\drivers\mfehidk.sys
16:32:00.0683 4272 mfehidk - ok
16:32:00.0698 4272 [ 286C46ADBF17272A479C91116FA50524 ] mfencbdc C:\WINDOWS\system32\DRIVERS\mfencbdc.sys
16:32:00.0714 4272 mfencbdc - ok
16:32:00.0745 4272 [ 0C9EA2919A7EB871FF9BAFB3A11C145E ] mfencrk C:\WINDOWS\system32\DRIVERS\mfencrk.sys
16:32:00.0745 4272 mfencrk - ok
16:32:00.0745 4272 [ B475C9545475B44EA23CE22119149440 ] mfendisk C:\WINDOWS\system32\DRIVERS\mfendisk.sys
16:32:00.0761 4272 mfendisk - ok
16:32:00.0761 4272 [ B475C9545475B44EA23CE22119149440 ] mfendiskmp C:\WINDOWS\system32\DRIVERS\mfendisk.sys
16:32:00.0761 4272 mfendiskmp - ok
16:32:00.0776 4272 [ E487B1ABF6B4E17AEE023022FA927841 ] mfetdi2k C:\WINDOWS\system32\drivers\mfetdi2k.sys
16:32:00.0776 4272 mfetdi2k - ok
16:32:00.0792 4272 [ A1262E7DC2394EA04AB97D48752F7332 ] mfevtp C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
16:32:00.0792 4272 mfevtp - ok
16:32:00.0823 4272 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
16:32:00.0823 4272 MHN - ok
16:32:00.0839 4272 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
16:32:00.0839 4272 MHNDRV - ok
16:32:00.0870 4272 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
16:32:00.0886 4272 mnmdd - ok
16:32:00.0901 4272 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
16:32:00.0917 4272 mnmsrvc - ok
16:32:00.0933 4272 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
16:32:00.0933 4272 Modem - ok
16:32:00.0948 4272 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
16:32:00.0964 4272 MODEMCSA - ok
16:32:00.0964 4272 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:32:00.0964 4272 Mouclass - ok
16:32:01.0011 4272 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:32:01.0011 4272 mouhid - ok
16:32:01.0026 4272 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
16:32:01.0026 4272 MountMgr - ok
16:32:01.0058 4272 [ 3B9398E0146855B1DC0E3D9769C80F01 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:32:01.0058 4272 MozillaMaintenance - ok
16:32:01.0089 4272 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
16:32:01.0089 4272 mraid35x - ok
16:32:01.0104 4272 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:32:01.0120 4272 MRxDAV - ok
16:32:01.0167 4272 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:32:01.0183 4272 MRxSmb - ok
16:32:01.0214 4272 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
16:32:01.0214 4272 MSDTC - ok
16:32:01.0229 4272 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
16:32:01.0229 4272 Msfs - ok
16:32:01.0229 4272 MSIServer - ok
16:32:01.0276 4272 [ 5007E21208DA68F60EBF43352BDFE6D0 ] MSK80Service C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
16:32:01.0276 4272 MSK80Service - ok
16:32:01.0307 4272 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:32:01.0307 4272 MSKSSRV - ok
16:32:01.0339 4272 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:32:01.0339 4272 MSPCLOCK - ok
16:32:01.0354 4272 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
16:32:01.0354 4272 MSPQM - ok
16:32:01.0386 4272 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:32:01.0386 4272 mssmbios - ok
16:32:01.0432 4272 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
16:32:01.0432 4272 Mup - ok
16:32:01.0464 4272 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
16:32:01.0479 4272 napagent - ok
16:32:01.0479 4272 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
16:32:01.0479 4272 NDIS - ok
16:32:01.0526 4272 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:32:01.0526 4272 NdisTapi - ok
16:32:01.0542 4272 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:32:01.0542 4272 Ndisuio - ok
16:32:01.0542 4272 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:32:01.0542 4272 NdisWan - ok
16:32:01.0573 4272 [ 2F597BB467E05B1FE3830EABD821B8E0 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
16:32:01.0573 4272 NDProxy - ok
16:32:01.0573 4272 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
16:32:01.0589 4272 NetBIOS - ok
16:32:01.0604 4272 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
16:32:01.0620 4272 NetBT - ok
16:32:01.0636 4272 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
16:32:01.0651 4272 NetDDE - ok
16:32:01.0651 4272 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
16:32:01.0651 4272 NetDDEdsdm - ok
16:32:01.0682 4272 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
16:32:01.0682 4272 Netlogon - ok
16:32:01.0698 4272 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
16:32:01.0698 4272 Netman - ok
16:32:01.0776 4272 [ 9DA26B773BD04B867A8E9F427CD048FC ] NetSvc C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
16:32:01.0792 4272 NetSvc - ok
16:32:01.0807 4272 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:32:01.0823 4272 NetTcpPortSharing - ok
16:32:01.0854 4272 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
16:32:01.0854 4272 Nla - ok
16:32:01.0870 4272 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
16:32:01.0886 4272 Npfs - ok
16:32:01.0901 4272 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
16:32:01.0901 4272 Ntfs - ok
16:32:01.0932 4272 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
16:32:01.0932 4272 NtLmSsp - ok
16:32:01.0964 4272 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
16:32:01.0964 4272 NtmsSvc - ok
16:32:01.0995 4272 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
16:32:01.0995 4272 Null - ok
16:32:02.0042 4272 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:32:02.0073 4272 nv - ok
16:32:02.0089 4272 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:32:02.0089 4272 NwlnkFlt - ok
16:32:02.0120 4272 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:32:02.0120 4272 NwlnkFwd - ok
16:32:02.0151 4272 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:32:02.0151 4272 ose - ok
16:32:02.0198 4272 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
16:32:02.0198 4272 Parport - ok
16:32:02.0229 4272 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
16:32:02.0229 4272 PartMgr - ok
16:32:02.0276 4272 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
16:32:02.0276 4272 ParVdm - ok
16:32:02.0276 4272 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
16:32:02.0292 4272 PCI - ok
16:32:02.0292 4272 PCIDump - ok
16:32:02.0307 4272 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
16:32:02.0307 4272 PCIIde - ok
16:32:02.0339 4272 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
16:32:02.0339 4272 Pcmcia - ok
16:32:02.0386 4272 [ C3224A794B4FE2F6D0D5434A9FCAD26D ] Pcouffin C:\WINDOWS\system32\Drivers\Pcouffin.sys
16:32:02.0386 4272 Pcouffin - ok
16:32:02.0386 4272 PDCOMP - ok
16:32:02.0401 4272 PDFRAME - ok
16:32:02.0401 4272 PDRELI - ok
16:32:02.0417 4272 PDRFRAME - ok
16:32:02.0448 4272 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
16:32:02.0448 4272 perc2 - ok
16:32:02.0464 4272 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
16:32:02.0464 4272 perc2hib - ok
16:32:02.0620 4272 [ F042EE4C8D66248D9B86DCF52ABAE416 ] PEVSystemStart C:\ComboFix\pev.3XE
16:32:02.0620 4272 PEVSystemStart - ok
16:32:02.0636 4272 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
16:32:02.0651 4272 PlugPlay - ok
16:32:02.0651 4272 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
16:32:02.0651 4272 PolicyAgent - ok
16:32:02.0682 4272 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:32:02.0698 4272 PptpMiniport - ok
16:32:02.0698 4272 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
16:32:02.0698 4272 ProtectedStorage - ok
16:32:02.0714 4272 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
16:32:02.0714 4272 PSched - ok
16:32:02.0745 4272 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:32:02.0745 4272 Ptilink - ok
16:32:02.0776 4272 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
16:32:02.0792 4272 ql1080 - ok
16:32:02.0807 4272 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
16:32:02.0823 4272 Ql10wnt - ok
16:32:02.0839 4272 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
16:32:02.0839 4272 ql12160 - ok
16:32:02.0854 4272 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
16:32:02.0854 4272 ql1240 - ok
16:32:02.0870 4272 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
16:32:02.0870 4272 ql1280 - ok
16:32:02.0901 4272 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:32:02.0901 4272 RasAcd - ok
16:32:02.0964 4272 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
16:32:02.0964 4272 RasAuto - ok
16:32:02.0979 4272 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:32:02.0995 4272 Rasl2tp - ok
16:32:03.0042 4272 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
16:32:03.0042 4272 RasMan - ok
16:32:03.0042 4272 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:32:03.0057 4272 RasPppoe - ok
16:32:03.0057 4272 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
16:32:03.0057 4272 Raspti - ok
16:32:03.0073 4272 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:32:03.0073 4272 Rdbss - ok
16:32:03.0089 4272 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:32:03.0089 4272 RDPCDD - ok
16:32:03.0120 4272 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:32:03.0120 4272 rdpdr - ok
16:32:03.0167 4272 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
16:32:03.0182 4272 RDPWD - ok
16:32:03.0198 4272 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
16:32:03.0198 4272 RDSessMgr - ok
16:32:03.0245 4272 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
16:32:03.0245 4272 redbook - ok
16:32:03.0292 4272 [ 69AA6AF470BA8D8CE13FA45DE0D49C1C ] RegFilter C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys
16:32:03.0292 4272 RegFilter - ok
16:32:03.0323 4272 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
16:32:03.0339 4272 RemoteAccess - ok
16:32:03.0370 4272 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
16:32:03.0370 4272 RemoteRegistry - ok
16:32:03.0385 4272 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
16:32:03.0385 4272 RpcLocator - ok
16:32:03.0464 4272 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
16:32:03.0464 4272 RpcSs - ok
16:32:03.0495 4272 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
16:32:03.0495 4272 RSVP - ok
16:32:03.0542 4272 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
16:32:03.0542 4272 SamSs - ok
16:32:03.0542 4272 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
16:32:03.0557 4272 SCardSvr - ok
16:32:03.0589 4272 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
16:32:03.0589 4272 Schedule - ok
16:32:03.0635 4272 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:32:03.0635 4272 Secdrv - ok
16:32:03.0667 4272 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
16:32:03.0667 4272 seclogon - ok
16:32:03.0745 4272 [ CA9C2939BDFC5B77D73E3B07C8805C59 ] SecureUpdateSvc C:\Program Files\Secure Speed Dial\IE\SecureUpdate.exe
16:32:03.0760 4272 SecureUpdateSvc - ok
16:32:03.0776 4272 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
16:32:03.0776 4272 SENS - ok
16:32:03.0807 4272 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
16:32:03.0807 4272 serenum - ok
16:32:03.0823 4272 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
16:32:03.0823 4272 Serial - ok
16:32:03.0854 4272 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
16:32:03.0854 4272 Sfloppy - ok
16:32:03.0917 4272 [ C950D0381B42A54541CD55ADCCF3D75B ] SgtSch2Svc C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
16:32:03.0917 4272 SgtSch2Svc - ok
16:32:03.0948 4272 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
16:32:03.0964 4272 SharedAccess - ok
16:32:03.0979 4272 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
16:32:03.0979 4272 ShellHWDetection - ok
16:32:03.0979 4272 Simbad - ok
16:32:04.0010 4272 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
16:32:04.0010 4272 sisagp - ok
16:32:04.0057 4272 [ 98B44C15B4EED76AA8DCCB64A4CA11AF ] snapman C:\WINDOWS\system32\DRIVERS\snapman.sys
16:32:04.0057 4272 snapman - ok
16:32:04.0089 4272 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
16:32:04.0104 4272 Sparrow - ok
16:32:04.0120 4272 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
16:32:04.0120 4272 splitter - ok
16:32:04.0167 4272 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
16:32:04.0167 4272 Spooler - ok
16:32:04.0167 4272 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
16:32:04.0182 4272 sr - ok
16:32:04.0198 4272 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
16:32:04.0198 4272 srservice - ok
16:32:04.0229 4272 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
16:32:04.0229 4272 Srv - ok
16:32:04.0260 4272 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
16:32:04.0276 4272 SSDPSRV - ok
16:32:04.0323 4272 [ 2A2DC39623ADEF8AB3703AB9FAC4B440 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
16:32:04.0339 4272 STHDA - ok
16:32:04.0385 4272 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
16:32:04.0385 4272 StillCam - ok
16:32:04.0432 4272 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
16:32:04.0432 4272 stisvc - ok
16:32:04.0448 4272 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
16:32:04.0464 4272 swenum - ok
16:32:04.0479 4272 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
16:32:04.0479 4272 swmidi - ok
16:32:04.0479 4272 SwPrv - ok
16:32:04.0526 4272 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
16:32:04.0526 4272 symc810 - ok
16:32:04.0542 4272 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
16:32:04.0542 4272 symc8xx - ok
16:32:04.0557 4272 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
16:32:04.0573 4272 sym_hi - ok
16:32:04.0573 4272 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
16:32:04.0589 4272 sym_u3 - ok
16:32:04.0620 4272 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
16:32:04.0620 4272 sysaudio - ok
16:32:04.0635 4272 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
16:32:04.0651 4272 SysmonLog - ok
16:32:04.0651 4272 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
16:32:04.0667 4272 TapiSrv - ok
16:32:04.0698 4272 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:32:04.0714 4272 Tcpip - ok
16:32:04.0760 4272 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
16:32:04.0760 4272 TDPIPE - ok
16:32:04.0792 4272 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
16:32:04.0792 4272 TDTCP - ok
16:32:04.0823 4272 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
16:32:04.0839 4272 TermDD - ok
16:32:04.0854 4272 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
16:32:04.0854 4272 TermService - ok
16:32:04.0870 4272 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
16:32:04.0870 4272 Themes - ok
16:32:04.0917 4272 [ D8A96D0E25D43FDAC3BED09ADF39FDE9 ] timounter C:\WINDOWS\system32\DRIVERS\timntr.sys
16:32:04.0932 4272 timounter - ok
16:32:04.0964 4272 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
16:32:04.0979 4272 TlntSvr - ok
16:32:05.0010 4272 [ DF8444A8FA8FD38D8848BDD40A8403B3 ] tmcomm C:\WINDOWS\system32\drivers\tmcomm.sys
16:32:05.0010 4272 tmcomm - ok
16:32:05.0026 4272 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
16:32:05.0042 4272 TosIde - ok
16:32:05.0073 4272 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
16:32:05.0089 4272 TrkWks - ok
16:32:05.0104 4272 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
16:32:05.0104 4272 Udfs - ok
16:32:05.0135 4272 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
16:32:05.0135 4272 ultra - ok
16:32:05.0182 4272 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
16:32:05.0182 4272 Update - ok
16:32:05.0213 4272 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
16:32:05.0213 4272 upnphost - ok
16:32:05.0260 4272 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
16:32:05.0260 4272 UPS - ok
16:32:05.0292 4272 [ B1C51A3CB466C0C4AFA54F0FA199F6B8 ] UrlFilter C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys
16:32:05.0292 4272 UrlFilter - ok
16:32:05.0338 4272 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
16:32:05.0338 4272 USBAAPL - ok
16:32:05.0370 4272 [ 1B611611C28D2DF25BC057D79C6F13FC ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:32:05.0385 4272 usbccgp - ok
16:32:05.0401 4272 usbcm - ok
16:32:05.0432 4272 [ 4BAC8DF07F1D8434FC640E677A62204E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:32:05.0432 4272 usbehci - ok
16:32:05.0448 4272 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:32:05.0448 4272 usbhub - ok
16:32:05.0463 4272 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:32:05.0463 4272 usbprint - ok
16:32:05.0495 4272 [ F8EDE2B6928970DCE3D5614C27D9E7F6 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:32:05.0495 4272 usbscan - ok
16:32:05.0510 4272 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:32:05.0510 4272 USBSTOR - ok
16:32:05.0542 4272 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:32:05.0542 4272 usbuhci - ok
16:32:05.0542 4272 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
16:32:05.0557 4272 VgaSave - ok
16:32:05.0588 4272 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
16:32:05.0588 4272 viaagp - ok
16:32:05.0604 4272 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
16:32:05.0604 4272 ViaIde - ok
16:32:05.0651 4272 [ 149EC3E217F9D11E9CA6C54CE3D70C73 ] vididr C:\WINDOWS\system32\DRIVERS\vididr.sys
16:32:05.0651 4272 vididr - ok
16:32:05.0682 4272 [ E31E9CD40677B84B3ADAA7A0D80DC439 ] vidsflt53 C:\WINDOWS\system32\DRIVERS\vsflt53.sys
16:32:05.0682 4272 vidsflt53 - ok
16:32:05.0698 4272 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
16:32:05.0698 4272 VolSnap - ok
16:32:05.0729 4272 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
16:32:05.0745 4272 VSS - ok
16:32:05.0760 4272 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
16:32:05.0776 4272 w32time - ok
16:32:05.0823 4272 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:32:05.0823 4272 Wanarp - ok
16:32:05.0838 4272 wanatw - ok
16:32:05.0870 4272 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\WINDOWS\system32\DRIVERS\wdcsam.sys
16:32:05.0870 4272 WDC_SAM - ok
16:32:05.0885 4272 WDICA - ok
16:32:05.0901 4272 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
16:32:05.0901 4272 wdmaud - ok
16:32:05.0917 4272 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
16:32:05.0932 4272 WebClient - ok
16:32:05.0995 4272 [ F59ED5A43B988A18EF582BB07B2327A7 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
16:32:05.0995 4272 winachsf - ok
16:32:06.0073 4272 [ F45DD1E1365D857DD08BC23563370D0E ] WinDefend C:\Program Files\Windows Defender\MsMpEng.exe
16:32:06.0073 4272 WinDefend - ok
16:32:06.0135 4272 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
16:32:06.0151 4272 winmgmt - ok
16:32:06.0213 4272 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
16:32:06.0229 4272 WinRM - ok
16:32:06.0323 4272 [ BC3ECBCB40147BDAE3AD2FD0B4B346D8 ] WmBEnum C:\WINDOWS\system32\drivers\WmBEnum.sys
16:32:06.0323 4272 WmBEnum - ok
16:32:06.0354 4272 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
16:32:06.0354 4272 WmdmPmSN - ok
16:32:06.0370 4272 [ 19F9881D8B3484FEDB605D0216876898 ] WmFilter C:\WINDOWS\system32\drivers\WmFilter.sys
16:32:06.0370 4272 WmFilter - ok
16:32:06.0417 4272 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
16:32:06.0417 4272 Wmi - ok
16:32:06.0463 4272 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:32:06.0463 4272 WmiApSrv - ok
16:32:06.0526 4272 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
16:32:06.0542 4272 WMPNetworkSvc - ok
16:32:06.0557 4272 [ 7A51545A6409A25EEDBDBD97D019E8CC ] WmVirHid C:\WINDOWS\system32\drivers\WmVirHid.sys
16:32:06.0573 4272 WmVirHid - ok
16:32:06.0604 4272 [ 1F083B3BC73017E60C3CA85CF4A70753 ] WmXlCore C:\WINDOWS\system32\drivers\WmXlCore.sys
16:32:06.0604 4272 WmXlCore - ok
16:32:06.0635 4272 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
16:32:06.0651 4272 WpdUsb - ok
16:32:06.0682 4272 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:32:06.0698 4272 WS2IFSL - ok
16:32:06.0729 4272 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
16:32:06.0729 4272 wscsvc - ok
16:32:06.0760 4272 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
16:32:06.0792 4272 wuauserv - ok
16:32:06.0823 4272 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:32:06.0838 4272 WudfPf - ok
16:32:06.0854 4272 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:32:06.0870 4272 WudfRd - ok
16:32:06.0885 4272 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
16:32:06.0901 4272 WudfSvc - ok
16:32:06.0948 4272 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
16:32:06.0948 4272 WZCSVC - ok
16:32:06.0979 4272 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
16:32:07.0042 4272 xmlprov - ok
16:32:07.0057 4272 ================ Scan global ===============================
16:32:07.0088 4272 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
16:32:07.0104 4272 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
16:32:07.0151 4272 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
16:32:07.0166 4272 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
16:32:07.0166 4272 [Global] - ok
16:32:07.0182 4272 ================ Scan MBR ==================================
16:32:07.0198 4272 [ 5CB90281D1A59B251F6603134774EEC3 ] \Device\Harddisk0\DR0
16:32:07.0354 4272 \Device\Harddisk0\DR0 - ok
16:32:07.0354 4272 ================ Scan VBR ==================================
16:32:07.0354 4272 [ 23FB66AC9808F7118DDB9CE83F1BE91B ] \Device\Harddisk0\DR0\Partition1
16:32:07.0354 4272 \Device\Harddisk0\DR0\Partition1 - ok
16:32:07.0354 4272 ============================================================
16:32:07.0354 4272 Scan finished
16:32:07.0354 4272 ============================================================
16:32:07.0370 5704 Detected object count: 0
16:32:07.0370 5704 Actual detected object count: 0
Kman1566
2014-01-27, 23:39
Found 0 threats
16:30:22.0736 2768 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:30:24.0736 2768 ============================================================
16:30:24.0736 2768 Current date / time: 2014/01/27 16:30:24.0736
16:30:24.0736 2768 SystemInfo:
16:30:24.0736 2768
16:30:24.0736 2768 OS Version: 5.1.2600 ServicePack: 3.0
16:30:24.0736 2768 Product type: Workstation
16:30:24.0736 2768 ComputerName: TOYBOX
16:30:24.0736 2768 UserName: Kevin
16:30:24.0736 2768 Windows directory: C:\WINDOWS
16:30:24.0736 2768 System windows directory: C:\WINDOWS
16:30:24.0736 2768 Processor architecture: Intel x86
16:30:24.0736 2768 Number of processors: 2
16:30:24.0736 2768 Page size: 0x1000
16:30:24.0736 2768 Boot type: Normal boot
16:30:24.0736 2768 ============================================================
16:30:24.0892 2768 BG loaded
16:30:25.0204 2768 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:30:25.0220 2768 ============================================================
16:30:25.0220 2768 \Device\Harddisk0\DR0:
16:30:25.0220 2768 MBR partitions:
16:30:25.0220 2768 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x33800, BlocksNum 0x390BC800
16:30:25.0220 2768 ============================================================
16:30:25.0251 2768 C: <-> \Device\Harddisk0\DR0\Partition1
16:30:25.0251 2768 ============================================================
16:30:25.0251 2768 Initialize success
16:30:25.0251 2768 ============================================================
16:31:53.0652 4272 ============================================================
16:31:53.0652 4272 Scan started
16:31:53.0652 4272 Mode: Manual;
16:31:53.0652 4272 ============================================================
16:31:53.0792 4272 ================ Scan system memory ========================
16:31:53.0808 4272 System memory - ok
16:31:53.0808 4272 ================ Scan services =============================
16:31:54.0449 4272 Abiosdsk - ok
16:31:54.0480 4272 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
16:31:54.0480 4272 abp480n5 - ok
16:31:54.0620 4272 ACDaemon - ok
16:31:54.0652 4272 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:31:54.0652 4272 ACPI - ok
16:31:54.0667 4272 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
16:31:54.0683 4272 ACPIEC - ok
16:31:54.0730 4272 [ 1BA1AB4141A92EB34DA99F1249CA2D4D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:31:54.0730 4272 AdobeFlashPlayerUpdateSvc - ok
16:31:54.0745 4272 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
16:31:54.0761 4272 adpu160m - ok
16:31:54.0917 4272 [ F5456293D2604BCE2BEC07FC6186A341 ] AdvancedSystemCareService7 C:\Documents and Settings\Kevin\My Documents\Downloads\Advanced SystemCare 7\ASCService.exe
16:31:54.0933 4272 AdvancedSystemCareService7 - ok
16:31:54.0949 4272 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
16:31:54.0949 4272 aec - ok
16:31:54.0995 4272 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
16:31:54.0995 4272 AFD - ok
16:31:55.0027 4272 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
16:31:55.0027 4272 agp440 - ok
16:31:55.0042 4272 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
16:31:55.0058 4272 agpCPQ - ok
16:31:55.0074 4272 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
16:31:55.0074 4272 Aha154x - ok
16:31:55.0089 4272 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
16:31:55.0089 4272 aic78u2 - ok
16:31:55.0105 4272 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
16:31:55.0105 4272 aic78xx - ok
16:31:55.0136 4272 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
16:31:55.0136 4272 Alerter - ok
16:31:55.0167 4272 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
16:31:55.0167 4272 ALG - ok
16:31:55.0167 4272 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
16:31:55.0167 4272 AliIde - ok
16:31:55.0199 4272 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
16:31:55.0199 4272 alim1541 - ok
16:31:55.0230 4272 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
16:31:55.0230 4272 amdagp - ok
16:31:55.0245 4272 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
16:31:55.0245 4272 amsint - ok
16:31:55.0292 4272 [ DC45AB27932447B598848B10650313C5 ] APC UPS Service C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
16:31:55.0308 4272 APC UPS Service - ok
16:31:55.0355 4272 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:31:55.0355 4272 Apple Mobile Device - ok
16:31:55.0386 4272 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
16:31:55.0386 4272 AppMgmt - ok
16:31:55.0417 4272 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
16:31:55.0417 4272 asc - ok
16:31:55.0433 4272 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
16:31:55.0433 4272 asc3350p - ok
16:31:55.0433 4272 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
16:31:55.0448 4272 asc3550 - ok
16:31:55.0495 4272 [ B979979AB8027F7F53FB16EC4229B7DB ] Aspi32 C:\WINDOWS\system32\drivers\Aspi32.sys
16:31:55.0495 4272 Aspi32 - ok
16:31:55.0589 4272 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:31:55.0605 4272 aspnet_state - ok
16:31:55.0636 4272 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:31:55.0636 4272 AsyncMac - ok
16:31:55.0652 4272 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
16:31:55.0652 4272 atapi - ok
16:31:55.0652 4272 Atdisk - ok
16:31:55.0667 4272 [ ABC57A6F6070BAF9786C318F59F29F0B ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
16:31:55.0683 4272 Ati HotKey Poller - ok
16:31:55.0745 4272 [ 03621F7F968FF63713943405DEB777F9 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
16:31:55.0761 4272 ati2mtag - ok
16:31:55.0808 4272 [ F9C24D25D9FF29F894995A64812B4D85 ] atksgt C:\WINDOWS\system32\DRIVERS\atksgt.sys
16:31:55.0808 4272 atksgt - ok
16:31:55.0839 4272 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:31:55.0855 4272 Atmarpc - ok
16:31:55.0902 4272 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
16:31:55.0902 4272 AudioSrv - ok
16:31:55.0917 4272 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
16:31:55.0917 4272 audstub - ok
16:31:55.0933 4272 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
16:31:55.0933 4272 Beep - ok
16:31:55.0964 4272 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
16:31:56.0011 4272 BITS - ok
16:31:56.0042 4272 [ 1C87705CCB2F60172B0FC86B5D82F00D ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:31:56.0058 4272 Bonjour Service - ok
16:31:56.0105 4272 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
16:31:56.0105 4272 Browser - ok
16:31:56.0120 4272 bvrp_pci - ok
16:31:56.0167 4272 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
16:31:56.0167 4272 cbidf - ok
16:31:56.0167 4272 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
16:31:56.0167 4272 cbidf2k - ok
16:31:56.0183 4272 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
16:31:56.0183 4272 cd20xrnt - ok
16:31:56.0214 4272 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
16:31:56.0214 4272 Cdaudio - ok
16:31:56.0261 4272 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
16:31:56.0261 4272 Cdfs - ok
16:31:56.0308 4272 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:31:56.0308 4272 Cdrom - ok
16:31:56.0339 4272 [ D787C026F15BD8F762AB5829428FAA9C ] cfwids C:\WINDOWS\system32\drivers\cfwids.sys
16:31:56.0339 4272 cfwids - ok
16:31:56.0355 4272 Changer - ok
16:31:56.0386 4272 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
16:31:56.0386 4272 CiSvc - ok
16:31:56.0402 4272 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
16:31:56.0417 4272 ClipSrv - ok
16:31:56.0448 4272 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:31:56.0448 4272 clr_optimization_v2.0.50727_32 - ok
16:31:56.0480 4272 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
16:31:56.0480 4272 CmdIde - ok
16:31:56.0495 4272 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
16:31:56.0495 4272 Compbatt - ok
16:31:56.0511 4272 COMSysApp - ok
16:31:56.0558 4272 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
16:31:56.0558 4272 Cpqarray - ok
16:31:56.0573 4272 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
16:31:56.0589 4272 CryptSvc - ok
16:31:56.0620 4272 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
16:31:56.0636 4272 dac2w2k - ok
16:31:56.0652 4272 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
16:31:56.0652 4272 dac960nt - ok
16:31:56.0698 4272 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
16:31:56.0698 4272 DcomLaunch - ok
16:31:56.0714 4272 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
16:31:56.0714 4272 Dhcp - ok
16:31:56.0730 4272 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
16:31:56.0730 4272 Disk - ok
16:31:56.0792 4272 [ D8D58A84F3ECE3359DF95FD2E459B330 ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS
16:31:56.0792 4272 DLABOIOM - ok
16:31:56.0792 4272 [ EC6AE8BC9F773382D2EED49E4DFDAE2A ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
16:31:56.0808 4272 DLACDBHM - ok
16:31:56.0808 4272 [ 27C78078BD9C4F2DE2AD3EB04BFE101B ] DLADResN C:\WINDOWS\system32\DLA\DLADResN.SYS
16:31:56.0808 4272 DLADResN - ok
16:31:56.0823 4272 [ 7F2D93E560B763EF5D11422D78DA8ED0 ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
16:31:56.0823 4272 DLAIFS_M - ok
16:31:56.0823 4272 [ F643637DE6AAC57E38D197AA63D9EA74 ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
16:31:56.0839 4272 DLAOPIOM - ok
16:31:56.0839 4272 [ 340705474807F57A46D59D18FC2959F1 ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS
16:31:56.0839 4272 DLAPoolM - ok
16:31:56.0855 4272 [ 0605B66052F82B6F07204DBDB61C13FF ] DLARTL_N C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
16:31:56.0855 4272 DLARTL_N - ok
16:31:56.0855 4272 [ 6984EA763907C045CE813468882BC587 ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
16:31:56.0855 4272 DLAUDFAM - ok
16:31:56.0870 4272 [ 12B30C449CFD36ADBED53EB6560933C6 ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
16:31:56.0870 4272 DLAUDF_M - ok
16:31:56.0870 4272 dlcd_device - ok
16:31:56.0886 4272 dmadmin - ok
16:31:56.0917 4272 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
16:31:56.0933 4272 dmboot - ok
16:31:56.0933 4272 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
16:31:56.0933 4272 dmio - ok
16:31:56.0948 4272 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
16:31:56.0948 4272 dmload - ok
16:31:56.0980 4272 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
16:31:56.0995 4272 dmserver - ok
16:31:56.0995 4272 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
16:31:56.0995 4272 DMusic - ok
16:31:57.0058 4272 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
16:31:57.0058 4272 Dnscache - ok
16:31:57.0089 4272 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
16:31:57.0089 4272 Dot3svc - ok
16:31:57.0105 4272 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
16:31:57.0105 4272 dpti2o - ok
16:31:57.0136 4272 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
16:31:57.0136 4272 drmkaud - ok
16:31:57.0152 4272 [ FD0F95981FEF9073659D8EC58E40AA3C ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
16:31:57.0152 4272 DRVMCDB - ok
16:31:57.0167 4272 [ B4869D320428CDC5EC4D7F5E808E99B5 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
16:31:57.0167 4272 DRVNDDM - ok
16:31:57.0214 4272 [ FE80901578E7E3DA70299A5AEB2B7FBD ] DSBrokerService C:\Program Files\DellSupport\brkrsvc.exe
16:31:57.0214 4272 DSBrokerService - ok
16:31:57.0245 4272 [ 413F2D5F9D802688242C23B38F767ECB ] DSproct C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
16:31:57.0245 4272 DSproct - ok
16:31:57.0292 4272 [ DFEABB7CFFFADEA4A912AB95BDC3177A ] dsunidrv C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
16:31:57.0292 4272 dsunidrv - ok
16:31:57.0323 4272 [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
16:31:57.0323 4272 E100B - ok
16:31:57.0355 4272 [ D334D3052BDD61F8A5F0A59D31466BAC ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
16:31:57.0355 4272 e1express - ok
16:31:57.0401 4272 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
16:31:57.0401 4272 EapHost - ok
16:31:57.0448 4272 [ 5D1347AA5AE6E2F77D7F4F8372D95AC9 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
16:31:57.0464 4272 ehRecvr - ok
16:31:57.0464 4272 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
16:31:57.0464 4272 ehSched - ok
16:31:57.0511 4272 [ 1976FEDF6D7F87135C9B7F5CB4C8C868 ] ELacpi C:\WINDOWS\system32\DRIVERS\ELacpi.sys
16:31:57.0511 4272 ELacpi - ok
16:31:57.0526 4272 [ AE65C02444907966378454138B9F99F0 ] ELhid C:\WINDOWS\system32\DRIVERS\ELhid.sys
16:31:57.0542 4272 ELhid - ok
16:31:57.0542 4272 [ E485C3BA1DADDEEF3E14FEA1E8FDA6E1 ] ELkbd C:\WINDOWS\system32\DRIVERS\ELkbd.sys
16:31:57.0542 4272 ELkbd - ok
16:31:57.0542 4272 [ 0D87CB825ED6CB2EBCC147A10A42F1D6 ] ELmon C:\WINDOWS\system32\DRIVERS\ELmon.sys
16:31:57.0558 4272 ELmon - ok
16:31:57.0558 4272 [ A4ADD3847B67BACAB6FC851A2B60FDB3 ] ELmou C:\WINDOWS\system32\DRIVERS\ELmou.sys
16:31:57.0558 4272 ELmou - ok
16:31:57.0605 4272 [ D1DE16926C682DCD3D99AE5500CA5522 ] ELService C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
16:31:57.0605 4272 ELService - ok
16:31:57.0636 4272 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
16:31:57.0636 4272 ERSvc - ok
16:31:57.0683 4272 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
16:31:57.0698 4272 Eventlog - ok
16:31:57.0714 4272 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\Es.dll
16:31:57.0714 4272 EventSystem - ok
16:31:57.0761 4272 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
16:31:57.0761 4272 Fastfat - ok
16:31:57.0808 4272 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
16:31:57.0823 4272 FastUserSwitchingCompatibility - ok
16:31:57.0839 4272 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
16:31:57.0855 4272 Fdc - ok
16:31:57.0980 4272 [ 9840396B26E424046AD335C98B3F16C3 ] FileMonitor C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys
16:31:57.0995 4272 FileMonitor - ok
16:31:58.0026 4272 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
16:31:58.0042 4272 Fips - ok
16:31:58.0058 4272 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:31:58.0058 4272 Flpydisk - ok
16:31:58.0089 4272 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
16:31:58.0089 4272 FltMgr - ok
16:31:58.0167 4272 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:31:58.0167 4272 FontCache3.0.0.0 - ok
16:31:58.0183 4272 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:31:58.0183 4272 Fs_Rec - ok
16:31:58.0214 4272 [ B283F1BC1FF852BD232449A4B3E3CE63 ] FTDIBUS C:\WINDOWS\system32\drivers\ftdibus.sys
16:31:58.0230 4272 FTDIBUS - ok
16:31:58.0245 4272 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:31:58.0245 4272 Ftdisk - ok
16:31:58.0292 4272 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:31:58.0292 4272 Gpc - ok
16:31:58.0308 4272 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:31:58.0308 4272 HDAudBus - ok
16:31:58.0370 4272 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:31:58.0370 4272 helpsvc - ok
16:31:58.0401 4272 [ 748031FF4FE45CCC47546294905FEAB8 ] HidBatt C:\WINDOWS\system32\DRIVERS\HidBatt.sys
16:31:58.0401 4272 HidBatt - ok
16:31:58.0433 4272 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
16:31:58.0433 4272 HidServ - ok
16:31:58.0448 4272 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:31:58.0448 4272 HidUsb - ok
16:31:58.0511 4272 [ 156765F692192EA9039A6C4A809312FD ] HipShieldK C:\WINDOWS\system32\drivers\HipShieldK.sys
16:31:58.0511 4272 HipShieldK - ok
16:31:58.0542 4272 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
16:31:58.0558 4272 hkmsvc - ok
16:31:58.0667 4272 [ 5007E21208DA68F60EBF43352BDFE6D0 ] HomeNetSvc C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
16:31:58.0667 4272 HomeNetSvc - ok
16:31:58.0683 4272 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
16:31:58.0698 4272 hpn - ok
16:31:58.0730 4272 [ 77E4FF0B73BC0AEAAF39BF0C8104231F ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
16:31:58.0730 4272 HSFHWBS2 - ok
16:31:58.0745 4272 [ 60E1604729A15EF4A3B05F298427B3B1 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
16:31:58.0761 4272 HSF_DP - ok
16:31:58.0808 4272 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
16:31:58.0808 4272 HTTP - ok
16:31:58.0855 4272 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
16:31:58.0855 4272 HTTPFilter - ok
16:31:58.0870 4272 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
16:31:58.0886 4272 i2omgmt - ok
16:31:58.0901 4272 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
16:31:58.0901 4272 i2omp - ok
16:31:58.0917 4272 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:31:58.0917 4272 i8042prt - ok
16:31:58.0964 4272 [ D43E91E271C041BB86A6223462A41D28 ] IAANTMon C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
16:31:58.0964 4272 IAANTMon - ok
16:31:58.0995 4272 [ 9A65E42664D1534B68512CAAD0EFE963 ] iastor C:\WINDOWS\system32\drivers\iastor.sys
16:31:58.0995 4272 iastor - ok
16:31:59.0073 4272 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
16:31:59.0073 4272 IDriverT - ok
16:31:59.0136 4272 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:31:59.0151 4272 idsvc - ok
16:31:59.0198 4272 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
16:31:59.0198 4272 Imapi - ok
16:31:59.0245 4272 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
16:31:59.0245 4272 ImapiService - ok
16:31:59.0276 4272 [ EAEA4B0005869A4ABE6070BD364143B7 ] IMFservice C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
16:31:59.0276 4272 IMFservice - ok
16:31:59.0308 4272 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
16:31:59.0308 4272 ini910u - ok
16:31:59.0323 4272 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
16:31:59.0323 4272 IntelIde - ok
16:31:59.0354 4272 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:31:59.0370 4272 intelppm - ok
16:31:59.0386 4272 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
16:31:59.0386 4272 Ip6Fw - ok
16:31:59.0417 4272 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:31:59.0417 4272 IpFilterDriver - ok
16:31:59.0433 4272 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:31:59.0433 4272 IpInIp - ok
16:31:59.0464 4272 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:31:59.0464 4272 IpNat - ok
16:31:59.0479 4272 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:31:59.0495 4272 IPSec - ok
16:31:59.0511 4272 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
16:31:59.0526 4272 IRENUM - ok
16:31:59.0558 4272 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:31:59.0558 4272 isapnp - ok
16:31:59.0589 4272 [ 4AC11B2250106774F694DF2DB4FFED61 ] Iviaspi C:\WINDOWS\system32\drivers\iviaspi.sys
16:31:59.0604 4272 Iviaspi - ok
16:31:59.0651 4272 [ 4F2143570D2250CA4C4A4C98553C82CD ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
16:31:59.0651 4272 JavaQuickStarterService - ok
16:31:59.0667 4272 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:31:59.0667 4272 Kbdclass - ok
16:31:59.0683 4272 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:31:59.0683 4272 kbdhid - ok
16:31:59.0729 4272 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
16:31:59.0729 4272 kmixer - ok
16:31:59.0745 4272 KodakCCS - ok
16:31:59.0761 4272 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
16:31:59.0776 4272 KSecDD - ok
16:31:59.0808 4272 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
16:31:59.0808 4272 lanmanserver - ok
16:31:59.0839 4272 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
16:31:59.0854 4272 lanmanworkstation - ok
16:31:59.0854 4272 lbrtfdc - ok
16:31:59.0886 4272 [ AC05A1B5C66D693B1598FD83617D1820 ] LHidUsb C:\WINDOWS\system32\Drivers\LHidUsb.Sys
16:31:59.0901 4272 LHidUsb - ok
16:31:59.0917 4272 [ 8CCF9ED46D52AF1375875F74A91FFACF ] lirsgt C:\WINDOWS\system32\DRIVERS\lirsgt.sys
16:31:59.0917 4272 lirsgt - ok
16:31:59.0964 4272 [ 935E2093CEED8198C820B7F60BB63167 ] LiveUpdateSvc C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
16:31:59.0979 4272 LiveUpdateSvc - ok
16:32:00.0026 4272 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
16:32:00.0026 4272 LmHosts - ok
16:32:00.0104 4272 [ 5467B4D77044E4FF56E8FEB9D2F6FE5A ] McAPExe C:\Program Files\McAfee\MSC\McAPExe.exe
16:32:00.0120 4272 McAPExe - ok
16:32:00.0136 4272 [ 5007E21208DA68F60EBF43352BDFE6D0 ] mcbootdelaystartsvc C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
16:32:00.0136 4272 mcbootdelaystartsvc - ok
16:32:00.0151 4272 [ 5007E21208DA68F60EBF43352BDFE6D0 ] McMPFSvc C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
16:32:00.0151 4272 McMPFSvc - ok
16:32:00.0151 4272 [ 5007E21208DA68F60EBF43352BDFE6D0 ] McNaiAnn C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
16:32:00.0151 4272 McNaiAnn - ok
16:32:00.0214 4272 [ 3A01047FFF666D33EBDE3513D20DA1F5 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
16:32:00.0214 4272 McODS - ok
16:32:00.0229 4272 [ 5007E21208DA68F60EBF43352BDFE6D0 ] mcpltsvc C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
16:32:00.0229 4272 mcpltsvc - ok
16:32:00.0229 4272 [ 5007E21208DA68F60EBF43352BDFE6D0 ] McProxy C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
16:32:00.0229 4272 McProxy - ok
16:32:00.0292 4272 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
16:32:00.0292 4272 McrdSvc - ok
16:32:00.0354 4272 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
16:32:00.0354 4272 MDM - ok
16:32:00.0370 4272 [ EEAEA6514BA7C9D273B5E87C4E1AAB30 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
16:32:00.0370 4272 mdmxsdk - ok
16:32:00.0401 4272 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
16:32:00.0401 4272 Messenger - ok
16:32:00.0448 4272 [ 75A2B9F70B77AA3DB15E96BDAAE484A2 ] mfeapfk C:\WINDOWS\system32\drivers\mfeapfk.sys
16:32:00.0448 4272 mfeapfk - ok
16:32:00.0464 4272 [ 070850EFFC731B4A22FB7DDEAD41B943 ] mfeavfk C:\WINDOWS\system32\drivers\mfeavfk.sys
16:32:00.0464 4272 mfeavfk - ok
16:32:00.0479 4272 [ FC28E41FE9D4F3283FB41717C0BF0109 ] mfebopk C:\WINDOWS\system32\drivers\mfebopk.sys
16:32:00.0495 4272 mfebopk - ok
16:32:00.0542 4272 [ A507872B611576AF33BCF473231391F9 ] mfecore C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
16:32:00.0542 4272 mfecore - ok
16:32:00.0589 4272 [ 7A9F90099CBF6FA6D4011E10F36EF0C7 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
16:32:00.0589 4272 mfefire - ok
16:32:00.0604 4272 [ 768AA2C44C589EA27E80E4EC05BD5F76 ] mfefirek C:\WINDOWS\system32\drivers\mfefirek.sys
16:32:00.0620 4272 mfefirek - ok
16:32:00.0667 4272 [ 24E6ABD47FD50FC187FFC3583A14F339 ] mfehidk C:\WINDOWS\system32\drivers\mfehidk.sys
16:32:00.0683 4272 mfehidk - ok
16:32:00.0698 4272 [ 286C46ADBF17272A479C91116FA50524 ] mfencbdc C:\WINDOWS\system32\DRIVERS\mfencbdc.sys
16:32:00.0714 4272 mfencbdc - ok
16:32:00.0745 4272 [ 0C9EA2919A7EB871FF9BAFB3A11C145E ] mfencrk C:\WINDOWS\system32\DRIVERS\mfencrk.sys
16:32:00.0745 4272 mfencrk - ok
16:32:00.0745 4272 [ B475C9545475B44EA23CE22119149440 ] mfendisk C:\WINDOWS\system32\DRIVERS\mfendisk.sys
16:32:00.0761 4272 mfendisk - ok
16:32:00.0761 4272 [ B475C9545475B44EA23CE22119149440 ] mfendiskmp C:\WINDOWS\system32\DRIVERS\mfendisk.sys
16:32:00.0761 4272 mfendiskmp - ok
16:32:00.0776 4272 [ E487B1ABF6B4E17AEE023022FA927841 ] mfetdi2k C:\WINDOWS\system32\drivers\mfetdi2k.sys
16:32:00.0776 4272 mfetdi2k - ok
16:32:00.0792 4272 [ A1262E7DC2394EA04AB97D48752F7332 ] mfevtp C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
16:32:00.0792 4272 mfevtp - ok
16:32:00.0823 4272 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
16:32:00.0823 4272 MHN - ok
16:32:00.0839 4272 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
16:32:00.0839 4272 MHNDRV - ok
16:32:00.0870 4272 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
16:32:00.0886 4272 mnmdd - ok
16:32:00.0901 4272 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
16:32:00.0917 4272 mnmsrvc - ok
16:32:00.0933 4272 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
16:32:00.0933 4272 Modem - ok
16:32:00.0948 4272 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
16:32:00.0964 4272 MODEMCSA - ok
16:32:00.0964 4272 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:32:00.0964 4272 Mouclass - ok
16:32:01.0011 4272 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:32:01.0011 4272 mouhid - ok
16:32:01.0026 4272 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
16:32:01.0026 4272 MountMgr - ok
16:32:01.0058 4272 [ 3B9398E0146855B1DC0E3D9769C80F01 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:32:01.0058 4272 MozillaMaintenance - ok
16:32:01.0089 4272 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
16:32:01.0089 4272 mraid35x - ok
16:32:01.0104 4272 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:32:01.0120 4272 MRxDAV - ok
16:32:01.0167 4272 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:32:01.0183 4272 MRxSmb - ok
16:32:01.0214 4272 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
16:32:01.0214 4272 MSDTC - ok
16:32:01.0229 4272 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
16:32:01.0229 4272 Msfs - ok
16:32:01.0229 4272 MSIServer - ok
16:32:01.0276 4272 [ 5007E21208DA68F60EBF43352BDFE6D0 ] MSK80Service C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
16:32:01.0276 4272 MSK80Service - ok
16:32:01.0307 4272 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:32:01.0307 4272 MSKSSRV - ok
16:32:01.0339 4272 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:32:01.0339 4272 MSPCLOCK - ok
16:32:01.0354 4272 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
16:32:01.0354 4272 MSPQM - ok
16:32:01.0386 4272 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:32:01.0386 4272 mssmbios - ok
16:32:01.0432 4272 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
16:32:01.0432 4272 Mup - ok
16:32:01.0464 4272 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
16:32:01.0479 4272 napagent - ok
16:32:01.0479 4272 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
16:32:01.0479 4272 NDIS - ok
16:32:01.0526 4272 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:32:01.0526 4272 NdisTapi - ok
16:32:01.0542 4272 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:32:01.0542 4272 Ndisuio - ok
16:32:01.0542 4272 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:32:01.0542 4272 NdisWan - ok
16:32:01.0573 4272 [ 2F597BB467E05B1FE3830EABD821B8E0 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
16:32:01.0573 4272 NDProxy - ok
16:32:01.0573 4272 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
16:32:01.0589 4272 NetBIOS - ok
16:32:01.0604 4272 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
16:32:01.0620 4272 NetBT - ok
16:32:01.0636 4272 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
16:32:01.0651 4272 NetDDE - ok
16:32:01.0651 4272 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
16:32:01.0651 4272 NetDDEdsdm - ok
16:32:01.0682 4272 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
16:32:01.0682 4272 Netlogon - ok
16:32:01.0698 4272 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
16:32:01.0698 4272 Netman - ok
16:32:01.0776 4272 [ 9DA26B773BD04B867A8E9F427CD048FC ] NetSvc C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
16:32:01.0792 4272 NetSvc - ok
16:32:01.0807 4272 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:32:01.0823 4272 NetTcpPortSharing - ok
16:32:01.0854 4272 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
16:32:01.0854 4272 Nla - ok
16:32:01.0870 4272 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
16:32:01.0886 4272 Npfs - ok
16:32:01.0901 4272 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
16:32:01.0901 4272 Ntfs - ok
16:32:01.0932 4272 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
16:32:01.0932 4272 NtLmSsp - ok
16:32:01.0964 4272 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
16:32:01.0964 4272 NtmsSvc - ok
16:32:01.0995 4272 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
16:32:01.0995 4272 Null - ok
16:32:02.0042 4272 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:32:02.0073 4272 nv - ok
16:32:02.0089 4272 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:32:02.0089 4272 NwlnkFlt - ok
16:32:02.0120 4272 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:32:02.0120 4272 NwlnkFwd - ok
16:32:02.0151 4272 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:32:02.0151 4272 ose - ok
16:32:02.0198 4272 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
16:32:02.0198 4272 Parport - ok
16:32:02.0229 4272 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
16:32:02.0229 4272 PartMgr - ok
16:32:02.0276 4272 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
16:32:02.0276 4272 ParVdm - ok
16:32:02.0276 4272 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
16:32:02.0292 4272 PCI - ok
16:32:02.0292 4272 PCIDump - ok
16:32:02.0307 4272 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
16:32:02.0307 4272 PCIIde - ok
16:32:02.0339 4272 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
16:32:02.0339 4272 Pcmcia - ok
16:32:02.0386 4272 [ C3224A794B4FE2F6D0D5434A9FCAD26D ] Pcouffin C:\WINDOWS\system32\Drivers\Pcouffin.sys
16:32:02.0386 4272 Pcouffin - ok
16:32:02.0386 4272 PDCOMP - ok
16:32:02.0401 4272 PDFRAME - ok
16:32:02.0401 4272 PDRELI - ok
16:32:02.0417 4272 PDRFRAME - ok
16:32:02.0448 4272 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
16:32:02.0448 4272 perc2 - ok
16:32:02.0464 4272 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
16:32:02.0464 4272 perc2hib - ok
16:32:02.0620 4272 [ F042EE4C8D66248D9B86DCF52ABAE416 ] PEVSystemStart C:\ComboFix\pev.3XE
16:32:02.0620 4272 PEVSystemStart - ok
16:32:02.0636 4272 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
16:32:02.0651 4272 PlugPlay - ok
16:32:02.0651 4272 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
16:32:02.0651 4272 PolicyAgent - ok
16:32:02.0682 4272 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:32:02.0698 4272 PptpMiniport - ok
16:32:02.0698 4272 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
16:32:02.0698 4272 ProtectedStorage - ok
16:32:02.0714 4272 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
16:32:02.0714 4272 PSched - ok
16:32:02.0745 4272 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:32:02.0745 4272 Ptilink - ok
16:32:02.0776 4272 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
16:32:02.0792 4272 ql1080 - ok
16:32:02.0807 4272 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
16:32:02.0823 4272 Ql10wnt - ok
16:32:02.0839 4272 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
16:32:02.0839 4272 ql12160 - ok
16:32:02.0854 4272 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
16:32:02.0854 4272 ql1240 - ok
16:32:02.0870 4272 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
16:32:02.0870 4272 ql1280 - ok
16:32:02.0901 4272 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:32:02.0901 4272 RasAcd - ok
16:32:02.0964 4272 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
16:32:02.0964 4272 RasAuto - ok
16:32:02.0979 4272 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:32:02.0995 4272 Rasl2tp - ok
16:32:03.0042 4272 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
16:32:03.0042 4272 RasMan - ok
16:32:03.0042 4272 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:32:03.0057 4272 RasPppoe - ok
16:32:03.0057 4272 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
16:32:03.0057 4272 Raspti - ok
16:32:03.0073 4272 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:32:03.0073 4272 Rdbss - ok
16:32:03.0089 4272 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:32:03.0089 4272 RDPCDD - ok
16:32:03.0120 4272 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:32:03.0120 4272 rdpdr - ok
16:32:03.0167 4272 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
16:32:03.0182 4272 RDPWD - ok
16:32:03.0198 4272 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
16:32:03.0198 4272 RDSessMgr - ok
16:32:03.0245 4272 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
16:32:03.0245 4272 redbook - ok
16:32:03.0292 4272 [ 69AA6AF470BA8D8CE13FA45DE0D49C1C ] RegFilter C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys
16:32:03.0292 4272 RegFilter - ok
16:32:03.0323 4272 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
16:32:03.0339 4272 RemoteAccess - ok
16:32:03.0370 4272 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
16:32:03.0370 4272 RemoteRegistry - ok
16:32:03.0385 4272 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
16:32:03.0385 4272 RpcLocator - ok
16:32:03.0464 4272 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
16:32:03.0464 4272 RpcSs - ok
16:32:03.0495 4272 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
16:32:03.0495 4272 RSVP - ok
16:32:03.0542 4272 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
16:32:03.0542 4272 SamSs - ok
16:32:03.0542 4272 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
16:32:03.0557 4272 SCardSvr - ok
16:32:03.0589 4272 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
16:32:03.0589 4272 Schedule - ok
16:32:03.0635 4272 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:32:03.0635 4272 Secdrv - ok
16:32:03.0667 4272 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
16:32:03.0667 4272 seclogon - ok
16:32:03.0745 4272 [ CA9C2939BDFC5B77D73E3B07C8805C59 ] SecureUpdateSvc C:\Program Files\Secure Speed Dial\IE\SecureUpdate.exe
16:32:03.0760 4272 SecureUpdateSvc - ok
16:32:03.0776 4272 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
16:32:03.0776 4272 SENS - ok
16:32:03.0807 4272 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
16:32:03.0807 4272 serenum - ok
16:32:03.0823 4272 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
16:32:03.0823 4272 Serial - ok
16:32:03.0854 4272 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
16:32:03.0854 4272 Sfloppy - ok
16:32:03.0917 4272 [ C950D0381B42A54541CD55ADCCF3D75B ] SgtSch2Svc C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
16:32:03.0917 4272 SgtSch2Svc - ok
16:32:03.0948 4272 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
16:32:03.0964 4272 SharedAccess - ok
16:32:03.0979 4272 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
16:32:03.0979 4272 ShellHWDetection - ok
16:32:03.0979 4272 Simbad - ok
16:32:04.0010 4272 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
16:32:04.0010 4272 sisagp - ok
16:32:04.0057 4272 [ 98B44C15B4EED76AA8DCCB64A4CA11AF ] snapman C:\WINDOWS\system32\DRIVERS\snapman.sys
16:32:04.0057 4272 snapman - ok
16:32:04.0089 4272 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
16:32:04.0104 4272 Sparrow - ok
16:32:04.0120 4272 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
16:32:04.0120 4272 splitter - ok
16:32:04.0167 4272 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
16:32:04.0167 4272 Spooler - ok
16:32:04.0167 4272 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
16:32:04.0182 4272 sr - ok
16:32:04.0198 4272 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
16:32:04.0198 4272 srservice - ok
16:32:04.0229 4272 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
16:32:04.0229 4272 Srv - ok
16:32:04.0260 4272 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
16:32:04.0276 4272 SSDPSRV - ok
16:32:04.0323 4272 [ 2A2DC39623ADEF8AB3703AB9FAC4B440 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
16:32:04.0339 4272 STHDA - ok
16:32:04.0385 4272 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
16:32:04.0385 4272 StillCam - ok
16:32:04.0432 4272 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
16:32:04.0432 4272 stisvc - ok
16:32:04.0448 4272 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
16:32:04.0464 4272 swenum - ok
16:32:04.0479 4272 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
16:32:04.0479 4272 swmidi - ok
16:32:04.0479 4272 SwPrv - ok
16:32:04.0526 4272 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
16:32:04.0526 4272 symc810 - ok
16:32:04.0542 4272 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
16:32:04.0542 4272 symc8xx - ok
16:32:04.0557 4272 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
16:32:04.0573 4272 sym_hi - ok
16:32:04.0573 4272 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
16:32:04.0589 4272 sym_u3 - ok
16:32:04.0620 4272 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
16:32:04.0620 4272 sysaudio - ok
16:32:04.0635 4272 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
16:32:04.0651 4272 SysmonLog - ok
16:32:04.0651 4272 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
16:32:04.0667 4272 TapiSrv - ok
16:32:04.0698 4272 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:32:04.0714 4272 Tcpip - ok
16:32:04.0760 4272 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
16:32:04.0760 4272 TDPIPE - ok
16:32:04.0792 4272 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
16:32:04.0792 4272 TDTCP - ok
16:32:04.0823 4272 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
16:32:04.0839 4272 TermDD - ok
16:32:04.0854 4272 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
16:32:04.0854 4272 TermService - ok
16:32:04.0870 4272 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
16:32:04.0870 4272 Themes - ok
16:32:04.0917 4272 [ D8A96D0E25D43FDAC3BED09ADF39FDE9 ] timounter C:\WINDOWS\system32\DRIVERS\timntr.sys
16:32:04.0932 4272 timounter - ok
16:32:04.0964 4272 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
16:32:04.0979 4272 TlntSvr - ok
16:32:05.0010 4272 [ DF8444A8FA8FD38D8848BDD40A8403B3 ] tmcomm C:\WINDOWS\system32\drivers\tmcomm.sys
16:32:05.0010 4272 tmcomm - ok
16:32:05.0026 4272 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
16:32:05.0042 4272 TosIde - ok
16:32:05.0073 4272 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
16:32:05.0089 4272 TrkWks - ok
16:32:05.0104 4272 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
16:32:05.0104 4272 Udfs - ok
16:32:05.0135 4272 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
16:32:05.0135 4272 ultra - ok
16:32:05.0182 4272 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
16:32:05.0182 4272 Update - ok
16:32:05.0213 4272 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
16:32:05.0213 4272 upnphost - ok
16:32:05.0260 4272 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
16:32:05.0260 4272 UPS - ok
16:32:05.0292 4272 [ B1C51A3CB466C0C4AFA54F0FA199F6B8 ] UrlFilter C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys
16:32:05.0292 4272 UrlFilter - ok
16:32:05.0338 4272 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
16:32:05.0338 4272 USBAAPL - ok
16:32:05.0370 4272 [ 1B611611C28D2DF25BC057D79C6F13FC ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:32:05.0385 4272 usbccgp - ok
16:32:05.0401 4272 usbcm - ok
16:32:05.0432 4272 [ 4BAC8DF07F1D8434FC640E677A62204E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:32:05.0432 4272 usbehci - ok
16:32:05.0448 4272 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:32:05.0448 4272 usbhub - ok
16:32:05.0463 4272 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:32:05.0463 4272 usbprint - ok
16:32:05.0495 4272 [ F8EDE2B6928970DCE3D5614C27D9E7F6 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:32:05.0495 4272 usbscan - ok
16:32:05.0510 4272 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:32:05.0510 4272 USBSTOR - ok
16:32:05.0542 4272 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:32:05.0542 4272 usbuhci - ok
16:32:05.0542 4272 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
16:32:05.0557 4272 VgaSave - ok
16:32:05.0588 4272 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
16:32:05.0588 4272 viaagp - ok
16:32:05.0604 4272 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
16:32:05.0604 4272 ViaIde - ok
16:32:05.0651 4272 [ 149EC3E217F9D11E9CA6C54CE3D70C73 ] vididr C:\WINDOWS\system32\DRIVERS\vididr.sys
16:32:05.0651 4272 vididr - ok
16:32:05.0682 4272 [ E31E9CD40677B84B3ADAA7A0D80DC439 ] vidsflt53 C:\WINDOWS\system32\DRIVERS\vsflt53.sys
16:32:05.0682 4272 vidsflt53 - ok
16:32:05.0698 4272 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
16:32:05.0698 4272 VolSnap - ok
16:32:05.0729 4272 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
16:32:05.0745 4272 VSS - ok
16:32:05.0760 4272 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
16:32:05.0776 4272 w32time - ok
16:32:05.0823 4272 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:32:05.0823 4272 Wanarp - ok
16:32:05.0838 4272 wanatw - ok
16:32:05.0870 4272 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\WINDOWS\system32\DRIVERS\wdcsam.sys
16:32:05.0870 4272 WDC_SAM - ok
16:32:05.0885 4272 WDICA - ok
16:32:05.0901 4272 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
16:32:05.0901 4272 wdmaud - ok
16:32:05.0917 4272 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
16:32:05.0932 4272 WebClient - ok
16:32:05.0995 4272 [ F59ED5A43B988A18EF582BB07B2327A7 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
16:32:05.0995 4272 winachsf - ok
16:32:06.0073 4272 [ F45DD1E1365D857DD08BC23563370D0E ] WinDefend C:\Program Files\Windows Defender\MsMpEng.exe
16:32:06.0073 4272 WinDefend - ok
16:32:06.0135 4272 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
16:32:06.0151 4272 winmgmt - ok
16:32:06.0213 4272 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
16:32:06.0229 4272 WinRM - ok
16:32:06.0323 4272 [ BC3ECBCB40147BDAE3AD2FD0B4B346D8 ] WmBEnum C:\WINDOWS\system32\drivers\WmBEnum.sys
16:32:06.0323 4272 WmBEnum - ok
16:32:06.0354 4272 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
16:32:06.0354 4272 WmdmPmSN - ok
16:32:06.0370 4272 [ 19F9881D8B3484FEDB605D0216876898 ] WmFilter C:\WINDOWS\system32\drivers\WmFilter.sys
16:32:06.0370 4272 WmFilter - ok
16:32:06.0417 4272 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
16:32:06.0417 4272 Wmi - ok
16:32:06.0463 4272 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:32:06.0463 4272 WmiApSrv - ok
16:32:06.0526 4272 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
16:32:06.0542 4272 WMPNetworkSvc - ok
16:32:06.0557 4272 [ 7A51545A6409A25EEDBDBD97D019E8CC ] WmVirHid C:\WINDOWS\system32\drivers\WmVirHid.sys
16:32:06.0573 4272 WmVirHid - ok
16:32:06.0604 4272 [ 1F083B3BC73017E60C3CA85CF4A70753 ] WmXlCore C:\WINDOWS\system32\drivers\WmXlCore.sys
16:32:06.0604 4272 WmXlCore - ok
16:32:06.0635 4272 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
16:32:06.0651 4272 WpdUsb - ok
16:32:06.0682 4272 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:32:06.0698 4272 WS2IFSL - ok
16:32:06.0729 4272 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
16:32:06.0729 4272 wscsvc - ok
16:32:06.0760 4272 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
16:32:06.0792 4272 wuauserv - ok
16:32:06.0823 4272 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:32:06.0838 4272 WudfPf - ok
16:32:06.0854 4272 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:32:06.0870 4272 WudfRd - ok
16:32:06.0885 4272 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
16:32:06.0901 4272 WudfSvc - ok
16:32:06.0948 4272 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
16:32:06.0948 4272 WZCSVC - ok
16:32:06.0979 4272 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
16:32:07.0042 4272 xmlprov - ok
16:32:07.0057 4272 ================ Scan global ===============================
16:32:07.0088 4272 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
16:32:07.0104 4272 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
16:32:07.0151 4272 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
16:32:07.0166 4272 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
16:32:07.0166 4272 [Global] - ok
16:32:07.0182 4272 ================ Scan MBR ==================================
16:32:07.0198 4272 [ 5CB90281D1A59B251F6603134774EEC3 ] \Device\Harddisk0\DR0
16:32:07.0354 4272 \Device\Harddisk0\DR0 - ok
16:32:07.0354 4272 ================ Scan VBR ==================================
16:32:07.0354 4272 [ 23FB66AC9808F7118DDB9CE83F1BE91B ] \Device\Harddisk0\DR0\Partition1
16:32:07.0354 4272 \Device\Harddisk0\DR0\Partition1 - ok
16:32:07.0354 4272 ============================================================
16:32:07.0354 4272 Scan finished
16:32:07.0354 4272 ============================================================
16:32:07.0370 5704 Detected object count: 0
16:32:07.0370 5704 Actual detected object count: 0
Good, now give Combofix another try
Kman1566
2014-01-28, 00:14
2 more failed attempts at Combofix...After about 2 minutes into the scan windows shuts down... the message was= driver IRQL not less or equal
Physically disconnect from the internet and STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields)
Click on your START button and choose Run. Then copy/paste the entire code in RED (Including the "" marks and the Symbols) into the run box.
Go to http://www.techsupportforum.com/sectools/tetonbob/StartBtn.gif Then Run
"%userprofile%\desktop\combofix.exe" /killall
http://www.techsupportforum.com/sectools/tetonbob/killall.JPG
Click OK and this will start ComboFix in a special way.
When finished, it will produce a log. Please save that log to a Notepad File to post in your next reply .
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
After you have saved the logs, restart your system to re-enable all the programs that were disabled during the running of ComboFix.
Reconnect to the internet
Post the Report
You can find it at C:\ComboFix.txt
Kman1566
2014-01-28, 01:49
windows shut down a couple more times...
First try running Rkill, it wont remove anything but may stop the infection from running Combofix
Please download rkill (Courtesy of Bleepingcomputer.com).
There are 5 different versions of this tool. If one of them will not run, please try the next one in the list.
Note: Vista and Windows 7 Users must right click and select "Run as Administrator" to run the tool.
Note: You only need to get one of the tools to run, not all of them.
1. rkill.exe (http://download.bleepingcomputer.com/grinler/rkill.exe)
2. rkill.com (http://download.bleepingcomputer.com/grinler/rkill.com)
3. rkill.scr (http://download.bleepingcomputer.com/grinler/rkill.scr)
4. WiNlOgOn.exe (http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe)
5. uSeRiNiT.exe (http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe)
Note: You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message.
Run rkill repeatedly until it's able to do it's job. This may take a few tries.
You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.
Then try running CF again
Kman1566
2014-01-28, 05:09
I tried version 1 about 10 times and thought I saw the desktop cycle but during the Combofix scan another windows shut down occured. I restarted and tried version 2 about 15 times and noticed that at the start it lists C:\windows\ehome\ehRecvr.exe and C:\windows\ehome\mcrdsvc.exe are listed with "2 processes terminated" directly underneath EACH TIME Rkill runs. After Rkill completes I do get a message window pop up that says "You should now be able to run your normal security programs so you can scan for computer infections" but the desktop is not cycling on/off.
Have you tried running Combofix again ?
If it still wont run then reboot your system and lets run this program
You dont need the 64 Bit version so download the other one
--RogueKiller--
Download & SAVE to your Desktop RogueKiller (http://tigzy.geekstogo.com/Tools/RogueKillerX64.exe) or 32 BIT (http://tigzy.geekstogo.com/Tools/RogueKiller.exe)
Quit all programs that you may have started.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7, right-click and select "Run as Administrator to start"
For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
Click on "Report" and copy/paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop
Exit/Close RogueKiller+
Kman1566
2014-01-28, 15:08
Yes I did try combofix in the normal NOT special run and windows shut down a couple more times. RogueKiller ran fine, here is the log...
RogueKiller V8.8.4 [Jan 27 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Kevin [Admin rights]
Mode : Scan -- Date : 01/28/2014 08:06:33
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Browser Addons : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
[Inline] IAT @explorer.exe (FindNextFileW) : KERNEL32.dll -> HOOKED (Unknown @ 0x01E40C5E)
[Inline] IAT @explorer.exe (ReadProcessMemory) : KERNEL32.dll -> HOOKED (Unknown @ 0x01510682)
[Inline] IAT @explorer.exe (OpenProcess) : KERNEL32.dll -> HOOKED (Unknown @ 0x0151060B)
[Inline] IAT @explorer.exe (LoadLibraryA) : KERNEL32.dll -> HOOKED (Unknown @ 0x01510AB1)
[Inline] IAT @explorer.exe (CreateProcessW) : KERNEL32.dll -> HOOKED (Unknown @ 0x01E405DC)
[Inline] IAT @explorer.exe (LoadLibraryW) : KERNEL32.dll -> HOOKED (Unknown @ 0x015101DC)
[Inline] IAT @explorer.exe (ShellExecuteExW) : SHELL32.dll -> HOOKED (Unknown @ 0x01E40BE7)
[Inline] IAT @explorer.exe (LoadImageW) : USER32.dll -> HOOKED (Unknown @ 0x01E40B70)
[Inline] EAT @explorer.exe (LdrGetProcedureAddress) : ntdll.dll -> HOOKED (Unknown @ 0x015102CA)
[Inline] EAT @explorer.exe (LdrLoadDll) : ntdll.dll -> HOOKED (Unknown @ 0x01E40400)
[Inline] EAT @explorer.exe (NtProtectVirtualMemory) : ntdll.dll -> HOOKED (Unknown @ 0x01510341)
[Inline] EAT @explorer.exe (NtSetSecurityObject) : ntdll.dll -> HOOKED (Unknown @ 0x01E40477)
[Inline] EAT @explorer.exe (ZwProtectVirtualMemory) : ntdll.dll -> HOOKED (Unknown @ 0x01510341)
[Inline] EAT @explorer.exe (ZwSetSecurityObject) : ntdll.dll -> HOOKED (Unknown @ 0x01E40477)
[Inline] EAT @explorer.exe (CreateFileA) : kernel32.dll -> HOOKED (Unknown @ 0x01E40F28)
[Inline] EAT @explorer.exe (CreatePipe) : kernel32.dll -> HOOKED (Unknown @ 0x01510077)
[Inline] EAT @explorer.exe (CreateProcessA) : kernel32.dll -> HOOKED (Unknown @ 0x01510594)
[Inline] EAT @explorer.exe (CreateProcessW) : kernel32.dll -> HOOKED (Unknown @ 0x01E405DC)
[Inline] EAT @explorer.exe (CreateRemoteThread) : kernel32.dll -> HOOKED (Unknown @ 0x015106F9)
[Inline] EAT @explorer.exe (FindNextFileW) : kernel32.dll -> HOOKED (Unknown @ 0x01E40C5E)
[Inline] EAT @explorer.exe (GetPrivateProfileSectionW) : kernel32.dll -> HOOKED (Unknown @ 0x01E4082F)
[Inline] EAT @explorer.exe (GetStartupInfoA) : kernel32.dll -> HOOKED (Unknown @ 0x015100EE)
[Inline] EAT @explorer.exe (HeapCreate) : kernel32.dll -> HOOKED (Unknown @ 0x01510770)
[Inline] EAT @explorer.exe (LoadLibraryA) : kernel32.dll -> HOOKED (Unknown @ 0x01510AB1)
[Inline] EAT @explorer.exe (LoadLibraryW) : kernel32.dll -> HOOKED (Unknown @ 0x015101DC)
[Inline] EAT @explorer.exe (LoadModule) : kernel32.dll -> HOOKED (Unknown @ 0x01510253)
[Inline] EAT @explorer.exe (OpenProcess) : kernel32.dll -> HOOKED (Unknown @ 0x0151060B)
[Inline] EAT @explorer.exe (PeekNamedPipe) : kernel32.dll -> HOOKED (Unknown @ 0x01510000)
[Inline] EAT @explorer.exe (ReadProcessMemory) : kernel32.dll -> HOOKED (Unknown @ 0x01510682)
[Inline] EAT @explorer.exe (VirtualAllocEx) : kernel32.dll -> HOOKED (Unknown @ 0x0151051D)
[Inline] EAT @explorer.exe (VirtualProtect) : kernel32.dll -> HOOKED (Unknown @ 0x0151042F)
[Inline] EAT @explorer.exe (VirtualProtectEx) : kernel32.dll -> HOOKED (Unknown @ 0x015104A6)
[Inline] EAT @explorer.exe (WinExec) : kernel32.dll -> HOOKED (Unknown @ 0x015103B8)
[Inline] EAT @explorer.exe (NdrServerInitialize) : RPCRT4.dll -> HOOKED (Unknown @ 0x01E40CD5)
[Inline] EAT @explorer.exe (NdrStubCall2) : RPCRT4.dll -> HOOKED (Unknown @ 0x01E40D4C)
[Inline] EAT @explorer.exe (CreateDIBPatternBrushPt) : GDI32.dll -> HOOKED (Unknown @ 0x01E40AF9)
[Inline] EAT @explorer.exe (Escape) : GDI32.dll -> HOOKED (Unknown @ 0x01E407B8)
[Inline] EAT @explorer.exe (GetDIBits) : GDI32.dll -> HOOKED (Unknown @ 0x01E40A0B)
[Inline] EAT @explorer.exe (PlayEnhMetaFileRecord) : GDI32.dll -> HOOKED (Unknown @ 0x01E406CA)
[Inline] EAT @explorer.exe (PlayMetaFileRecord) : GDI32.dll -> HOOKED (Unknown @ 0x01E40653)
[Inline] EAT @explorer.exe (StretchDIBits) : GDI32.dll -> HOOKED (Unknown @ 0x01E40A82)
[Inline] EAT @explorer.exe (LoadImageW) : USER32.dll -> HOOKED (Unknown @ 0x01E40B70)
[Inline] EAT @explorer.exe (SetWindowsHookExA) : USER32.dll -> HOOKED (Unknown @ 0x01E404EE)
[Inline] EAT @explorer.exe (SetWindowsHookExW) : USER32.dll -> HOOKED (Unknown @ 0x01E40565)
[Inline] EAT @explorer.exe (system) : msvcrt.dll -> HOOKED (Unknown @ 0x015107E7)
[Inline] EAT @explorer.exe (CoGetClassObject) : ole32.dll -> HOOKED (Unknown @ 0x01E40994)
[Inline] EAT @explorer.exe (UrlUnescapeA) : SHLWAPI.dll -> HOOKED (Unknown @ 0x01E408A6)
[Inline] EAT @explorer.exe (InternetOpenA) : WININET.dll -> HOOKED (Unknown @ 0x01E40EB1)
[Inline] EAT @explorer.exe (InternetOpenUrlA) : WININET.dll -> HOOKED (Unknown @ 0x01E40E3A)
[Inline] EAT @explorer.exe (InternetReadFile) : WININET.dll -> HOOKED (Unknown @ 0x01E40DC3)
[Inline] EAT @explorer.exe (ShellExecuteExW) : SHELL32.dll -> HOOKED (Unknown @ 0x01E40BE7)
[Inline] EAT @explorer.exe (bind) : WS2_32.dll -> HOOKED (Unknown @ 0x01510B28)
[Inline] EAT @explorer.exe (gethostbyname) : WS2_32.dll -> HOOKED (Unknown @ 0x01E4091D)
[Inline] EAT @explorer.exe (recv) : WS2_32.dll -> HOOKED (Unknown @ 0x01510A3A)
[Inline] EAT @explorer.exe (select) : WS2_32.dll -> HOOKED (Unknown @ 0x015109C3)
[Inline] EAT @explorer.exe (send) : WS2_32.dll -> HOOKED (Unknown @ 0x0151094C)
[Inline] EAT @explorer.exe (socket) : WS2_32.dll -> HOOKED (Unknown @ 0x015108D5)
[Inline] EAT @explorer.exe (CompatFlagsFromClsid) : urlmon.dll -> HOOKED (Unknown @ 0x01E40741)
[Inline] EAT @explorer.exe (system) : MSVCR90.dll -> HOOKED (Unknown @ 0x01510B9F)
[Inline] EAT @explorer.exe (system) : MSVCR80.dll -> HOOKED (Unknown @ 0x01510C16)
[Inline] IAT @firefox.exe (GetProcAddress) : KERNEL32.dll -> HOOKED (Unknown @ 0x003D0A0B)
[Inline] EAT @firefox.exe (LdrGetProcedureAddress) : ntdll.dll -> HOOKED (Unknown @ 0x003D0B70)
[Inline] EAT @firefox.exe (NtProtectVirtualMemory) : ntdll.dll -> HOOKED (Unknown @ 0x003D0BE7)
[Inline] EAT @firefox.exe (NtSetSecurityObject) : ntdll.dll -> HOOKED (Unknown @ 0x003D0477)
[Inline] EAT @firefox.exe (ZwProtectVirtualMemory) : ntdll.dll -> HOOKED (Unknown @ 0x003D0BE7)
[Inline] EAT @firefox.exe (ZwSetSecurityObject) : ntdll.dll -> HOOKED (Unknown @ 0x003D0477)
[Inline] EAT @firefox.exe (CreateFileA) : kernel32.dll -> HOOKED (Unknown @ 0x003D082F)
[Inline] EAT @firefox.exe (CreatePipe) : kernel32.dll -> HOOKED (Unknown @ 0x003D091D)
[Inline] EAT @firefox.exe (CreateProcessA) : kernel32.dll -> HOOKED (Unknown @ 0x003D05DC)
[Inline] EAT @firefox.exe (CreateProcessW) : kernel32.dll -> HOOKED (Unknown @ 0x003D0653)
[Inline] EAT @firefox.exe (CreateRemoteThread) : kernel32.dll -> HOOKED (Unknown @ 0x003D0F28)
[Inline] EAT @firefox.exe (GetProcAddress) : kernel32.dll -> HOOKED (Unknown @ 0x003D0A0B)
[Inline] EAT @firefox.exe (GetStartupInfoA) : kernel32.dll -> HOOKED (Unknown @ 0x003D0994)
[Inline] EAT @firefox.exe (HeapCreate) : kernel32.dll -> HOOKED (Unknown @ 0x008B0000)
[Inline] EAT @firefox.exe (LoadLibraryA) : kernel32.dll -> HOOKED (Unknown @ 0x008B0077)
[Inline] EAT @firefox.exe (LoadLibraryW) : kernel32.dll -> HOOKED (Unknown @ 0x003D0A82)
[Inline] EAT @firefox.exe (LoadModule) : kernel32.dll -> HOOKED (Unknown @ 0x003D0AF9)
[Inline] EAT @firefox.exe (OpenProcess) : kernel32.dll -> HOOKED (Unknown @ 0x003D0E3A)
[Inline] EAT @firefox.exe (PeekNamedPipe) : kernel32.dll -> HOOKED (Unknown @ 0x003D08A6)
[Inline] EAT @firefox.exe (ReadProcessMemory) : kernel32.dll -> HOOKED (Unknown @ 0x003D0EB1)
[Inline] EAT @firefox.exe (VirtualAllocEx) : kernel32.dll -> HOOKED (Unknown @ 0x003D0DC3)
[Inline] EAT @firefox.exe (VirtualProtect) : kernel32.dll -> HOOKED (Unknown @ 0x003D0CD5)
[Inline] EAT @firefox.exe (VirtualProtectEx) : kernel32.dll -> HOOKED (Unknown @ 0x003D0D4C)
[Inline] EAT @firefox.exe (WinExec) : kernel32.dll -> HOOKED (Unknown @ 0x003D0C5E)
[Inline] EAT @firefox.exe (SetClipboardData) : USER32.dll -> HOOKED (Unknown @ 0x003D06CA)
[Inline] EAT @firefox.exe (SetWindowsHookExA) : USER32.dll -> HOOKED (Unknown @ 0x003D04EE)
[Inline] EAT @firefox.exe (SetWindowsHookExW) : USER32.dll -> HOOKED (Unknown @ 0x003D0565)
[Inline] EAT @firefox.exe (NdrServerInitialize) : RPCRT4.dll -> HOOKED (Unknown @ 0x003D0741)
[Inline] EAT @firefox.exe (NdrStubCall2) : RPCRT4.dll -> HOOKED (Unknown @ 0x003D07B8)
[Inline] EAT @firefox.exe (bind) : WS2_32.dll -> HOOKED (Unknown @ 0x008B042F)
[Inline] EAT @firefox.exe (gethostbyname) : WS2_32.dll -> HOOKED (Unknown @ 0x008B01DC)
[Inline] EAT @firefox.exe (recv) : WS2_32.dll -> HOOKED (Unknown @ 0x008B03B8)
[Inline] EAT @firefox.exe (select) : WS2_32.dll -> HOOKED (Unknown @ 0x008B0341)
[Inline] EAT @firefox.exe (send) : WS2_32.dll -> HOOKED (Unknown @ 0x008B02CA)
[Inline] EAT @firefox.exe (socket) : WS2_32.dll -> HOOKED (Unknown @ 0x008B0253)
[Inline] EAT @firefox.exe (system) : msvcrt.dll -> HOOKED (Unknown @ 0x008B00EE)
[Inline] EAT @firefox.exe (ShellExecuteExW) : SHELL32.dll -> HOOKED (Unknown @ 0x008B04A6)
[Inline] EAT @firefox.exe (InternetOpenA) : WININET.dll -> HOOKED (Unknown @ 0x008B060B)
[Inline] EAT @firefox.exe (InternetOpenUrlA) : WININET.dll -> HOOKED (Unknown @ 0x008B0594)
[Inline] EAT @firefox.exe (InternetReadFile) : WININET.dll -> HOOKED (Unknown @ 0x008B051D)
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
[...]
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST500DM002-1BD142 +++++
--- User ---
[MBR] bbc983f42a18ea03e3efc9484103ea40
[BSP] eee412d08b57fde5247af09a76484fcb : MBR Code unknown
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 102 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 210944 | Size: 467321 Mo
2 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 957284352 | Size: 9516 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[0]_S_01282014_080633.txt >>
Lets do this
Please create a new system restore point before running Malwarebytes Anti-Rootkit if you can.
Download Malwarebytes Anti-Rootkit from Here (http://downloads.malwarebytes.org/file/mbar)
Unzip the contents to a folder in a convenient location.
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Click on the Cleanup button to remove any threats and reboot if prompted to do so.
Wait while the system shuts down and the cleanup process is performed.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
Kman1566
2014-01-28, 19:10
I was able to create a restore point. here is the mbar log... the system log in next reply.
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org
Database version: v2014.01.28.06
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.2180
:: TOYBOX [administrator]
1/28/2014 11:02:07 AM
mbar-log-2014-01-28 (11-02-07).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 272421
Time elapsed: 1 hour(s), 3 minute(s), 12 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Kman1566
2014-01-28, 19:11
system log
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
(c) Malwarebytes Corporation 2011-2012
OS version: 5.1.2600 Windows XP Service Pack 3 x86
Account is Administrative
Internet Explorer version: 6.0.2900.2180
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.793000 GHz
Memory total: 2145480704, free: 1156231168
Downloaded database version: v2014.01.28.05
Downloaded database version: v2013.12.18.01
=======================================
------------ Kernel report ------------
01/28/2014 09:20:08
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
vsflt53.sys
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
iastor.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
DRVMCDB.SYS
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
vididr.sys
timntr.sys
snapman.sys
Mup.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\ati2mtag.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\e1e5132.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HSFHWBS2.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\HSF_DP.sys
\SystemRoot\system32\DRIVERS\HSF_CNXT.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\drivers\iviaspi.sys
\SystemRoot\System32\Drivers\DLACDBHM.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\mfendisk.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\System32\Drivers\Pcouffin.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\drivers\WmBEnum.sys
\SystemRoot\system32\drivers\WmXlCore.sys
\SystemRoot\system32\drivers\MODEMCSA.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\sthda.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\i2omgmt.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\Drivers\DLARTL_N.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\drivers\mfetdi2k.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\DRIVERS\ELmou.sys
\SystemRoot\System32\DRIVERS\ELmon.sys
\SystemRoot\System32\DRIVERS\ELkbd.sys
\SystemRoot\System32\DRIVERS\ELhid.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\LHidUsb.Sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\dump_iastor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\mfehidk.sys
\SystemRoot\system32\drivers\mfeavfk.sys
\SystemRoot\system32\drivers\mfefirek.sys
\SystemRoot\system32\DRIVERS\mfencbdc.sys
\SystemRoot\System32\Drivers\DRVNDDM.SYS
\SystemRoot\System32\DLA\DLADResN.SYS
\SystemRoot\System32\DLA\DLAIFS_M.SYS
\SystemRoot\System32\DLA\DLAOPIOM.SYS
\SystemRoot\System32\DLA\DLAPoolM.SYS
\SystemRoot\System32\DLA\DLABOIOM.SYS
\SystemRoot\System32\DLA\DLAUDFAM.SYS
\SystemRoot\System32\DLA\DLAUDF_M.SYS
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\System32\Drivers\Aspi32.SYS
\SystemRoot\system32\DRIVERS\atksgt.sys
\SystemRoot\system32\DRIVERS\dsunidrv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\lirsgt.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\drivers\mfeapfk.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\drivers\cfwids.sys
\SystemRoot\system32\drivers\HipShieldK.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR4
Upper Device Object: 0xffffffff896cdab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000080\
Lower Device Object: 0xffffffff896d38e8
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a62dab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-0\
Lower Device Object: 0xffffffff8a111030
Lower Device Driver Name: \Driver\iastor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a62dab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a62e900, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff8a68e908, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a62dab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a62ea10, DeviceName: Unknown, DriverName: \Driver\vidsflt53\
DevicePointer: 0xffffffff8a111030, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iastor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\PartMgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Read File: File "C:\WINDOWS\system32\drivers\del200f.cty" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\del200f.cty" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\netwlan5.img" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\gm.dls" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\gmreadme.txt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\1028_Dell_XPS_DXPO51.mrk" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\1028_Dell_XPS_DXPO51.mrk" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\inetx026.img" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\inetx026.img" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ativmc20.cod" is compressed (flags = 1)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C08F172
Partition information:
Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 208896
Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 210944 Numsec = 957073408
Partition file system is NTFS
Partition is bootable
Partition 2 type is Other (0xdb)
Partition is NOT ACTIVE.
Partition starts at LBA: 957284352 Numsec = 19488768
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 500107862016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff896cdab8, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff89712f10, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff896d2870, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff896cdab8, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8977df10, DeviceName: Unknown, DriverName: \Driver\vidsflt53\
DevicePointer: 0xffffffff896d38e8, DeviceName: \Device\00000080\, DriverName: \Driver\USBSTOR\
------------ End ----------
Read File: File "C:\Documents and Settings\All Users\Application Data\McAfee\MSK\MSKWMDB.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
Infected: C:\Documents and Settings\Kevin\Desktop\uSeRiNiT.exe --> [Heuristics.Reserved.Word.Exploit]
Infected: C:\Documents and Settings\Kevin\Desktop\WiNlOgOn.exe --> [Heuristics.Reserved.Word.Exploit]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================
Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-1-210944-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
(c) Malwarebytes Corporation 2011-2012
OS version: 5.1.2600 Windows XP Service Pack 3 x86
Account is Administrative
Internet Explorer version: 6.0.2900.2180
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.793000 GHz
Memory total: 2145480704, free: 1203961856
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
(c) Malwarebytes Corporation 2011-2012
OS version: 5.1.2600 Windows XP Service Pack 3 x86
Account is Administrative
Internet Explorer version: 6.0.2900.2180
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.793000 GHz
Memory total: 2145480704, free: 1241186304
Downloaded database version: v2014.01.28.06
Downloaded database version: v2013.12.18.01
Initializing...
======================
------------ Kernel report ------------
01/28/2014 10:24:56
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
imofugc.sys
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
vsflt53.sys
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
iastor.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
DRVMCDB.SYS
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
vididr.sys
timntr.sys
snapman.sys
Mup.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\ati2mtag.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\e1e5132.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HSFHWBS2.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\HSF_DP.sys
\SystemRoot\system32\DRIVERS\HSF_CNXT.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\drivers\iviaspi.sys
\SystemRoot\System32\Drivers\DLACDBHM.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\mfendisk.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\System32\Drivers\Pcouffin.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\drivers\WmBEnum.sys
\SystemRoot\system32\drivers\WmXlCore.sys
\SystemRoot\system32\drivers\MODEMCSA.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\sthda.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\i2omgmt.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\Drivers\DLARTL_N.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\drivers\mfetdi2k.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\DRIVERS\ELmou.sys
\SystemRoot\System32\DRIVERS\ELmon.sys
\SystemRoot\System32\DRIVERS\ELkbd.sys
\SystemRoot\System32\DRIVERS\ELhid.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\LHidUsb.Sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\dump_iastor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\mfehidk.sys
\SystemRoot\system32\drivers\mfeavfk.sys
\SystemRoot\system32\drivers\mfefirek.sys
\SystemRoot\system32\DRIVERS\mfencbdc.sys
\SystemRoot\System32\Drivers\DRVNDDM.SYS
\SystemRoot\System32\DLA\DLADResN.SYS
\SystemRoot\System32\DLA\DLAIFS_M.SYS
\SystemRoot\System32\DLA\DLAOPIOM.SYS
\SystemRoot\System32\DLA\DLAPoolM.SYS
\SystemRoot\System32\DLA\DLABOIOM.SYS
\SystemRoot\System32\DLA\DLAUDFAM.SYS
\SystemRoot\System32\DLA\DLAUDF_M.SYS
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\Aspi32.SYS
\SystemRoot\system32\DRIVERS\atksgt.sys
\SystemRoot\system32\DRIVERS\dsunidrv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\lirsgt.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\drivers\mfeapfk.sys
\SystemRoot\system32\drivers\cfwids.sys
\SystemRoot\system32\drivers\HipShieldK.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR4
Upper Device Object: 0xffffffff89896030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000080\
Lower Device Object: 0xffffffff8990a030
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a82bab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-0\
Lower Device Object: 0xffffffff8a883030
Lower Device Driver Name: \Driver\iastor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a82bab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a80f900, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff8a7fc908, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a82bab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a80fa10, DeviceName: Unknown, DriverName: \Driver\vidsflt53\
DevicePointer: 0xffffffff8a883030, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iastor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\PartMgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Read File: File "C:\WINDOWS\system32\drivers\del200f.cty" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\del200f.cty" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\netwlan5.img" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\gm.dls" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\gmreadme.txt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\1028_Dell_XPS_DXPO51.mrk" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\1028_Dell_XPS_DXPO51.mrk" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\inetx026.img" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\inetx026.img" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ativmc20.cod" is compressed (flags = 1)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C08F172
Partition information:
Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 208896
Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 210944 Numsec = 957073408
Partition file system is NTFS
Partition is bootable
Partition 2 type is Other (0xdb)
Partition is NOT ACTIVE.
Partition starts at LBA: 957284352 Numsec = 19488768
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 500107862016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff89896030, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff898c5440, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff8986c220, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff89896030, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a85c418, DeviceName: Unknown, DriverName: \Driver\vidsflt53\
DevicePointer: 0xffffffff8990a030, DeviceName: \Device\00000080\, DriverName: \Driver\USBSTOR\
------------ End ----------
Read File: File "C:\Documents and Settings\All Users\Application Data\McAfee\MSK\MSKWMDB.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
(c) Malwarebytes Corporation 2011-2012
OS version: 5.1.2600 Windows XP Service Pack 3 x86
Account is Administrative
Internet Explorer version: 6.0.2900.2180
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.793000 GHz
Memory total: 2145480704, free: 1322848256
Initializing...
======================
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR4
Upper Device Object: 0xffffffff89896030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000080\
Lower Device Object: 0xffffffff8990a030
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a82bab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-0\
Lower Device Object: 0xffffffff8a883030
Lower Device Driver Name: \Driver\iastor\
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Read File: File "C:\WINDOWS\system32\drivers\del200f.cty" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\del200f.cty" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\netwlan5.img" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\gm.dls" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\gmreadme.txt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\1028_Dell_XPS_DXPO51.mrk" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\1028_Dell_XPS_DXPO51.mrk" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\inetx026.img" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\inetx026.img" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ativmc20.cod" is compressed (flags = 1)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C08F172
Partition information:
Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 208896
Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 210944 Numsec = 957073408
Partition file system is NTFS
Partition is bootable
Partition 2 type is Other (0xdb)
Partition is NOT ACTIVE.
Partition starts at LBA: 957284352 Numsec = 19488768
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 500107862016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff89896030, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff898c5440, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff8986c220, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff89896030, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a85c418, DeviceName: Unknown, DriverName: \Driver\vidsflt53\
DevicePointer: 0xffffffff8990a030, DeviceName: \Device\00000080\, DriverName: \Driver\USBSTOR\
------------ End ----------
Read File: File "C:\Documents and Settings\All Users\Application Data\McAfee\MSK\MSKWMDB.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
Scan finished
=======================================
Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-1-210944-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
It looks like it found a couple of infected files and removed them.
How is your system behaving now ?
Drag Combofix to the trash and lets grab a updated copy and give it one more try, make sure to download it to your desktop
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RC1.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
Kman1566
2014-01-28, 20:20
My computer is not unusually slow or experiencing weird behavior except for mcafee... I followed the link you provided but they do not match my options. I clicked on the help link on McAfee Security Center and read how to turn off the realtime scanning but the box to check is not there on mine??? Not sure how I should proceed...Also the text in the settings page is cut off and there is no scroll bar or anyway I can see to change the window size.
OK, you should be able to just right click on the Mcfee Icon in the system tray, down on the right by the clock and disable it, if not then just give Combofix a shot as is, and if it dont work then run a new scan with OTL and post the log please
Kman1566
2014-01-28, 21:47
I moved the earier Combofix to recylce bin and downloaded the new one- when I tried to open it I recieved a message that it was not a valid system 32 app so I moved that to recylce bin and tried the next link, downloaded ok but when I tried to open it the icon disappeared and no other window opened. I ran OTL with no issue however, only the first log opened and I am not able to locate the folder on the C drive. I did find a folder titled "Secure Speed Dial" that I thought we had gotten rid of. While I was downloading the Combofix Mcafee attempted to update but never got passed 0% download complete. My home page also is still changing to yahoo search not the Yahoo Home that it should be. Here is the log from OTL...
OTL logfile created on: 1/28/2014 2:07:26 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Kevin\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 48.18% Memory free
4.85 Gb Paging File | 3.94 Gb Available in Paging File | 81.23% Paging File free
Paging file location(s): C:\pagefile.sys 3072 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 456.37 Gb Total Space | 358.56 Gb Free Space | 78.57% Space Free | Partition Type: NTFS
Computer Name: TOYBOX | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Kevin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Kevin\My Documents\Downloads\Advanced SystemCare 7\ASCService.exe (IObit)
PRC - C:\Program Files\McAfee\MSC\McAPExe.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee\VirusScan\McVsShld.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
PRC - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe (Seagate)
PRC - C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\SiteAdvisor\6261\SiteAdv.exe (McAfee, Inc.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe (American Power Conversion Corporation)
PRC - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
PRC - C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe (Dell)
PRC - C:\WINDOWS\system32\dlcdcoms.exe ()
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Documents and Settings\Kevin\My Documents\Downloads\Advanced SystemCare 7\sqlite3.dll ()
MOD - C:\WINDOWS\system32\sqlite3.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\Program Files\SiteAdvisor\6261\saHook.dll ()
MOD - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\dlcdcfg.dll ()
MOD - C:\WINDOWS\system32\dlcdserv.dll ()
MOD - C:\WINDOWS\system32\dlcdlmpm.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 944\dlcdpplc.dll ()
MOD - C:\WINDOWS\system32\dlcdcoms.exe ()
MOD - C:\Program Files\Dell Photo AIO Printer 944\dlcdcomc.dll ()
MOD - C:\WINDOWS\system32\dlcdprox.dll ()
MOD - C:\WINDOWS\system32\dlcdusb1.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 944\dlcdcfg.dll ()
MOD - C:\WINDOWS\system32\dlcdcnv4.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 944\dlcddrec.dll ()
========== Services (SafeList) ==========
SRV - (KodakCCS) -- C:\WINDOWS\system32\drivers\KodakCCS.exe File not found
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdvancedSystemCareService7) -- C:\Documents and Settings\Kevin\My Documents\Downloads\Advanced SystemCare 7\ASCService.exe (IObit)
SRV - (LiveUpdateSvc) -- C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe (IObit)
SRV - (McAPExe) -- C:\Program Files\McAfee\MSC\McAPExe.exe (McAfee, Inc.)
SRV - (mfecore) -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV - (SecureUpdateSvc) -- C:\Program Files\Secure Speed Dial\IE\SecureUpdate.exe ()
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcpltsvc) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcbootdelaystartsvc) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (HomeNetSvc) -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (JavaQuickStarterService) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation)
SRV - (SgtSch2Svc) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe (Seagate)
SRV - (PEVSystemStart) -- C:\ComboFix\pev.3XE ()
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (ELService) -- C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe (Intel Corporation)
SRV - (APC UPS Service) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
SRV - (dlcd_device) -- C:\WINDOWS\system32\dlcdcoms.exe ()
SRV - (IAANTMon) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
========== Driver Services (SafeList) ==========
DRV - (Winsock - Google Desktop Search Backup Before Last Install) -- File not found
DRV - (Winsock - Google Desktop Search Backup Before First Install) -- File not found
DRV - (WDICA) -- File not found
DRV - (wanatw) -- system32\DRIVERS\wanatw4.sys File not found
DRV - (usbcm) -- system32\DRIVERS\usbcm.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (bvrp_pci) -- File not found
DRV - (mbamchameleon) -- C:\WINDOWS\system32\drivers\mbamchameleon.sys (Malwarebytes Corporation)
DRV - (LHidUsb) -- C:\WINDOWS\system32\drivers\LHidUsb.sys (Logitech, Inc.)
DRV - (mfencrk) -- C:\WINDOWS\system32\drivers\mfencrk.sys (McAfee, Inc.)
DRV - (mfencbdc) -- C:\WINDOWS\system32\drivers\mfencbdc.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (HipShieldK) -- C:\WINDOWS\system32\drivers\HipShieldK.sys (McAfee, Inc.)
DRV - (timounter) -- C:\WINDOWS\system32\drivers\timntr.sys (Acronis)
DRV - (vididr) -- C:\WINDOWS\system32\drivers\vididr.sys (Acronis)
DRV - (vidsflt53) -- C:\WINDOWS\system32\drivers\vsflt53.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\drivers\snapman.sys (Acronis)
DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (ELhid) -- C:\WINDOWS\system32\drivers\ELhid.sys (Intel Corporation)
DRV - (ELmon) -- C:\WINDOWS\system32\drivers\ELmon.sys (Intel Corporation)
DRV - (ELkbd) -- C:\WINDOWS\system32\drivers\ELkbd.sys (Intel Corporation)
DRV - (ELmou) -- C:\WINDOWS\system32\drivers\ELmou.sys (Intel Corporation)
DRV - (ELacpi) -- C:\WINDOWS\system32\drivers\ELacpi.sys (Intel Corporation)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr7/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&client=dell
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com?type=198484&fr=spigot-yhp-ie
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\..\SearchScopes,DefaultScope = {0FF4A0C4-D3EB-438E-A53E-A94C5694C916}
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\..\SearchScopes\{0FF4A0C4-D3EB-438E-A53E-A94C5694C916}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\..\SearchScopes\{306851AB-2967-45E2-B485-4E5B3C1A21E5}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=198484"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: moveplayer%40movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledAddons: %7B1650a312-02bc-40ee-977e-83f158701739%7D:26.6
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {1650a312-02bc-40ee-977e-83f158701739}:26.6
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\Kevin\Application Data\nprhapengine.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/28 19:21:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/28 19:21:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/28 19:21:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/01/19 22:04:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/01/16 09:09:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2014/01/20 12:02:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739}: C:\Program Files\SiteAdvisor\6261\FF\ [2008/06/23 17:52:42 | 000,000,000 | ---D | M]
[2008/09/07 18:57:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Extensions
[2014/01/27 18:21:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions
[2010/04/27 15:01:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/03/10 18:26:56 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\moveplayer@movenetworks.com
[2014/01/25 06:06:16 | 000,000,000 | ---D | M] (AccelerateTab) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net
[2007/04/12 19:51:42 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\searchplugins\siteadvisor.xml
[2013/05/18 21:00:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/12 07:34:28 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/12/12 07:34:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions
[2013/12/12 07:34:13 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\KEVIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0B41PS0E.DEFAULT\EXTENSIONS\ADSREMOVAL@ADSREMOVAL.NET
[2008/06/23 17:52:42 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\SITEADVISOR\6261\FF
[2012/08/11 10:09:13 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
O1 HOSTS File: ([2014/01/21 01:01:45 | 000,451,153 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 15488 more lines...
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Reg Error: Value error.) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
O2 - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Documents and Settings\Kevin\My Documents\Downloads\IObit Uninstaller\UninstallExplorer32.dll (IObit)
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
O3 - HKLM\..\Toolbar: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Documents and Settings\Kevin\My Documents\Downloads\IObit Uninstaller\UninstallExplorer32.dll (IObit)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
O4 - HKLM..\Run: [DLCDCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.DLL ()
O4 - HKLM..\Run: [dlcdmon.exe] C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe (Dell)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006..\Run: [Advanced SystemCare 7] C:\Documents and Settings\Kevin\My Documents\Downloads\Advanced SystemCare 7\ASCTray.exe (IObit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\Kevin\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342719157853 (MUWebControl Class)
O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6a7c86ed-15f7-11e2-9f10-ca672b9b391e}\Shell - "" = AutoRun
O33 - MountPoints2\{6a7c86ed-15f7-11e2-9f10-ca672b9b391e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6a7c86ed-15f7-11e2-9f10-ca672b9b391e}\Shell\AutoRun\command - "" = E:\unlock.exe autoplay=true
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2014/01/28 09:20:08 | 000,107,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/01/28 08:03:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Desktop\RK_Quarantine
[2014/01/27 21:53:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/01/27 21:46:59 | 000,000,000 | --SD | C] -- C:\ComboFix
[2014/01/27 20:32:54 | 001,933,048 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Kevin\Desktop\rkill.scr
[2014/01/27 20:32:41 | 001,933,048 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Kevin\Desktop\rkill.com
[2014/01/27 19:20:19 | 001,933,048 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Kevin\Desktop\rkill.exe
[2014/01/27 15:28:07 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2014/01/27 13:55:41 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2014/01/27 13:52:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2014/01/27 13:52:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2014/01/27 13:52:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2014/01/27 13:52:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2014/01/27 13:48:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/01/27 09:58:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kevin\Desktop\OTL.exe
[2014/01/25 05:51:16 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Kevin\Desktop\dds.scr
[2014/01/24 13:41:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
[2014/01/24 13:40:40 | 000,052,312 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/01/24 13:05:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Application Data\TechCheck
[2014/01/24 08:35:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2014/01/20 16:06:11 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2014/01/20 16:06:11 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe
[2014/01/20 15:53:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Application Data\ElevatedDiagnostics
[2014/01/20 15:30:22 | 000,037,804 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LHidUsb.sys
[2014/01/20 15:29:29 | 000,083,808 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\NicInstE.dll
[2014/01/20 15:29:28 | 000,028,272 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\NicCo2.dll
[2014/01/20 15:15:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood(2)
[2014/01/07 11:11:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\My Documents\Job Hunt 2014
[2013/12/31 10:58:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IObit Uninstaller
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\Kevin\Desktop\*.tmp files -> C:\Documents and Settings\Kevin\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/01/28 13:42:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/01/28 11:01:52 | 000,107,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/01/28 10:21:51 | 000,052,312 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/01/28 10:20:45 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2014/01/28 10:18:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/01/28 10:18:10 | 000,000,332 | ---- | M] () -- C:\WINDOWS\tasks\ASC7_PerformanceMonitor.job
[2014/01/28 10:17:50 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-590471348-4020301897-3148249993-1006.job
[2014/01/28 10:17:50 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-590471348-4020301897-3148249993-1007.job
[2014/01/28 10:17:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/01/28 10:17:24 | 2145,554,432 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/28 08:01:50 | 003,794,432 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\RogueKiller.exe
[2014/01/27 20:32:54 | 001,933,048 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Kevin\Desktop\rkill.scr
[2014/01/27 20:32:41 | 001,933,048 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Kevin\Desktop\rkill.com
[2014/01/27 19:20:19 | 001,933,048 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Kevin\Desktop\rkill.exe
[2014/01/27 15:23:39 | 002,218,636 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\tdsskiller.zip
[2014/01/27 15:09:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-590471348-4020301897-3148249993-1006.job
[2014/01/27 13:56:13 | 000,000,326 | RHS- | M] () -- C:\boot.ini
[2014/01/27 09:58:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kevin\Desktop\OTL.exe
[2014/01/26 09:40:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/01/26 09:38:04 | 000,445,890 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/01/26 09:38:04 | 000,073,096 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/01/25 05:51:16 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Kevin\Desktop\dds.scr
[2014/01/21 07:54:16 | 000,023,325 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2014/01/21 01:01:45 | 000,451,153 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/01/20 15:30:23 | 000,037,804 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LHidUsb.sys
[2014/01/20 15:29:29 | 000,309,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\Prounstl.exe
[2014/01/20 15:29:29 | 000,083,808 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\NicInstE.dll
[2014/01/20 15:29:29 | 000,028,272 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\NicCo2.dll
[2014/01/20 15:29:28 | 000,121,440 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\e1000msg.dll
[2014/01/20 15:29:28 | 000,002,876 | ---- | M] () -- C:\WINDOWS\System32\e1e5132.din
[2014/01/20 13:12:22 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/01/20 13:09:14 | 000,000,230 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2014/01/20 12:29:35 | 000,000,057 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2014/01/15 20:13:00 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-590471348-4020301897-3148249993-1007.job
[2014/01/07 12:39:25 | 000,000,427 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\Shortcut to Job Hunt 2014.lnk
[2013/12/31 11:47:01 | 001,828,993 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\Special Edition Use Care Guide Keurig K65.pdf
[2013/12/31 11:07:51 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\Kevin\Desktop\*.tmp files -> C:\Documents and Settings\Kevin\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/01/28 08:01:49 | 003,794,432 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\RogueKiller.exe
[2014/01/27 15:23:42 | 002,218,636 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\tdsskiller.zip
[2014/01/27 13:52:18 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2014/01/27 13:52:17 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2014/01/27 13:52:17 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2014/01/27 13:52:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2014/01/26 09:40:04 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2014/01/26 09:09:56 | 2145,554,432 | -HS- | C] () -- C:\hiberfil.sys
[2014/01/20 13:09:14 | 000,000,230 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2014/01/19 22:05:42 | 000,002,951 | ---- | C] () -- C:\WINDOWS\System32\drivers\mfencbdc.inf
[2014/01/19 22:05:42 | 000,002,641 | ---- | C] () -- C:\WINDOWS\System32\drivers\mfencrk.inf
[2014/01/07 12:39:25 | 000,000,427 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\Shortcut to Job Hunt 2014.lnk
[2013/12/31 11:47:11 | 001,828,993 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\Special Edition Use Care Guide Keurig K65.pdf
[2013/09/08 18:48:32 | 000,268,968 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2012/03/25 08:45:30 | 000,000,825 | ---- | C] () -- C:\Documents and Settings\Kevin\Application Data\burnaware.ini
[2012/02/18 08:10:39 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2009/12/22 17:09:59 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\kodakpcd.ini
[2007/02/05 10:04:23 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\Kevin\Application Data\FixVTS.ini
[2006/11/23 10:52:56 | 000,001,894 | ---- | C] () -- C:\Documents and Settings\Kevin\default.pls
[2006/07/13 21:05:11 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2006/03/25 00:03:49 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Kevin\Application Data\dvd.bmk
[2006/03/08 20:31:14 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/03/07 19:32:19 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\fusioncache.dat
========== ZeroAccess Check ==========
[2005/08/16 05:39:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2007/12/25 13:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2011/07/30 16:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2014/01/25 06:05:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2013/03/09 19:57:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Licenses
[2006/03/30 15:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MCA30.tmp
[2006/03/30 15:47:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MCA3A.tmp
[2007/10/23 16:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2012/08/28 15:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2014/01/27 14:02:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ProductData
[2012/09/05 17:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2011/08/23 19:32:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2014/01/28 13:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/02/03 13:24:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TSMDelux
[2012/08/28 18:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2013/11/22 22:26:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
[2011/08/20 07:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2013/01/22 08:16:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{BDDB56DE-AE4E-48A2-B856-FB60C8498453}
[2013/01/22 08:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
[2012/09/05 17:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\A7389BEA-FD6B-409A-A860-F7619255E4AB
[2013/01/02 23:52:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\calibre
[2011/07/30 16:06:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\DJ ToneXpress
[2014/01/20 15:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\ElevatedDiagnostics
[2014/01/20 15:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\IObit
[2006/03/07 21:11:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Leadertech
[2007/01/26 12:11:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\My Games
[2012/08/28 19:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Oracle
[2012/08/28 15:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\PCDr
[2007/02/05 09:52:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\RipIt4Me
[2012/05/20 09:25:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Kevin\Application Data\RPPrivate
[2012/09/05 17:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Seagate
[2010/02/22 09:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Skinux
[2014/01/24 13:05:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\TechCheck
[2006/03/26 16:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\Leadertech
[2009/12/24 12:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\Skinux
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F9819010
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >
Not looking at to much bad, Combofix is running as a service, lets stop in and clean out some temp files
The script has to start with :OTL and end with [reboot] or the fix wont work so make sure you get it all
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
SRV - (PEVSystemStart) -- C:\ComboFix\pev.3XE ()
[2014/01/25 06:06:16 | 000,000,000 | ---D | M] (AccelerateTab) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net
:Services
:Reg
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[EMPTYJAVA]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces
Then run a new scan with OTL and post the new log please
Kman1566
2014-01-28, 22:25
I have to step away from the computer for a bit- just a heads up, thanks again for your help. I will perform task and post soon.
Kman1566
2014-01-28, 23:57
ran the fix with no issues here is the log... I will now run the scan and post results in next reply.
All processes killed
========== OTL ==========
Service PEVSystemStart stopped successfully!
Service PEVSystemStart deleted successfully!
C:\ComboFix\pev.3XE moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\zh-TW folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\zh-CN folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\vi folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\uk folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\tr folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\th folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\te folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\ta folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\sw folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\sv folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\sr folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\sl folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\sk folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\ru folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\ro folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\pt_PT folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\pt_BR folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\pl folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\no folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\nl folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\ms folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\mr folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\lv folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\lt folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\ko folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\kn folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\ja folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\it folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\id folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\hu folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\hr folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\hi folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\he folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\gu folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\fr folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\fil folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\fi folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\fa folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\et folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\es - 419 folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\es folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\en-US folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\en-GB folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\en folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\el folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\de folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\da folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\cs folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\ca folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\bn folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\bg folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\ar folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\images\bg folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\images folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\defaults\preferences folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\defaults folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Kevin\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Kevin\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYJAVA]
User: Administrator
User: All Users
User: Default User
User: Kevin
->Java cache emptied: 0 bytes
User: Kim
->Java cache emptied: 0 bytes
User: LocalService
User: NetworkService
Total Java Files Cleaned = 0.00 mb
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes
User: Kevin
->Temp folder emptied: 37724024 bytes
->Temporary Internet Files folder emptied: 1284755 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 3066032 bytes
->Flash cache emptied: 1802 bytes
User: Kim
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 797107 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 8434 bytes
User: NetworkService
->Temp folder emptied: 51832 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 727242 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 221325102 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 790326 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 254.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 01282014_164905
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Kman1566
2014-01-29, 00:12
Scan complete- here is the new log
OTL logfile created on: 1/28/2014 4:59:11 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Kevin\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 78.36% Memory free
4.85 Gb Paging File | 4.29 Gb Available in Paging File | 88.47% Paging File free
Paging file location(s): C:\pagefile.sys 3072 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 456.37 Gb Total Space | 359.11 Gb Free Space | 78.69% Space Free | Partition Type: NTFS
Computer Name: TOYBOX | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Kevin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Kevin\My Documents\Downloads\Advanced SystemCare 7\ASCTray.exe (IObit)
PRC - C:\Documents and Settings\Kevin\My Documents\Downloads\Advanced SystemCare 7\ASCService.exe (IObit)
PRC - C:\Program Files\McAfee\MSC\McAPExe.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
PRC - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe (Seagate)
PRC - C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe (American Power Conversion Corporation)
PRC - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
PRC - C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe (Dell)
PRC - C:\WINDOWS\system32\dlcdcoms.exe ()
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
========== Modules (No Company Name) ==========
MOD - C:\Documents and Settings\Kevin\My Documents\Downloads\Advanced SystemCare 7\sqlite3.dll ()
MOD - C:\Documents and Settings\Kevin\My Documents\Downloads\Advanced SystemCare 7\webres.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\dlcdcfg.dll ()
MOD - C:\WINDOWS\system32\dlcdserv.dll ()
MOD - C:\WINDOWS\system32\dlcdlmpm.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 944\dlcdpplc.dll ()
MOD - C:\WINDOWS\system32\dlcdcoms.exe ()
MOD - C:\Program Files\Dell Photo AIO Printer 944\dlcdcomc.dll ()
MOD - C:\WINDOWS\system32\dlcdprox.dll ()
MOD - C:\WINDOWS\system32\dlcdusb1.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 944\dlcdcfg.dll ()
MOD - C:\WINDOWS\system32\dlcdcnv4.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 944\dlcddrec.dll ()
========== Services (SafeList) ==========
SRV - (KodakCCS) -- C:\WINDOWS\system32\drivers\KodakCCS.exe File not found
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdvancedSystemCareService7) -- C:\Documents and Settings\Kevin\My Documents\Downloads\Advanced SystemCare 7\ASCService.exe (IObit)
SRV - (LiveUpdateSvc) -- C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe (IObit)
SRV - (McAPExe) -- C:\Program Files\McAfee\MSC\McAPExe.exe (McAfee, Inc.)
SRV - (mfecore) -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV - (SecureUpdateSvc) -- C:\Program Files\Secure Speed Dial\IE\SecureUpdate.exe ()
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcpltsvc) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcbootdelaystartsvc) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (HomeNetSvc) -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (JavaQuickStarterService) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation)
SRV - (SgtSch2Svc) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe (Seagate)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (ELService) -- C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe (Intel Corporation)
SRV - (APC UPS Service) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
SRV - (dlcd_device) -- C:\WINDOWS\system32\dlcdcoms.exe ()
SRV - (IAANTMon) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
========== Driver Services (SafeList) ==========
DRV - (Winsock - Google Desktop Search Backup Before Last Install) -- File not found
DRV - (Winsock - Google Desktop Search Backup Before First Install) -- File not found
DRV - (WDICA) -- File not found
DRV - (wanatw) -- system32\DRIVERS\wanatw4.sys File not found
DRV - (usbcm) -- system32\DRIVERS\usbcm.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (bvrp_pci) -- File not found
DRV - (mbamchameleon) -- C:\WINDOWS\system32\drivers\mbamchameleon.sys (Malwarebytes Corporation)
DRV - (LHidUsb) -- C:\WINDOWS\system32\drivers\LHidUsb.sys (Logitech, Inc.)
DRV - (mfencrk) -- C:\WINDOWS\system32\drivers\mfencrk.sys (McAfee, Inc.)
DRV - (mfencbdc) -- C:\WINDOWS\system32\drivers\mfencbdc.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (HipShieldK) -- C:\WINDOWS\system32\drivers\HipShieldK.sys (McAfee, Inc.)
DRV - (timounter) -- C:\WINDOWS\system32\drivers\timntr.sys (Acronis)
DRV - (vididr) -- C:\WINDOWS\system32\drivers\vididr.sys (Acronis)
DRV - (vidsflt53) -- C:\WINDOWS\system32\drivers\vsflt53.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\drivers\snapman.sys (Acronis)
DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (ELhid) -- C:\WINDOWS\system32\drivers\ELhid.sys (Intel Corporation)
DRV - (ELmon) -- C:\WINDOWS\system32\drivers\ELmon.sys (Intel Corporation)
DRV - (ELkbd) -- C:\WINDOWS\system32\drivers\ELkbd.sys (Intel Corporation)
DRV - (ELmou) -- C:\WINDOWS\system32\drivers\ELmou.sys (Intel Corporation)
DRV - (ELacpi) -- C:\WINDOWS\system32\drivers\ELacpi.sys (Intel Corporation)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr7/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&client=dell
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com?type=198484&fr=spigot-yhp-ie
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\..\SearchScopes,DefaultScope = {0FF4A0C4-D3EB-438E-A53E-A94C5694C916}
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\..\SearchScopes\{0FF4A0C4-D3EB-438E-A53E-A94C5694C916}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\..\SearchScopes\{306851AB-2967-45E2-B485-4E5B3C1A21E5}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=198484"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: moveplayer%40movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledAddons: %7B1650a312-02bc-40ee-977e-83f158701739%7D:26.6
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {1650a312-02bc-40ee-977e-83f158701739}:26.6
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\Kevin\Application Data\nprhapengine.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/28 19:21:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/28 19:21:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/28 19:21:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/01/19 22:04:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/01/16 09:09:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2014/01/20 12:02:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739}: C:\Program Files\SiteAdvisor\6261\FF\ [2008/06/23 17:52:42 | 000,000,000 | ---D | M]
[2008/09/07 18:57:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Extensions
[2014/01/28 16:49:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions
[2010/04/27 15:01:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/03/10 18:26:56 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\moveplayer@movenetworks.com
[2007/04/12 19:51:42 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\searchplugins\siteadvisor.xml
[2013/05/18 21:00:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/12 07:34:28 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/12/12 07:34:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions
[2013/12/12 07:34:13 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\KEVIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0B41PS0E.DEFAULT\EXTENSIONS\ADSREMOVAL@ADSREMOVAL.NET
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\KEVIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0B41PS0E.DEFAULT\EXTENSIONS\SPEEDDIAL@INSTAIR.NET
[2008/06/23 17:52:42 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\SITEADVISOR\6261\FF
[2012/08/11 10:09:13 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
O1 HOSTS File: ([2014/01/28 16:49:14 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Reg Error: Value error.) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
O2 - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Documents and Settings\Kevin\My Documents\Downloads\IObit Uninstaller\UninstallExplorer32.dll (IObit)
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
O3 - HKLM\..\Toolbar: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Documents and Settings\Kevin\My Documents\Downloads\IObit Uninstaller\UninstallExplorer32.dll (IObit)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
O4 - HKLM..\Run: [DLCDCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.DLL ()
O4 - HKLM..\Run: [dlcdmon.exe] C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe (Dell)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006..\Run: [Advanced SystemCare 7] C:\Documents and Settings\Kevin\My Documents\Downloads\Advanced SystemCare 7\ASCTray.exe (IObit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\Kevin\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342719157853 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 184.63.96.68 184.63.96.69
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00363636-33FF-484C-A8F8-89AC0BAF378A}: DhcpNameServer = 184.63.96.68 184.63.96.69
O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6a7c86ed-15f7-11e2-9f10-ca672b9b391e}\Shell - "" = AutoRun
O33 - MountPoints2\{6a7c86ed-15f7-11e2-9f10-ca672b9b391e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6a7c86ed-15f7-11e2-9f10-ca672b9b391e}\Shell\AutoRun\command - "" = E:\unlock.exe autoplay=true
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2014/01/28 16:49:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/01/28 09:20:08 | 000,107,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/01/28 08:03:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Desktop\RK_Quarantine
[2014/01/27 21:53:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/01/27 21:46:59 | 000,000,000 | --SD | C] -- C:\ComboFix
[2014/01/27 20:32:54 | 001,933,048 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Kevin\Desktop\rkill.scr
[2014/01/27 20:32:41 | 001,933,048 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Kevin\Desktop\rkill.com
[2014/01/27 19:20:19 | 001,933,048 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Kevin\Desktop\rkill.exe
[2014/01/27 15:28:07 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2014/01/27 13:55:41 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2014/01/27 13:52:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2014/01/27 13:52:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2014/01/27 13:52:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2014/01/27 13:52:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2014/01/27 13:48:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/01/27 09:58:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kevin\Desktop\OTL.exe
[2014/01/25 05:51:16 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Kevin\Desktop\dds.scr
[2014/01/24 13:40:40 | 000,052,312 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/01/24 13:05:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Application Data\TechCheck
[2014/01/24 08:35:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2014/01/20 16:06:11 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2014/01/20 16:06:11 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe
[2014/01/20 15:53:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Application Data\ElevatedDiagnostics
[2014/01/20 15:30:22 | 000,037,804 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LHidUsb.sys
[2014/01/20 15:29:29 | 000,083,808 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\NicInstE.dll
[2014/01/20 15:29:28 | 000,028,272 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\NicCo2.dll
[2014/01/20 15:15:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood(2)
[2014/01/07 11:11:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\My Documents\Job Hunt 2014
[2013/12/31 10:58:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IObit Uninstaller
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\Kevin\Desktop\*.tmp files -> C:\Documents and Settings\Kevin\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/01/28 16:53:31 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2014/01/28 16:51:17 | 000,000,332 | ---- | M] () -- C:\WINDOWS\tasks\ASC7_PerformanceMonitor.job
[2014/01/28 16:50:46 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/01/28 16:50:36 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-590471348-4020301897-3148249993-1006.job
[2014/01/28 16:50:36 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-590471348-4020301897-3148249993-1007.job
[2014/01/28 16:50:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/01/28 16:50:07 | 2145,554,432 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/28 16:49:14 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2014/01/28 16:42:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/01/28 11:01:52 | 000,107,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/01/28 10:21:51 | 000,052,312 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/01/28 08:01:50 | 003,794,432 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\RogueKiller.exe
[2014/01/27 20:32:54 | 001,933,048 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Kevin\Desktop\rkill.scr
[2014/01/27 20:32:41 | 001,933,048 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Kevin\Desktop\rkill.com
[2014/01/27 19:20:19 | 001,933,048 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Kevin\Desktop\rkill.exe
[2014/01/27 15:23:39 | 002,218,636 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\tdsskiller.zip
[2014/01/27 15:09:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-590471348-4020301897-3148249993-1006.job
[2014/01/27 13:56:13 | 000,000,326 | RHS- | M] () -- C:\boot.ini
[2014/01/27 09:58:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kevin\Desktop\OTL.exe
[2014/01/26 09:40:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/01/26 09:38:04 | 000,445,890 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/01/26 09:38:04 | 000,073,096 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/01/25 05:51:16 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Kevin\Desktop\dds.scr
[2014/01/21 07:54:16 | 000,023,325 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2014/01/20 15:30:23 | 000,037,804 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LHidUsb.sys
[2014/01/20 15:29:29 | 000,309,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\Prounstl.exe
[2014/01/20 15:29:29 | 000,083,808 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\NicInstE.dll
[2014/01/20 15:29:29 | 000,028,272 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\NicCo2.dll
[2014/01/20 15:29:28 | 000,121,440 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\e1000msg.dll
[2014/01/20 15:29:28 | 000,002,876 | ---- | M] () -- C:\WINDOWS\System32\e1e5132.din
[2014/01/20 13:12:22 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/01/20 13:09:14 | 000,000,230 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2014/01/20 12:29:35 | 000,000,057 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2014/01/15 20:13:00 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-590471348-4020301897-3148249993-1007.job
[2014/01/07 12:39:25 | 000,000,427 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\Shortcut to Job Hunt 2014.lnk
[2013/12/31 11:47:01 | 001,828,993 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\Special Edition Use Care Guide Keurig K65.pdf
[2013/12/31 11:07:51 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\Kevin\Desktop\*.tmp files -> C:\Documents and Settings\Kevin\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/01/28 08:01:49 | 003,794,432 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\RogueKiller.exe
[2014/01/27 15:23:42 | 002,218,636 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\tdsskiller.zip
[2014/01/27 13:52:18 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2014/01/27 13:52:17 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2014/01/27 13:52:17 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2014/01/27 13:52:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2014/01/26 09:40:04 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2014/01/26 09:09:56 | 2145,554,432 | -HS- | C] () -- C:\hiberfil.sys
[2014/01/20 13:09:14 | 000,000,230 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2014/01/19 22:05:42 | 000,002,951 | ---- | C] () -- C:\WINDOWS\System32\drivers\mfencbdc.inf
[2014/01/19 22:05:42 | 000,002,641 | ---- | C] () -- C:\WINDOWS\System32\drivers\mfencrk.inf
[2014/01/07 12:39:25 | 000,000,427 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\Shortcut to Job Hunt 2014.lnk
[2013/12/31 11:47:11 | 001,828,993 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\Special Edition Use Care Guide Keurig K65.pdf
[2013/09/08 18:48:32 | 000,268,968 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2012/03/25 08:45:30 | 000,000,825 | ---- | C] () -- C:\Documents and Settings\Kevin\Application Data\burnaware.ini
[2012/02/18 08:10:39 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2009/12/22 17:09:59 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\kodakpcd.ini
[2007/02/05 10:04:23 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\Kevin\Application Data\FixVTS.ini
[2006/11/23 10:52:56 | 000,001,894 | ---- | C] () -- C:\Documents and Settings\Kevin\default.pls
[2006/07/13 21:05:11 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2006/03/25 00:03:49 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Kevin\Application Data\dvd.bmk
[2006/03/08 20:31:14 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/03/07 19:32:19 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\fusioncache.dat
========== ZeroAccess Check ==========
[2005/08/16 05:39:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2007/12/25 13:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2011/07/30 16:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2014/01/25 06:05:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2013/03/09 19:57:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Licenses
[2006/03/30 15:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MCA30.tmp
[2006/03/30 15:47:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MCA3A.tmp
[2007/10/23 16:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2012/08/28 15:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2014/01/27 14:02:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ProductData
[2012/09/05 17:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2011/08/23 19:32:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2014/01/28 14:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/02/03 13:24:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TSMDelux
[2012/08/28 18:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2013/11/22 22:26:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
[2011/08/20 07:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2013/01/22 08:16:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{BDDB56DE-AE4E-48A2-B856-FB60C8498453}
[2013/01/22 08:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
[2012/09/05 17:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\A7389BEA-FD6B-409A-A860-F7619255E4AB
[2013/01/02 23:52:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\calibre
[2011/07/30 16:06:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\DJ ToneXpress
[2014/01/20 15:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\ElevatedDiagnostics
[2014/01/20 15:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\IObit
[2006/03/07 21:11:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Leadertech
[2007/01/26 12:11:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\My Games
[2012/08/28 19:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Oracle
[2012/08/28 15:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\PCDr
[2007/02/05 09:52:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\RipIt4Me
[2012/05/20 09:25:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Kevin\Application Data\RPPrivate
[2012/09/05 17:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Seagate
[2010/02/22 09:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Skinux
[2014/01/24 13:05:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\TechCheck
[2006/03/26 16:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\Leadertech
[2009/12/24 12:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\Skinux
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F9819010
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >
Still looking at speedial
Open Firefox
Click on Help > Troubleshooting Information > Reset Firefox to its default state
Then run a new scan with OTL and post the log
Kman1566
2014-01-29, 00:48
Here are the results
OTL logfile created on: 1/28/2014 5:41:40 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Kevin\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 64.15% Memory free
4.85 Gb Paging File | 4.14 Gb Available in Paging File | 85.49% Paging File free
Paging file location(s): C:\pagefile.sys 3072 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 456.37 Gb Total Space | 359.08 Gb Free Space | 78.68% Space Free | Partition Type: NTFS
Computer Name: TOYBOX | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Kevin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Kevin\My Documents\Downloads\Advanced SystemCare 7\ASCTray.exe (IObit)
PRC - C:\Documents and Settings\Kevin\My Documents\Downloads\Advanced SystemCare 7\ASCService.exe (IObit)
PRC - C:\Program Files\McAfee\MSC\McAPExe.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
PRC - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe (Seagate)
PRC - C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe (American Power Conversion Corporation)
PRC - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
PRC - C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe (Dell)
PRC - C:\WINDOWS\system32\dlcdcoms.exe ()
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Documents and Settings\Kevin\My Documents\Downloads\Advanced SystemCare 7\sqlite3.dll ()
MOD - C:\Documents and Settings\Kevin\My Documents\Downloads\Advanced SystemCare 7\webres.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\dlcdcfg.dll ()
MOD - C:\WINDOWS\system32\dlcdserv.dll ()
MOD - C:\WINDOWS\system32\dlcdlmpm.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 944\dlcdpplc.dll ()
MOD - C:\WINDOWS\system32\dlcdcoms.exe ()
MOD - C:\Program Files\Dell Photo AIO Printer 944\dlcdcomc.dll ()
MOD - C:\WINDOWS\system32\dlcdprox.dll ()
MOD - C:\WINDOWS\system32\dlcdusb1.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 944\dlcdcfg.dll ()
MOD - C:\WINDOWS\system32\dlcdcnv4.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 944\dlcddrec.dll ()
========== Services (SafeList) ==========
SRV - (KodakCCS) -- C:\WINDOWS\system32\drivers\KodakCCS.exe File not found
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdvancedSystemCareService7) -- C:\Documents and Settings\Kevin\My Documents\Downloads\Advanced SystemCare 7\ASCService.exe (IObit)
SRV - (LiveUpdateSvc) -- C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe (IObit)
SRV - (McAPExe) -- C:\Program Files\McAfee\MSC\McAPExe.exe (McAfee, Inc.)
SRV - (mfecore) -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV - (SecureUpdateSvc) -- C:\Program Files\Secure Speed Dial\IE\SecureUpdate.exe ()
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcpltsvc) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcbootdelaystartsvc) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (HomeNetSvc) -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (JavaQuickStarterService) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation)
SRV - (SgtSch2Svc) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe (Seagate)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (ELService) -- C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe (Intel Corporation)
SRV - (APC UPS Service) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
SRV - (dlcd_device) -- C:\WINDOWS\system32\dlcdcoms.exe ()
SRV - (IAANTMon) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
========== Driver Services (SafeList) ==========
DRV - (Winsock - Google Desktop Search Backup Before Last Install) -- File not found
DRV - (Winsock - Google Desktop Search Backup Before First Install) -- File not found
DRV - (WDICA) -- File not found
DRV - (wanatw) -- system32\DRIVERS\wanatw4.sys File not found
DRV - (usbcm) -- system32\DRIVERS\usbcm.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (bvrp_pci) -- File not found
DRV - (mbamchameleon) -- C:\WINDOWS\system32\drivers\mbamchameleon.sys (Malwarebytes Corporation)
DRV - (LHidUsb) -- C:\WINDOWS\system32\drivers\LHidUsb.sys (Logitech, Inc.)
DRV - (mfencrk) -- C:\WINDOWS\system32\drivers\mfencrk.sys (McAfee, Inc.)
DRV - (mfencbdc) -- C:\WINDOWS\system32\drivers\mfencbdc.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (HipShieldK) -- C:\WINDOWS\system32\drivers\HipShieldK.sys (McAfee, Inc.)
DRV - (timounter) -- C:\WINDOWS\system32\drivers\timntr.sys (Acronis)
DRV - (vididr) -- C:\WINDOWS\system32\drivers\vididr.sys (Acronis)
DRV - (vidsflt53) -- C:\WINDOWS\system32\drivers\vsflt53.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\drivers\snapman.sys (Acronis)
DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (ELhid) -- C:\WINDOWS\system32\drivers\ELhid.sys (Intel Corporation)
DRV - (ELmon) -- C:\WINDOWS\system32\drivers\ELmon.sys (Intel Corporation)
DRV - (ELkbd) -- C:\WINDOWS\system32\drivers\ELkbd.sys (Intel Corporation)
DRV - (ELmou) -- C:\WINDOWS\system32\drivers\ELmou.sys (Intel Corporation)
DRV - (ELacpi) -- C:\WINDOWS\system32\drivers\ELacpi.sys (Intel Corporation)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr7/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&client=dell
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com?type=198484&fr=spigot-yhp-ie
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\..\SearchScopes,DefaultScope = {0FF4A0C4-D3EB-438E-A53E-A94C5694C916}
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\..\SearchScopes\{0FF4A0C4-D3EB-438E-A53E-A94C5694C916}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\..\SearchScopes\{306851AB-2967-45E2-B485-4E5B3C1A21E5}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\Kevin\Application Data\nprhapengine.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/28 19:21:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/28 19:21:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/28 19:21:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/01/19 22:04:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/01/16 09:09:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2014/01/20 12:02:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739}: C:\Program Files\SiteAdvisor\6261\FF\ [2008/06/23 17:52:42 | 000,000,000 | ---D | M]
[2008/09/07 18:57:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Extensions
[2013/05/18 21:00:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/12 07:34:28 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/12/12 07:34:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions
[2013/12/12 07:34:13 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/08/11 10:09:13 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
O1 HOSTS File: ([2014/01/28 16:49:14 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Reg Error: Value error.) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
O2 - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Documents and Settings\Kevin\My Documents\Downloads\IObit Uninstaller\UninstallExplorer32.dll (IObit)
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
O3 - HKLM\..\Toolbar: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Documents and Settings\Kevin\My Documents\Downloads\IObit Uninstaller\UninstallExplorer32.dll (IObit)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
O4 - HKLM..\Run: [DLCDCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.DLL ()
O4 - HKLM..\Run: [dlcdmon.exe] C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe (Dell)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006..\Run: [Advanced SystemCare 7] C:\Documents and Settings\Kevin\My Documents\Downloads\Advanced SystemCare 7\ASCTray.exe (IObit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\Kevin\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342719157853 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 184.63.96.68 184.63.96.69
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00363636-33FF-484C-A8F8-89AC0BAF378A}: DhcpNameServer = 184.63.96.68 184.63.96.69
O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6a7c86ed-15f7-11e2-9f10-ca672b9b391e}\Shell - "" = AutoRun
O33 - MountPoints2\{6a7c86ed-15f7-11e2-9f10-ca672b9b391e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6a7c86ed-15f7-11e2-9f10-ca672b9b391e}\Shell\AutoRun\command - "" = E:\unlock.exe autoplay=true
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2014/01/28 17:40:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Desktop\Old Firefox Data
[2014/01/28 16:49:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/01/28 09:20:08 | 000,107,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/01/28 08:03:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Desktop\RK_Quarantine
[2014/01/27 21:53:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/01/27 21:46:59 | 000,000,000 | --SD | C] -- C:\ComboFix
[2014/01/27 20:32:54 | 001,933,048 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Kevin\Desktop\rkill.scr
[2014/01/27 20:32:41 | 001,933,048 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Kevin\Desktop\rkill.com
[2014/01/27 19:20:19 | 001,933,048 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Kevin\Desktop\rkill.exe
[2014/01/27 15:28:07 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2014/01/27 13:55:41 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2014/01/27 13:52:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2014/01/27 13:52:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2014/01/27 13:52:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2014/01/27 13:52:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2014/01/27 13:48:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/01/27 09:58:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kevin\Desktop\OTL.exe
[2014/01/25 05:51:16 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Kevin\Desktop\dds.scr
[2014/01/24 13:40:40 | 000,052,312 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/01/24 13:05:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Application Data\TechCheck
[2014/01/24 08:35:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2014/01/20 16:06:11 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2014/01/20 16:06:11 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe
[2014/01/20 15:53:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Application Data\ElevatedDiagnostics
[2014/01/20 15:30:22 | 000,037,804 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LHidUsb.sys
[2014/01/20 15:29:29 | 000,083,808 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\NicInstE.dll
[2014/01/20 15:29:28 | 000,028,272 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\NicCo2.dll
[2014/01/20 15:15:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood(2)
[2014/01/07 11:11:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\My Documents\Job Hunt 2014
[2013/12/31 10:58:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IObit Uninstaller
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\Kevin\Desktop\*.tmp files -> C:\Documents and Settings\Kevin\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/01/28 17:42:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/01/28 16:53:31 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2014/01/28 16:51:17 | 000,000,332 | ---- | M] () -- C:\WINDOWS\tasks\ASC7_PerformanceMonitor.job
[2014/01/28 16:50:46 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/01/28 16:50:36 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-590471348-4020301897-3148249993-1006.job
[2014/01/28 16:50:36 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-590471348-4020301897-3148249993-1007.job
[2014/01/28 16:50:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/01/28 16:50:07 | 2145,554,432 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/28 16:49:14 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2014/01/28 11:01:52 | 000,107,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/01/28 10:21:51 | 000,052,312 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/01/28 08:01:50 | 003,794,432 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\RogueKiller.exe
[2014/01/27 20:32:54 | 001,933,048 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Kevin\Desktop\rkill.scr
[2014/01/27 20:32:41 | 001,933,048 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Kevin\Desktop\rkill.com
[2014/01/27 19:20:19 | 001,933,048 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Kevin\Desktop\rkill.exe
[2014/01/27 15:23:39 | 002,218,636 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\tdsskiller.zip
[2014/01/27 15:09:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-590471348-4020301897-3148249993-1006.job
[2014/01/27 13:56:13 | 000,000,326 | RHS- | M] () -- C:\boot.ini
[2014/01/27 09:58:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kevin\Desktop\OTL.exe
[2014/01/26 09:40:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/01/26 09:38:04 | 000,445,890 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/01/26 09:38:04 | 000,073,096 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/01/25 05:51:16 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Kevin\Desktop\dds.scr
[2014/01/21 07:54:16 | 000,023,325 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2014/01/20 15:30:23 | 000,037,804 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LHidUsb.sys
[2014/01/20 15:29:29 | 000,309,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\Prounstl.exe
[2014/01/20 15:29:29 | 000,083,808 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\NicInstE.dll
[2014/01/20 15:29:29 | 000,028,272 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\NicCo2.dll
[2014/01/20 15:29:28 | 000,121,440 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\e1000msg.dll
[2014/01/20 15:29:28 | 000,002,876 | ---- | M] () -- C:\WINDOWS\System32\e1e5132.din
[2014/01/20 13:12:22 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/01/20 13:09:14 | 000,000,230 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2014/01/20 12:29:35 | 000,000,057 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2014/01/15 20:13:00 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-590471348-4020301897-3148249993-1007.job
[2014/01/07 12:39:25 | 000,000,427 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\Shortcut to Job Hunt 2014.lnk
[2013/12/31 11:47:01 | 001,828,993 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\Special Edition Use Care Guide Keurig K65.pdf
[2013/12/31 11:07:51 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\Kevin\Desktop\*.tmp files -> C:\Documents and Settings\Kevin\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/01/28 08:01:49 | 003,794,432 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\RogueKiller.exe
[2014/01/27 15:23:42 | 002,218,636 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\tdsskiller.zip
[2014/01/27 13:52:18 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2014/01/27 13:52:17 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2014/01/27 13:52:17 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2014/01/27 13:52:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2014/01/26 09:40:04 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2014/01/26 09:09:56 | 2145,554,432 | -HS- | C] () -- C:\hiberfil.sys
[2014/01/20 13:09:14 | 000,000,230 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2014/01/19 22:05:42 | 000,002,951 | ---- | C] () -- C:\WINDOWS\System32\drivers\mfencbdc.inf
[2014/01/19 22:05:42 | 000,002,641 | ---- | C] () -- C:\WINDOWS\System32\drivers\mfencrk.inf
[2014/01/07 12:39:25 | 000,000,427 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\Shortcut to Job Hunt 2014.lnk
[2013/12/31 11:47:11 | 001,828,993 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\Special Edition Use Care Guide Keurig K65.pdf
[2013/09/08 18:48:32 | 000,268,968 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2012/03/25 08:45:30 | 000,000,825 | ---- | C] () -- C:\Documents and Settings\Kevin\Application Data\burnaware.ini
[2012/02/18 08:10:39 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2009/12/22 17:09:59 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\kodakpcd.ini
[2007/02/05 10:04:23 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\Kevin\Application Data\FixVTS.ini
[2006/11/23 10:52:56 | 000,001,894 | ---- | C] () -- C:\Documents and Settings\Kevin\default.pls
[2006/07/13 21:05:11 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2006/03/25 00:03:49 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Kevin\Application Data\dvd.bmk
[2006/03/08 20:31:14 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/03/07 19:32:19 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\fusioncache.dat
========== ZeroAccess Check ==========
[2005/08/16 05:39:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2007/12/25 13:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2011/07/30 16:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2014/01/25 06:05:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2013/03/09 19:57:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Licenses
[2006/03/30 15:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MCA30.tmp
[2006/03/30 15:47:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MCA3A.tmp
[2007/10/23 16:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2012/08/28 15:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2014/01/27 14:02:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ProductData
[2012/09/05 17:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2011/08/23 19:32:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2014/01/28 14:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/02/03 13:24:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TSMDelux
[2012/08/28 18:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2013/11/22 22:26:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
[2011/08/20 07:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2013/01/22 08:16:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{BDDB56DE-AE4E-48A2-B856-FB60C8498453}
[2013/01/22 08:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
[2012/09/05 17:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\A7389BEA-FD6B-409A-A860-F7619255E4AB
[2013/01/02 23:52:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\calibre
[2011/07/30 16:06:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\DJ ToneXpress
[2014/01/20 15:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\ElevatedDiagnostics
[2014/01/20 15:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\IObit
[2006/03/07 21:11:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Leadertech
[2007/01/26 12:11:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\My Games
[2012/08/28 19:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Oracle
[2012/08/28 15:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\PCDr
[2007/02/05 09:52:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\RipIt4Me
[2012/05/20 09:25:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Kevin\Application Data\RPPrivate
[2012/09/05 17:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Seagate
[2010/02/22 09:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Skinux
[2014/01/24 13:05:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\TechCheck
[2006/03/26 16:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\Leadertech
[2009/12/24 12:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\Skinux
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F9819010
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >
Looks better, how is your system behaving now ?
Kman1566
2014-01-29, 03:20
Better - Firefox home page seems to stay as I set it. Mcafee still does not seem to be downloading updates though= 0% complete after several minutes and does not look right as text is cut off on right side of window.
Why dont you try uninstalling McAfee and then reinstalling it, make sure you have the installation disk or a link to download it from there site, also make sure that you have the serial number so that you can reactivate it when your done.
Another option would be to post in there forum for help, like this forum its free but you will have to register.
https://community.mcafee.com/threads
Let me know how it went and if no luck I have other forums that you can post at to get this fixed
Ken :)
Kman1566
2014-01-29, 03:39
I do have McAfee Virtual Technician that I thought I would try but I did not want to run any type of tool or fixer while you were still working on my computer. Last year some time my hard drive was failing mechanically so I backed up my drive to an external, I was afraid to connect it until my computer was clean, could I replace current files from there or should I go to the forums?
Is the drive we just cleaned to one that was failing ? When you say backed up, do you mean the entire drive and operating system of just some files and pictures ?
Kman1566
2014-01-29, 06:07
Sorry for not being more clear. My computers internal hard drive was sounding like a blender full of ice when I tried to turn my computer on, I don't recall the the exact message but it could not see the drive. I was able after about 10 attempts to get it to turn on and boot up. I copied the entire internal drive to the external, installed a brand new internal drive and and then "cloned" (?) it to be as the original. This was quite a while ago I am not sure when but I think it was late 2012 or early 2013. Everything seemed to be fine, it worked well and have only used the external as a backup once or twice since then so it should be clean. I almost forgot I had it.... sorry I did not mention it earlier.
Kman1566
2014-01-29, 06:26
I am so sorry I did not even think about the backup until you mentioned the McAfee disk, I was trying to think where the disk could be as I moved to a new home a few months ago and still have a lot of stuff in boxes, then it dawned on me that I have a backup. Yes it has everything on it. I am so sorry I did not think of this 2 days ago.
Good Morning,
What you can do is to hook up your external drive, then go to My Computer, right click on the drive and have McAfee run a scan of the drive
Then you can also with the drive hooked up is to run a Full Scan with Malwarebytes and make sure the drive is checked
If nothing is found than you should be ok
Kman1566
2014-01-30, 16:35
Greetings,
I scanned with Mcafee and Malwarebytes both found NO Issues.
Combofix running as a system? I do see it in My Computer C:\. It seems to "duplicate" the C drive. Should I do anything with this?
Greatfully,
Kman1566
Lets do this
Click START then RUN
Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.
http://i526.photobucket.com/albums/cc345/MPKwings/CF-Uninstall.png
When shown the disclaimer, Select "2"
The above procedure will:
Delete the following:
ComboFix and its associated files and folders.
VundoFix backups, if present
The C:_OtMoveIt folder, if present
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Reset System Restore.
Then let me know how your system is behaving now ???
Kman1566
2014-01-30, 17:16
I get a message that states= windows cannot find ComboFix
Kman1566
2014-01-30, 17:25
When I open "MY Computer" I do see the folder ComboFix... should I use the "browse" on the run window to locate it myself?
That folder just contains the logs , you can delete it
Go into Task Manager by pressing Ctrl...Alt..Del on your keyboard and if any of these are running End Process on them
sed
grep
cfexe
Go ahead and run a new scan with OTL and post the log
Kman1566
2014-01-30, 18:27
Did not see
sed
grep
cfexe
Here is the scan log
OTL logfile created on: 1/30/2014 10:46:47 AM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Kevin\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 0.78 Gb Available Physical Memory | 39.17% Memory free
4.85 Gb Paging File | 3.73 Gb Available in Paging File | 76.97% Paging File free
Paging file location(s): C:\pagefile.sys 3072 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 456.37 Gb Total Space | 358.94 Gb Free Space | 78.65% Space Free | Partition Type: NTFS
Drive E: | 22.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 931.48 Gb Total Space | 878.43 Gb Free Space | 94.30% Space Free | Partition Type: NTFS
Computer Name: TOYBOX | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Kevin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Kevin\My Documents\Downloads\Advanced SystemCare 7\ASCTray.exe (IObit)
PRC - C:\Documents and Settings\Kevin\My Documents\Downloads\Advanced SystemCare 7\ASCService.exe (IObit)
PRC - C:\Program Files\McAfee\MSC\McAPExe.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
PRC - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe (Seagate)
PRC - C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe (American Power Conversion Corporation)
PRC - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
PRC - C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe (Dell)
PRC - C:\WINDOWS\system32\dlcdcoms.exe ()
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
========== Modules (No Company Name) ==========
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3cfe541801464f814cda12ab6e689ce9\Microsoft.VisualBasic.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\e42add37a8042c021319c3dfa982e208\System.ServiceModel.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\2d837a3e24db0f672c71f3ecda4ca5f3\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\75145e5d0633bc01a8ad6094c842f748\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Documents and Settings\Kevin\My Documents\Downloads\Advanced SystemCare 7\sqlite3.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bae93d40999e6497d4efb81429d15943\PresentationFramework.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\065efe0fe58c464f5fb108cb0791e6ad\PresentationCore.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\c25798162f0e3229e9754b28f5b6d9dd\WindowsBase.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\02257c6b67db33c194fa3beccf977afb\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\1b7600e7fe5e152f21ba6d79f3c0c3b6\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\cf3c9d1496acdcb836853e59fe20223b\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\9c02362e677418460c52569019a266e4\System.EnterpriseServices.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\b01bf82d99cca42b8140884fb833583d\System.Transactions.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\5013900c3c0610c88059fcb8f1f4acb4\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b34cb206ab0cec687c3730b14cdff57\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\cab8d2f8933390bab32c35c5c6a479bd\System.Configuration.Install.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15fd2d2f4e709154b44187a6915db244\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\d003678ca517c092dcbfba8eb093492a\CustomMarshalers.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e729dd9b653def0664bf0efcf22dc112\PresentationFramework.Luna.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\ea6d629845ae70ac07d65ff9663d723e\Microsoft.VisualC.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll ()
MOD - C:\Documents and Settings\Kevin\My Documents\Downloads\Advanced SystemCare 7\webres.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\System.Data.SQLite.dll ()
MOD - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.Controls.dll ()
MOD - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
MOD - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\System.Data.SQLite.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\dlcdcfg.dll ()
MOD - C:\WINDOWS\system32\dlcdserv.dll ()
MOD - C:\WINDOWS\system32\dlcdlmpm.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 944\dlcdpplc.dll ()
MOD - C:\WINDOWS\system32\dlcdcoms.exe ()
MOD - C:\Program Files\Dell Photo AIO Printer 944\dlcdcomc.dll ()
MOD - C:\WINDOWS\system32\dlcdprox.dll ()
MOD - C:\WINDOWS\system32\dlcdusb1.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 944\dlcdcfg.dll ()
MOD - C:\WINDOWS\system32\dlcdcnv4.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 944\dlcddrec.dll ()
========== Services (SafeList) ==========
SRV - (KodakCCS) -- C:\WINDOWS\system32\drivers\KodakCCS.exe File not found
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdvancedSystemCareService7) -- C:\Documents and Settings\Kevin\My Documents\Downloads\Advanced SystemCare 7\ASCService.exe (IObit)
SRV - (LiveUpdateSvc) -- C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe (IObit)
SRV - (McAPExe) -- C:\Program Files\McAfee\MSC\McAPExe.exe (McAfee, Inc.)
SRV - (mfecore) -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV - (SecureUpdateSvc) -- C:\Program Files\Secure Speed Dial\IE\SecureUpdate.exe ()
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcpltsvc) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcbootdelaystartsvc) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (HomeNetSvc) -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (JavaQuickStarterService) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation)
SRV - (SgtSch2Svc) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe (Seagate)
SRV - (WDFME) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
SRV - (WDSC) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()
SRV - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (ELService) -- C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe (Intel Corporation)
SRV - (APC UPS Service) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
SRV - (dlcd_device) -- C:\WINDOWS\system32\dlcdcoms.exe ()
SRV - (IAANTMon) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
========== Driver Services (SafeList) ==========
DRV - (Winsock - Google Desktop Search Backup Before Last Install) -- File not found
DRV - (Winsock - Google Desktop Search Backup Before First Install) -- File not found
DRV - (WDICA) -- File not found
DRV - (wanatw) -- system32\DRIVERS\wanatw4.sys File not found
DRV - (usbcm) -- system32\DRIVERS\usbcm.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (bvrp_pci) -- File not found
DRV - (mbamchameleon) -- C:\WINDOWS\system32\drivers\mbamchameleon.sys (Malwarebytes Corporation)
DRV - (LHidUsb) -- C:\WINDOWS\system32\drivers\LHidUsb.sys (Logitech, Inc.)
DRV - (mfencrk) -- C:\WINDOWS\system32\drivers\mfencrk.sys (McAfee, Inc.)
DRV - (mfencbdc) -- C:\WINDOWS\system32\drivers\mfencbdc.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (HipShieldK) -- C:\WINDOWS\system32\drivers\HipShieldK.sys (McAfee, Inc.)
DRV - (timounter) -- C:\WINDOWS\system32\drivers\timntr.sys (Acronis)
DRV - (vididr) -- C:\WINDOWS\system32\drivers\vididr.sys (Acronis)
DRV - (vidsflt53) -- C:\WINDOWS\system32\drivers\vsflt53.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\drivers\snapman.sys (Acronis)
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (ELhid) -- C:\WINDOWS\system32\drivers\ELhid.sys (Intel Corporation)
DRV - (ELmon) -- C:\WINDOWS\system32\drivers\ELmon.sys (Intel Corporation)
DRV - (ELkbd) -- C:\WINDOWS\system32\drivers\ELkbd.sys (Intel Corporation)
DRV - (ELmou) -- C:\WINDOWS\system32\drivers\ELmou.sys (Intel Corporation)
DRV - (ELacpi) -- C:\WINDOWS\system32\drivers\ELacpi.sys (Intel Corporation)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr7/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&client=dell
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com?type=198484&fr=spigot-yhp-ie
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\..\SearchScopes,DefaultScope = {0FF4A0C4-D3EB-438E-A53E-A94C5694C916}
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\..\SearchScopes\{0FF4A0C4-D3EB-438E-A53E-A94C5694C916}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\..\SearchScopes\{306851AB-2967-45E2-B485-4E5B3C1A21E5}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "https://www.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..keyword.url: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p="
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\Kevin\Application Data\nprhapengine.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/28 19:21:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/28 19:21:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/28 19:21:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/01/19 22:04:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/01/16 09:09:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2014/01/20 12:02:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739}: C:\Program Files\SiteAdvisor\6261\FF\ [2008/06/23 17:52:42 | 000,000,000 | ---D | M]
[2008/09/07 18:57:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Extensions
[2013/05/18 21:00:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/12 07:34:28 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/12/12 07:34:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions
[2013/12/12 07:34:13 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\KEVIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RDGM2N4Q.DEFAULT-1390948800390\EXTENSIONS\SPEEDDIAL@INSTAIR.NET
[2012/08/11 10:09:13 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
O1 HOSTS File: ([2014/01/28 16:49:14 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Reg Error: Value error.) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
O2 - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Documents and Settings\Kevin\My Documents\Downloads\IObit Uninstaller\UninstallExplorer32.dll (IObit)
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
O3 - HKLM\..\Toolbar: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Documents and Settings\Kevin\My Documents\Downloads\IObit Uninstaller\UninstallExplorer32.dll (IObit)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
O4 - HKLM..\Run: [DLCDCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.DLL ()
O4 - HKLM..\Run: [dlcdmon.exe] C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe (Dell)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006..\Run: [Advanced SystemCare 7] C:\Documents and Settings\Kevin\My Documents\Downloads\Advanced SystemCare 7\ASCTray.exe (IObit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\Kevin\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342719157853 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 184.63.96.68 184.63.96.69
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00363636-33FF-484C-A8F8-89AC0BAF378A}: DhcpNameServer = 184.63.96.68 184.63.96.69
O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/02/02 13:14:20 | 000,000,082 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{6a7c86ed-15f7-11e2-9f10-ca672b9b391e}\Shell - "" = AutoRun
O33 - MountPoints2\{6a7c86ed-15f7-11e2-9f10-ca672b9b391e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6a7c86ed-15f7-11e2-9f10-ca672b9b391e}\Shell\AutoRun\command - "" = E:\unlock.exe -- [2011/03/09 14:27:17 | 003,728,752 | R--- | M] (Western Digital)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2014/01/30 08:31:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Local Settings\Application Data\Western_Digital
[2014/01/30 08:30:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2014/01/30 08:27:23 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2014/01/30 08:27:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WD SmartWare
[2014/01/30 07:43:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2014/01/28 20:52:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Desktop\jan 2014 infection fix
[2014/01/28 16:49:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/01/27 21:53:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/01/27 21:46:59 | 000,000,000 | --SD | C] -- C:\ComboFix
[2014/01/27 15:28:07 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2014/01/27 13:55:41 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2014/01/27 13:52:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2014/01/27 13:52:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2014/01/27 13:52:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2014/01/27 13:52:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2014/01/27 13:48:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/01/27 09:58:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kevin\Desktop\OTL.exe
[2014/01/24 13:40:40 | 000,052,312 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/01/24 13:05:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Application Data\TechCheck
[2014/01/24 08:35:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2014/01/20 16:06:11 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2014/01/20 16:06:11 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe
[2014/01/20 15:53:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Application Data\ElevatedDiagnostics
[2014/01/20 15:30:22 | 000,037,804 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LHidUsb.sys
[2014/01/20 15:29:29 | 000,083,808 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\NicInstE.dll
[2014/01/20 15:29:28 | 000,028,272 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\NicCo2.dll
[2014/01/20 15:15:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood(2)
[2014/01/07 11:11:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\My Documents\Job Hunt 2014
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\Kevin\Desktop\*.tmp files -> C:\Documents and Settings\Kevin\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/01/30 10:42:03 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/01/30 08:30:48 | 000,001,057 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
[2014/01/30 08:14:05 | 000,000,332 | ---- | M] () -- C:\WINDOWS\tasks\ASC7_PerformanceMonitor.job
[2014/01/30 08:12:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/01/30 08:12:17 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-590471348-4020301897-3148249993-1006.job
[2014/01/30 08:12:17 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-590471348-4020301897-3148249993-1007.job
[2014/01/30 07:57:05 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2014/01/30 07:53:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/01/30 07:53:35 | 2145,554,432 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/28 16:49:14 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2014/01/28 10:21:51 | 000,052,312 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/01/27 15:09:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-590471348-4020301897-3148249993-1006.job
[2014/01/27 13:56:13 | 000,000,326 | RHS- | M] () -- C:\boot.ini
[2014/01/27 09:58:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kevin\Desktop\OTL.exe
[2014/01/26 09:40:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/01/26 09:38:04 | 000,445,890 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/01/26 09:38:04 | 000,073,096 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/01/21 07:54:16 | 000,023,325 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2014/01/20 15:30:23 | 000,037,804 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LHidUsb.sys
[2014/01/20 15:29:29 | 000,309,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\Prounstl.exe
[2014/01/20 15:29:29 | 000,083,808 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\NicInstE.dll
[2014/01/20 15:29:29 | 000,028,272 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\NicCo2.dll
[2014/01/20 15:29:28 | 000,121,440 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\e1000msg.dll
[2014/01/20 15:29:28 | 000,002,876 | ---- | M] () -- C:\WINDOWS\System32\e1e5132.din
[2014/01/20 13:12:22 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/01/20 13:09:14 | 000,000,230 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2014/01/20 12:29:35 | 000,000,057 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2014/01/15 20:13:00 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-590471348-4020301897-3148249993-1007.job
[2014/01/07 12:39:25 | 000,000,427 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\Shortcut to Job Hunt 2014.lnk
[2013/12/31 11:47:01 | 001,828,993 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\Special Edition Use Care Guide Keurig K65.pdf
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\Kevin\Desktop\*.tmp files -> C:\Documents and Settings\Kevin\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/01/30 08:30:47 | 000,001,057 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
[2014/01/30 07:53:35 | 2145,554,432 | -HS- | C] () -- C:\hiberfil.sys
[2014/01/27 13:52:18 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2014/01/27 13:52:17 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2014/01/27 13:52:17 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2014/01/27 13:52:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2014/01/26 09:40:04 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2014/01/20 13:09:14 | 000,000,230 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2014/01/19 22:05:42 | 000,002,951 | ---- | C] () -- C:\WINDOWS\System32\drivers\mfencbdc.inf
[2014/01/19 22:05:42 | 000,002,641 | ---- | C] () -- C:\WINDOWS\System32\drivers\mfencrk.inf
[2014/01/07 12:39:25 | 000,000,427 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\Shortcut to Job Hunt 2014.lnk
[2013/12/31 11:47:11 | 001,828,993 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\Special Edition Use Care Guide Keurig K65.pdf
[2013/09/08 18:48:32 | 000,268,968 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2012/03/25 08:45:30 | 000,000,825 | ---- | C] () -- C:\Documents and Settings\Kevin\Application Data\burnaware.ini
[2012/02/18 08:10:39 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2009/12/22 17:09:59 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\kodakpcd.ini
[2007/02/05 10:04:23 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\Kevin\Application Data\FixVTS.ini
[2006/11/23 10:52:56 | 000,001,894 | ---- | C] () -- C:\Documents and Settings\Kevin\default.pls
[2006/07/13 21:05:11 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2006/03/25 00:03:49 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Kevin\Application Data\dvd.bmk
[2006/03/08 20:31:14 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/03/07 19:32:19 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\fusioncache.dat
========== ZeroAccess Check ==========
[2005/08/16 05:39:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2007/12/25 13:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2011/07/30 16:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2014/01/25 06:05:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2013/03/09 19:57:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Licenses
[2006/03/30 15:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MCA30.tmp
[2006/03/30 15:47:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MCA3A.tmp
[2007/10/23 16:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2012/08/28 15:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2014/01/27 14:02:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ProductData
[2012/09/05 17:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2011/08/23 19:32:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2014/01/28 14:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/02/03 13:24:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TSMDelux
[2014/01/30 08:31:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2013/11/22 22:26:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
[2011/08/20 07:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2013/01/22 08:16:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{BDDB56DE-AE4E-48A2-B856-FB60C8498453}
[2013/01/22 08:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
[2012/09/05 17:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\A7389BEA-FD6B-409A-A860-F7619255E4AB
[2013/01/02 23:52:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\calibre
[2011/07/30 16:06:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\DJ ToneXpress
[2014/01/20 15:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\ElevatedDiagnostics
[2014/01/20 15:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\IObit
[2006/03/07 21:11:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Leadertech
[2007/01/26 12:11:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\My Games
[2012/08/28 19:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Oracle
[2012/08/28 15:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\PCDr
[2007/02/05 09:52:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\RipIt4Me
[2012/05/20 09:25:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Kevin\Application Data\RPPrivate
[2012/09/05 17:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Seagate
[2010/02/22 09:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Skinux
[2014/01/24 13:05:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\TechCheck
[2006/03/26 16:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\Leadertech
[2009/12/24 12:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\Skinux
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F9819010
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >
Your fine,
You can delete this C:\Qoobox
Drag Combofix to the trash
How is everything running now ?
Kman1566
2014-01-30, 19:06
Seems to be good except I am still unable to Disable my "Local Area Connection" by right clicking the icon and selecting disable. I get an "ERROR DISABLING CONNECTION" message that states the connection may be using one or more protocols that do not support Plug-and-Play or that it may have been initiated by another user or system account. This just seems odd as I never saw this message before. I went to "show all connections" and attempted to delete it in order to create a new one and received the same message. Should I be concerned?
No, not sure whats up with that. If your concerned you can post at Whathetech in there networking forum as all we do on this one is malware removal, like safer its free but you will need to register and create and account
http://forums.whatthetech.com/index.php?showforum=128
Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.
Malwarebytes is the free version and yours to keep and will not be removed
How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)
Safe Surfn
Ken
Kman1566
2014-01-30, 19:31
Will do, also I did check the McAfee forums and there does seem to be alot if Updating Issues so I will continue with their online support.
Thanks again for all your help, time and patience,
Greatfully,
Kman1566
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.