malware has removed the desktop icons

**fmy321** · 2013-10-22, 19:06

Hi OCD,

I have a question or two before I start.

You said that I need to have the XP product key. However, my Dell computer did not come with disks. My system has an on board “Dell PC Restore” option. This is what the manual says about it:

Using Dell™ PC Restore by Symantec
NOTE: Dell PC Restore is not available in all countries.
Use Dell PC Restore by Symantec only as the last method to restore your operating system. PC
Restore restores your hard drive to the operating state it was in when you purchased the computer.
Any programs or files added since you received your computer—including data files—are
permanently deleted from the hard drive. Data files include documents, spreadsheets, e-mail
messages, digital photos, music files, and so on. If possible, back up all data before using PC
Restore.
NOTICE: Using PC Restore permanently deletes all data on the hard drive and removes any applications
or drivers installed after you received your computer. If possible, back up the data before using PC
Restore.

If this isn’t good enough, the two cds I have (obtained from friends) are:

1. “Microsoft Windows XP Professional, Version 2002”, my friend just had the disk without the sleeve. I have no product key.
2. “Dell Reinstallation CD, Microsoft Windows XP Professional Service Pack 2”…this disk came in a sleeve with a key on it. Key is only 20 characters long. Don’t know if this is the XP product key?

Which do you think is my best option?

fmy321

**OCD** · 2013-10-22, 21:29

Hi fmy321,

Which do you think is my best option? My system has an on board “Dell PC Restore” option

This would be the preferred method.

If there are no other questions, feel free to start the Restore process when you are ready. Post back when you have completed it.

You will still need to get the latest Windows updates as well as an Anti-Virus and Firewall before you go about re-installing any other software.

=========================

Good Luck!

**fmy321** · 2013-10-23, 23:06

Hi OCD,

I performed the pc restore. It seemed to go fine except. The first thing I did after going through the XP start up process was to do a Windows Update. I tried several times, and rebooted and tried again. I keep getting an error from the windows update site (0x80190194). Do I need to download SP3 manually?

fmy321

**OCD** · 2013-10-24, 06:02

Hi fmy321,

Do I need to download SP3 manually?

Yes, you probably need to do that before it will allow you to install the remainder of the updates required.

Go here to download Windows XP SP3 - http://www.microsoft.com/download/en...aspx?&id=25129

=========================

**fmy321** · 2013-10-25, 00:58

Hi OCD,

I now have all the Windows updates installed. I also have installed Comodo Firewall and Malwarebytes and updated both programs.

Is there something else I should do? Should we check again to make sure the infections are gone?

fmy321

**OCD** · 2013-10-25, 03:36

Hi fmy321,

Which Anti-Virus did you install?

=========================

Since it is a clean install there shouldn't be any malware present. But if you'd like to check to be sure go ahead and run OTL.

Download OTL to your desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
  Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

=========================

In your next post please provide the following:

OTL.txt
Extras.txt

**fmy321** · 2013-10-25, 14:58

Hi OCD,

Sorry, I forgot to mention I installed McAfee anti-virus.

Here is the otl.txt log.

OTL logfile created on: 10/25/2013 8:19:19 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Fred Youngs\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 456.96 Mb Available Physical Memory | 45.06% Memory free
2.38 Gb Paging File | 1.82 Gb Available in Paging File | 76.26% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.21 Gb Total Space | 37.70 Gb Free Space | 73.62% Space Free | Partition Type: NTFS
Drive D: | 18.60 Gb Total Space | 3.16 Gb Free Space | 16.96% Space Free | Partition Type: NTFS

Computer Name: FMYOFFICE | User Name: Fred Youngs | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Fred Youngs\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Program Files\Comodo\COMODO Internet Security\cis.exe (COMODO)
PRC - C:\Program Files\Comodo\COMODO Internet Security\CisTray.exe (COMODO)
PRC - C:\Program Files\Comodo\GeekBuddy\unit_manager.exe (Comodo Security Solutions, Inc.)
PRC - C:\Program Files\Comodo\GeekBuddy\unit.exe (Comodo Security Solutions, Inc.)
PRC - C:\Program Files\Common Files\COMODO\launcher_service.exe (Comodo Security Solutions, Inc.)
PRC - C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
PRC - C:\Program Files\Comodo\Dragon\dragon_updater.exe ()
PRC - C:\Program Files\Comodo\COMODO Internet Security\cavwp.exe (COMODO)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\McTray.exe (McAfee, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\Comodo\GeekBuddy\QtGui4.dll ()
MOD - C:\Program Files\Comodo\GeekBuddy\QtCore4.dll ()
MOD - C:\Program Files\Comodo\GeekBuddy\QtScript4.dll ()
MOD - C:\Program Files\Comodo\GeekBuddy\QtNetwork4.dll ()
MOD - C:\Program Files\Comodo\Dragon\dragon_updater.exe ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\Program Files\McAfee\Common Framework\boost_thread-vc71-mt-1_32.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
MOD - C:\Program Files\McAfee\Common Framework\cryptocme2.dll ()

========== Services (SafeList) ==========

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (cmdAgent) -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (CLPSLauncher) -- C:\Program Files\Common Files\COMODO\launcher_service.exe (Comodo Security Solutions, Inc.)
SRV - (GeekBuddyRSP) -- C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
SRV - (DragonUpdater) -- C:\Program Files\Comodo\Dragon\dragon_updater.exe ()
SRV - (cmdvirth) -- C:\Program Files\Comodo\COMODO Internet Security\cmdvirth.exe (COMODO)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe (McAfee, Inc.)
SRV - (McAfeeEngineService) -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe (McAfee, Inc.)
SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)

========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (Changer) -- File not found
DRV - (bvrp_pci) -- File not found
DRV - (HMD) -- C:\WINDOWS\system32\drivers\hmd.sys ()
DRV - (cmdGuard) -- C:\WINDOWS\system32\drivers\cmdGuard.sys (COMODO)
DRV - (Inspect) -- C:\WINDOWS\system32\drivers\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\WINDOWS\system32\drivers\cmdhlp.sys (COMODO)
DRV - (cmderd) -- C:\WINDOWS\system32\drivers\cmderd.sys (COMODO)
DRV - (CFRMD) -- C:\WINDOWS\system32\drivers\CFRMD.sys (Windows (R) Win 7 DDK provider)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdik) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (wanatw) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\WINDOWS\ [2013/10/25 08:12:30 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

O1 HOSTS File: ([2004/08/10 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\Comodo\COMODO Internet Security\CisTray.exe (COMODO)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [tvncontrol] C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Start GeekBuddy.lnk = C:\Program Files\Comodo\GeekBuddy\launcher.exe (Comodo Security Solutions, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/...ndows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/...ndows-i586.cab (Java Plug-in 1.4.2_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E48B5C5D-B57B-4B8F-ABFC-7E92C03D5533}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E48B5C5D-B57B-4B8F-ABFC-7E92C03D5533}: NameServer = 156.154.70.22,156.154.71.22
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Fred Youngs\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Fred Youngs\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/25 08:18:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Fred Youngs\Desktop\OTL.exe
[2013/10/25 08:15:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2013/10/25 08:09:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2013/10/25 07:56:00 | 000,066,600 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2013/10/25 07:55:59 | 000,343,920 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2013/10/25 07:55:59 | 000,091,832 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2013/10/25 07:55:59 | 000,075,704 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2013/10/25 07:55:59 | 000,064,208 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdik.sys
[2013/10/25 07:55:59 | 000,043,288 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2013/10/25 07:55:58 | 000,070,728 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe
[2013/10/25 07:55:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2013/10/25 07:55:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Cisco Systems
[2013/10/25 07:54:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2013/10/24 15:09:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\COMODO
[2013/10/24 15:09:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\COMODO
[2013/10/24 15:04:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred Youngs\Application Data\Malwarebytes
[2013/10/24 15:04:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/10/24 15:04:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/10/24 15:04:46 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/10/24 15:04:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/10/24 15:02:36 | 000,000,000 | -H-D | C] -- C:\VTRoot
[2013/10/24 14:57:14 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Shared Space
[2013/10/24 14:56:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\COMODO
[2013/10/24 14:56:05 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll
[2013/10/24 14:55:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\COMODO
[2013/10/24 14:54:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Comodo
[2013/10/24 14:54:42 | 000,048,392 | ---- | C] (COMODO CA Limited) -- C:\WINDOWS\System32\certsentry.dll
[2013/10/24 14:54:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred Youngs\Local Settings\Application Data\COMODO
[2013/10/24 14:54:30 | 000,000,000 | ---D | C] -- C:\Program Files\Comodo
[2013/10/24 14:54:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo Downloader
[2013/10/24 14:51:01 | 199,389,360 | ---- | C] (COMODO) -- C:\Documents and Settings\Fred Youngs\Desktop\cfw_installer.exe
[2013/10/24 12:49:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2013/10/24 12:34:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[2013/10/24 12:26:02 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2013/10/24 12:10:39 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2013/10/24 12:10:26 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll
[2013/10/24 12:10:25 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2013/10/24 12:09:46 | 000,456,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2013/10/24 12:09:28 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2013/10/24 12:09:02 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2013/10/24 12:08:46 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2013/10/24 12:08:36 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidparse.sys
[2013/10/24 12:08:36 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2013/10/24 12:08:10 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2013/10/24 12:08:10 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2013/10/24 12:08:05 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2013/10/24 12:07:16 | 000,123,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbvideo.sys
[2013/10/24 12:07:16 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2013/10/24 12:07:16 | 000,046,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irbus.sys
[2013/10/24 12:07:04 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys
[2013/10/24 12:07:04 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023.sys
[2013/10/24 12:06:59 | 000,144,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbport.sys
[2013/10/24 12:06:59 | 000,032,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2013/10/24 12:06:59 | 000,030,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbehci.sys
[2013/10/24 12:06:59 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbd.sys
[2013/10/24 12:05:43 | 000,522,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2013/10/24 12:05:27 | 000,139,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2013/10/24 12:05:19 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2013/10/24 12:05:13 | 000,536,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado15.dll
[2013/10/24 12:04:28 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2013/10/24 12:04:18 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2013/10/24 12:03:33 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2013/10/24 12:02:19 | 002,149,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2013/10/24 12:02:18 | 002,193,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2013/10/24 12:02:18 | 002,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2013/10/24 12:02:18 | 002,028,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2013/10/24 12:01:53 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2013/10/24 11:59:41 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2013/10/24 11:47:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2013/10/24 09:13:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2013/10/24 09:13:36 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2013/10/24 09:13:35 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2013/10/24 09:13:35 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2013/10/24 09:13:34 | 002,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2013/10/24 09:13:31 | 011,113,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2013/10/24 09:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2013/10/24 09:00:08 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Fred Youngs\IECompatCache
[2013/10/24 08:59:54 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Fred Youngs\PrivacIE
[2013/10/24 08:58:36 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Fred Youngs\IETldCache
[2013/10/24 08:57:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2013/10/24 08:56:57 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2013/10/24 08:55:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred Youngs\My Documents\My Downloads
[2013/10/24 08:55:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Download Manager
[2013/10/24 08:55:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Download Manager
[2013/10/24 08:49:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2013/10/24 08:42:15 | 001,371,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2013/10/24 08:42:15 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2013/10/24 08:42:14 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2013/10/24 08:42:08 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2013/10/24 08:42:08 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2013/10/24 08:42:07 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2013/10/24 08:42:05 | 001,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll
[2013/10/24 08:42:05 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll
[2013/10/24 08:42:05 | 000,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll
[2013/10/24 08:42:05 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll
[2013/10/24 08:42:05 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2013/10/24 08:42:05 | 000,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll
[2013/10/24 08:42:05 | 000,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll
[2013/10/24 08:42:05 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2013/10/24 08:42:05 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll
[2013/10/24 08:42:05 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax
[2013/10/24 08:42:05 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax
[2013/10/24 08:42:05 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2013/10/24 08:42:04 | 000,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2013/10/24 08:42:04 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2013/10/24 08:42:04 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2013/10/24 08:42:04 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2013/10/24 08:42:04 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2013/10/24 08:42:04 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2013/10/24 08:42:04 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2013/10/24 08:42:04 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2013/10/24 08:42:04 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2013/10/24 08:42:04 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2013/10/24 08:42:03 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll
[2013/10/24 08:42:02 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2013/10/24 08:42:02 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2013/10/24 08:42:02 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2013/10/24 08:42:02 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2013/10/24 08:42:02 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2013/10/24 08:42:02 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2013/10/24 08:42:02 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2013/10/24 08:42:02 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2013/10/24 08:42:02 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2013/10/24 08:42:02 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2013/10/24 08:42:01 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll
[2013/10/24 08:42:01 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2013/10/24 08:42:01 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll
[2013/10/24 08:42:01 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2013/10/24 08:42:01 | 000,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll
[2013/10/24 08:42:01 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2013/10/24 08:42:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2013/10/24 08:42:01 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2013/10/24 08:42:01 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2013/10/24 08:42:01 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll
[2013/10/24 08:42:01 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2013/10/24 08:42:01 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2013/10/24 08:42:01 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2013/10/24 08:42:00 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2013/10/24 08:42:00 | 000,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2013/10/24 08:42:00 | 000,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll
[2013/10/24 08:42:00 | 000,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
[2013/10/24 08:42:00 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2013/10/24 08:42:00 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2013/10/24 08:42:00 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
[2013/10/24 08:42:00 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2013/10/24 08:42:00 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe
[2013/10/24 08:41:58 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\slrundll.exe
[2013/10/24 08:41:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2013/10/24 08:41:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2013/10/24 08:41:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2013/10/24 08:41:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2013/10/24 08:41:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2013/10/24 08:39:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2013/10/24 08:38:15 | 000,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2013/10/24 08:38:15 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2013/10/24 08:38:15 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2013/10/24 08:38:15 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2013/10/24 08:38:15 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2013/10/24 08:38:15 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2013/10/24 08:38:15 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2013/10/24 08:38:15 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2013/10/24 08:38:15 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2013/10/24 08:38:15 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2013/10/24 08:38:15 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2013/10/24 08:38:15 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2013/10/24 08:38:15 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2013/10/24 08:38:15 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2013/10/24 08:38:15 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2013/10/24 08:38:15 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2013/10/24 08:38:15 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2013/10/24 08:38:15 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2013/10/24 08:38:15 | 000,021,183 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2013/10/24 08:38:15 | 000,017,279 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2013/10/24 08:38:15 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2013/10/24 08:38:15 | 000,014,143 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2013/10/24 08:38:15 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2013/10/24 08:38:15 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2013/10/24 08:38:15 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2013/10/24 08:38:15 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2013/10/24 08:38:15 | 000,011,359 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2013/10/24 08:38:15 | 000,004,255 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2013/10/24 08:38:15 | 000,003,967 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2013/10/24 08:38:15 | 000,003,775 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2013/10/24 08:38:15 | 000,003,711 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2013/10/24 08:38:15 | 000,003,647 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2013/10/24 08:38:15 | 000,003,615 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2013/10/24 08:38:15 | 000,003,135 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2013/10/24 08:38:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2013/10/24 08:38:14 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2013/10/24 08:38:14 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2013/10/24 08:38:14 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2013/10/24 08:38:14 | 000,015,423 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2013/10/24 08:38:13 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2013/10/24 08:38:13 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2013/10/24 08:38:13 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2013/10/24 08:38:13 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2013/10/24 08:38:13 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2013/10/24 08:38:13 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2013/10/24 08:38:13 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2013/10/24 08:38:13 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2013/10/24 08:38:13 | 000,022,271 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2013/10/24 08:38:13 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2013/10/24 08:38:13 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2013/10/24 08:38:13 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2013/10/24 08:38:13 | 000,011,935 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2013/10/24 08:38:13 | 000,011,871 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2013/10/24 08:38:13 | 000,011,807 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2013/10/24 08:38:13 | 000,011,325 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2013/10/24 08:38:13 | 000,011,295 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2013/10/24 08:38:13 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2013/10/24 08:38:13 | 000,003,901 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2013/10/24 08:37:21 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2013/10/24 08:35:21 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2013/10/24 08:32:40 | 331,805,736 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Fred Youngs\Desktop\WindowsXP-KB936929-SP3-x86-ENU.exe
[2013/10/23 16:25:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred Youngs\Application Data\Macromedia
[2013/10/23 16:20:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[2013/10/23 16:12:22 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Fred Youngs\UserData
[2013/10/23 16:11:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred Youngs\Application Data\McAfee.com Personal Firewall
[2013/10/23 16:10:33 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Fred Youngs\Application Data\Microsoft
[2013/10/23 16:10:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Fred Youngs\SendTo
[2013/10/23 16:10:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Fred Youngs\Recent
[2013/10/23 16:10:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Fred Youngs\Application Data
[2013/10/23 16:10:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Fred Youngs\My Documents\My Pictures
[2013/10/23 16:10:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Fred Youngs\My Documents\My Music
[2013/10/23 16:10:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Fred Youngs\My Documents
[2013/10/23 16:10:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Fred Youngs\Favorites
[2013/10/23 16:10:33 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Fred Youngs\Cookies
[2013/10/23 16:10:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Fred Youngs\PrintHood
[2013/10/23 16:10:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Fred Youngs\NetHood
[2013/10/23 16:10:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Fred Youngs\Local Settings
[2013/10/23 16:10:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Fred Youngs\Application Data\Gtek
[2013/10/23 16:10:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred Youngs\Local Settings\Application Data\Wildtangent
[2013/10/23 16:10:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred Youngs\Application Data\Symantec
[2013/10/23 16:10:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred Youngs\Application Data\Sun
[2013/10/23 16:10:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred Youngs\Local Settings\Application Data\Musicmatch
[2013/10/23 16:10:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred Youngs\Local Settings\Application Data\Microsoft
[2013/10/23 16:10:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred Youngs\Application Data\Identities
[2013/10/23 16:10:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred Youngs\Desktop
[2013/10/23 16:10:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred Youngs\Application Data\Corel
[2013/10/23 16:10:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred Youngs\My Documents\CCWin
[2013/10/23 16:10:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred Youngs\Local Settings\Application Data\BVRP Software
[2013/10/23 16:10:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred Youngs\Local Settings\Application Data\ApplicationHistory
[2013/10/23 16:10:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred Youngs\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
[2013/10/23 16:10:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Fred Youngs\Start Menu\Programs\Startup
[2013/10/23 16:10:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Fred Youngs\Start Menu
[2013/10/23 16:10:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Fred Youngs\Start Menu\Programs\Accessories
[2013/10/23 16:10:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Fred Youngs\Templates
[2013/10/23 16:10:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred Youngs\Start Menu\Programs\Dell Accessories
[2013/10/23 16:10:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred Youngs\Start Menu\Programs\Dell
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/25 08:18:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fred Youngs\Desktop\OTL.exe
[2013/10/25 08:17:58 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
[2013/10/25 08:09:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/10/25 08:09:56 | 1063,407,616 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/24 15:15:48 | 000,093,350 | ---- | M] () -- C:\WINDOWS\System32\drivers\fvstore.dat
[2013/10/24 15:13:35 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/10/24 15:09:39 | 000,001,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GeekBuddy.lnk
[2013/10/24 15:09:39 | 000,001,774 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Start GeekBuddy.lnk
[2013/10/24 15:08:15 | 000,001,394 | ---- | M] () -- C:\Documents and Settings\Fred Youngs\Desktop\Media Center.lnk
[2013/10/24 15:05:41 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/24 14:57:21 | 000,001,677 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Firewall.lnk
[2013/10/24 14:57:21 | 000,001,624 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Virtual Comodo Dragon.lnk
[2013/10/24 14:57:21 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Shared Space.lnk
[2013/10/24 14:56:25 | 000,048,392 | ---- | M] (COMODO CA Limited) -- C:\WINDOWS\System32\certsentry.dll
[2013/10/24 14:56:06 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll
[2013/10/24 14:54:49 | 000,000,769 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Comodo Dragon.lnk
[2013/10/24 13:05:09 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/10/24 12:50:39 | 000,381,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/10/24 12:50:39 | 000,053,436 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/10/24 12:46:28 | 000,169,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/10/24 11:04:07 | 000,275,181 | ---- | M] () -- C:\Documents and Settings\Fred Youngs\Desktop\WindowsUpdateDiagnostic.diagcab
[2013/10/24 09:13:26 | 000,002,353 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Download Manager.lnk
[2013/10/24 08:58:38 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Fred Youngs\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/10/24 08:51:06 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2013/10/24 08:38:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2013/10/24 08:32:05 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2013/10/23 16:56:10 | 331,805,736 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Fred Youngs\Desktop\WindowsXP-KB936929-SP3-x86-ENU.exe
[2013/10/23 16:27:49 | 000,034,400 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF
[2013/10/23 16:10:39 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Fred Youngs\Desktop\Windows Media Player.lnk
[2013/10/23 16:10:38 | 000,001,478 | ---- | M] () -- C:\Documents and Settings\Fred Youngs\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2013/10/23 16:10:19 | 000,000,448 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2013/10/23 16:10:15 | 000,000,209 | RHS- | M] () -- C:\boot.ini
[2013/10/23 16:02:25 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2013/10/23 10:42:18 | 199,389,360 | ---- | M] (COMODO) -- C:\Documents and Settings\Fred Youngs\Desktop\cfw_installer.exe
[2013/10/04 04:15:06 | 000,014,272 | ---- | M] () -- C:\WINDOWS\System32\drivers\hmd.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/25 07:52:12 | 102,199,296 | ---- | C] () -- C:\Documents and Settings\Fred Youngs\Desktop\McAfee87i.exe
[2013/10/24 15:05:41 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/24 15:02:37 | 000,093,350 | ---- | C] () -- C:\WINDOWS\System32\drivers\fvstore.dat
[2013/10/24 14:58:44 | 000,000,440 | ---- | C] () -- C:\WINDOWS\tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
[2013/10/24 14:57:21 | 000,001,677 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Firewall.lnk
[2013/10/24 14:57:21 | 000,001,624 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Virtual Comodo Dragon.lnk
[2013/10/24 14:57:21 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Shared Space.lnk
[2013/10/24 14:55:02 | 000,001,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GeekBuddy.lnk
[2013/10/24 14:55:02 | 000,001,774 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Start GeekBuddy.lnk
[2013/10/24 14:54:49 | 000,000,769 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Comodo Dragon.lnk
[2013/10/24 13:04:24 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2013/10/24 12:01:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2013/10/24 12:01:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2013/10/24 11:04:02 | 000,275,181 | ---- | C] () -- C:\Documents and Settings\Fred Youngs\Desktop\WindowsUpdateDiagnostic.diagcab
[2013/10/24 08:55:33 | 000,002,353 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Download Manager.lnk
[2013/10/24 08:38:15 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2013/10/24 08:38:14 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2013/10/24 08:38:13 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2013/10/24 08:32:05 | 000,004,128 | ---- | C] () -- C:\INFCACHE.1
[2013/10/23 16:10:39 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\Fred Youngs\Desktop\Windows Media Player.lnk
[2013/10/23 16:10:34 | 000,002,007 | ---- | C] () -- C:\Documents and Settings\Fred Youngs\Application Data\Microsoft\Internet Explorer\Quick Launch\Play Games.lnk
[2013/10/23 16:10:34 | 000,001,824 | ---- | C] () -- C:\Documents and Settings\Fred Youngs\Application Data\Microsoft\Internet Explorer\Quick Launch\Corel Paint Shop Pro X.lnk
[2013/10/23 16:10:34 | 000,001,769 | ---- | C] () -- C:\Documents and Settings\Fred Youngs\Application Data\Microsoft\Internet Explorer\Quick Launch\Musicmatch Jukebox.lnk
[2013/10/23 16:10:34 | 000,001,478 | ---- | C] () -- C:\Documents and Settings\Fred Youngs\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2013/10/23 16:10:34 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Fred Youngs\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/10/23 16:10:34 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Fred Youngs\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2013/10/23 16:10:34 | 000,000,669 | ---- | C] () -- C:\Documents and Settings\Fred Youngs\Application Data\Microsoft\Internet Explorer\Quick Launch\America Online 9.0.lnk
[2013/10/23 16:10:34 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Fred Youngs\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2013/10/23 16:10:33 | 000,001,503 | ---- | C] () -- C:\Documents and Settings\Fred Youngs\Start Menu\Programs\Remote Assistance.lnk
[2013/10/23 16:10:33 | 000,001,394 | ---- | C] () -- C:\Documents and Settings\Fred Youngs\Desktop\Media Center.lnk
[2013/10/23 16:10:33 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Fred Youngs\Start Menu\Programs\Internet Explorer.lnk
[2013/10/23 16:10:33 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Fred Youngs\Start Menu\Programs\Windows Media Player.lnk
[2013/10/23 16:10:33 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Fred Youngs\Start Menu\Programs\Outlook Express.lnk
[2013/10/23 16:10:33 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Fred Youngs\Local Settings\Application Data\fusioncache.dat
[2013/10/23 16:02:24 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2013/10/04 04:15:06 | 000,014,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\hmd.sys

========== ZeroAccess Check ==========

[2005/08/16 04:39:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2005/08/16 20:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2013/10/24 14:57:21 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Shared Space
[2006/05/04 15:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

========== Purity Check ==========

< End of report >

**fmy321** · 2013-10-25, 15:00

Here is the extras log

OTL Extras logfile created on: 10/25/2013 8:19:19 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Fred Youngs\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 456.96 Mb Available Physical Memory | 45.06% Memory free
2.38 Gb Paging File | 1.82 Gb Available in Paging File | 76.26% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.21 Gb Total Space | 37.70 Gb Free Space | 73.62% Space Free | Partition Type: NTFS
Drive D: | 18.60 Gb Total Space | 3.16 Gb Free Space | 16.96% Space Free | Partition Type: NTFS

Computer Name: FMYOFFICE | User Name: Fred Youngs | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\Temp\CMC_DRAGON\restart_helper.exe" = C:\WINDOWS\Temp\CMC_DRAGON\restart_helper.exe:*:Enabled:restart_helper.exe -- (Comodo Security Solutions, Inc.)
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40F962CF-3C1E-44EB-A319-5590BEEB90CF}" = COMODO Firewall
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{654977DB-0001-0002-0001-EABD228DDE8B}" = Microsoft Download Manager
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
"{741FC38C-2797-4AC1-AD63-4B65F9CA8B20}" = GeekBuddy
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel(R) PROSet for Wired Connections
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{AA951B10-7089-4D60-B288-516E641F48E6}" = McAfee Agent
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"America Online us" = America Online (Choose which version to remove)
"AOL Connectivity Services" = AOL Connectivity Services
"AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Comodo Dragon" = Comodo Dragon
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ESPNMotion" = ESPNMotion
"ie8" = Windows Internet Explorer 8
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"PROSet" = Intel(R) PRO Network Connections Drivers
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"StreetPlugin" = Learn2 Player (Uninstall Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/23/2013 4:37:03 PM | Computer Name = FMYOFFICE | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/23/2013 4:37:04 PM | Computer Name = FMYOFFICE | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/23/2013 4:37:05 PM | Computer Name = FMYOFFICE | Source = Application Hang | ID = 1001
Description = Fault bucket 126637809.

Error - 10/23/2013 4:44:13 PM | Computer Name = FMYOFFICE | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/23/2013 4:49:20 PM | Computer Name = FMYOFFICE | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/23/2013 4:49:52 PM | Computer Name = FMYOFFICE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module mshtml.dll, version 6.0.2900.2802, fault address 0x000719e8.

Error - 10/23/2013 4:50:08 PM | Computer Name = FMYOFFICE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module mshtml.dll, version 6.0.2900.2802, fault address 0x000719e8.

Error - 10/23/2013 4:52:21 PM | Computer Name = FMYOFFICE | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/23/2013 4:54:53 PM | Computer Name = FMYOFFICE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module mshtml.dll, version 6.0.2900.2802, fault address 0x000719e8.

< End of report >

Let me know what comes next. Thanks,
fmy321

**OCD** · 2013-10-25, 16:25

Hi fmy321 ,

The logs look good. How does the computer seem to be running?

**fmy321** · 2013-10-25, 22:40

Hi OCD,

Start up was quite fast right after the re-install. Start up is slower now that I have loaded Comodo and McAfee, but not really any different than before the infection. I also haven't loaded Microsoft Office yet, but I don't expect to have any problems with it.

Is there anything else I should check?

fmy321

Thread: malware has removed the desktop icons

Thread Tools

Display

Posting Permissions