Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HELP REMOVE FakeAlert!fakealert-REP

Started by xochitlzin , May 26 2011 12:01 PM

  • This topic is locked This topic is locked

#1
xochitlzin
Posted 26 May 2011 - 12:01 PM

xochitlzin

    New Member

  • Member
  • Pip
  • 9 posts
HI! My computer has been infected with this virus for the second time, I have not identified the source. Stinger10101619 identified it as FakeAlert!fakealert-REP; the first time the PC was infected (in april) I hired McAffe to remove it; this time I've used the SUPERantivirus free edition which appeared to repair the issue for 1 day but the symptoms reappeared.
Symptoms are a fake alert that warns my system is being attached,a screen pops up and begins to run a scan that immeidiatly identifies numerous viruses and other maladies.I cannot run McAffe's total protection scan or access the internet

I have 4 profiles in this computer and it began in the administrator account, a second accounts worked well for a couple of days but now I cannot access the internet on it as well. I'm currently working of our guest account.

Please help, I cannot afford another 89+ tax, I will follow all your instructions with great detail.

Here's the OLT reading:

TL logfile created on: 5/26/2011 11:17:13 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Guest\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 52.52% Memory free
5.75 Gb Paging File | 4.18 Gb Available in Paging File | 72.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.46 Gb Total Space | 175.65 Gb Free Space | 61.32% Space Free | Partition Type: NTFS
Drive D: | 11.63 Gb Total Space | 1.59 Gb Free Space | 13.63% Space Free | Partition Type: NTFS

Computer Name: TROELSTRUPPC | User Name: Guest | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/26 11:16:10 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Guest\Downloads\OTL.exe
PRC - [2011/05/01 08:13:28 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/05 11:50:44 | 001,195,408 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/12/15 11:20:54 | 000,223,400 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2010/11/11 13:55:46 | 000,159,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2010/07/19 11:33:58 | 000,606,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfeeMOBK\WrapperTrayIcon.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 20:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
PRC - [2008/09/30 16:06:50 | 000,485,208 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2007/04/29 22:57:42 | 000,103,344 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 2300 Series\ezprint.exe
PRC - [2007/04/29 22:55:32 | 000,205,744 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 2300 Series\lxcgmon.exe


========== Modules (SafeList) ==========

MOD - [2011/05/26 11:16:10 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Guest\Downloads\OTL.exe
MOD - [2011/05/12 03:02:13 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.5570_none_509463cabcb6ef2a\msvcr90.dll
MOD - [2011/05/12 03:02:13 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.5570_none_509463cabcb6ef2a\msvcp90.dll
MOD - [2011/04/15 19:33:08 | 000,043,520 | ---- | M] (RealNetworks, Inc.) -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome10browserrecordhelper.dll
MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/12/15 11:20:56 | 000,383,656 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.dll
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========


========== Driver Services (SafeList) ==========


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 C9 D6 7E DA 1A CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3

FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/10/27 03:06:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/04/15 19:33:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/25 07:30:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/09 15:53:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/19 20:43:40 | 000,000,000 | ---D | M]

[2011/01/17 19:17:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Guest\AppData\Roaming\Mozilla\Extensions
[2011/01/17 19:17:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\rwsaxmjo.default\extensions
[2011/04/19 19:38:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/17 06:17:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
[2011/05/25 07:30:15 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2011/04/15 19:33:10 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/05/01 08:13:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/11/20 22:38:50 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20110509155355.dll (McAfee, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 2300 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [LXCGCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.DLL ()
O4 - HKLM..\Run: [lxcgmon.exe] C:\Program Files\Lexmark 2300 Series\lxcgmon.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [McAfeeWrapperApplication] C:\Program Files\McAfeeMOBK\WrapperTrayIcon.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McPvTray] File not found
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfar...etup1.0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....NPUplden-us.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/26 05:24:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/05/25 14:56:36 | 003,350,512 | ---- | C] (McAfee, Inc.) -- C:\Users\Guest\Desktop\SecurityScan_Release.exe
[2011/05/25 14:42:48 | 007,267,847 | ---- | C] (McAfee Inc.) -- C:\Users\Guest\Desktop\stinger10101619.exe
[2011/05/25 13:21:56 | 000,000,000 | ---D | C] -- C:\Users\Guest\AppData\Local\Citrix
[2011/05/25 13:21:22 | 000,000,000 | ---D | C] -- C:\Users\Guest\AppData\Local\Deployment
[2011/05/25 13:21:22 | 000,000,000 | ---D | C] -- C:\Users\Guest\AppData\Local\Apps
[2011/05/25 07:48:52 | 000,026,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2011/05/23 16:42:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/05/23 16:42:52 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/05/11 18:45:49 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2011/05/11 06:23:26 | 000,284,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2011/05/11 06:23:25 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2011/05/11 06:23:20 | 003,957,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/05/11 06:23:19 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/05/02 17:34:22 | 000,000,000 | ---D | C] -- C:\Program Files\DRPU Barcode Label Maker (Professional)
[2011/05/02 17:14:01 | 000,415,176 | ---- | C] (Microsoft Corporation ) -- C:\Windows\System32\COMCT332.OCX
[2011/05/02 17:14:01 | 000,209,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tabctl32.ocx
[2011/05/02 17:14:01 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.ocx
[2011/05/02 17:14:01 | 000,000,000 | ---D | C] -- C:\Program Files\Naxter
[2011/04/29 18:19:55 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Swift Sound
[2011/04/29 18:19:35 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Swift Sound
[2011/04/29 18:14:34 | 000,028,776 | ---- | C] (TuneClone Software) -- C:\Windows\System32\drivers\tclondrv.sys
[2011/04/29 18:14:33 | 000,000,000 | ---D | C] -- C:\Program Files\TuneClone
[2011/04/28 22:27:24 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2011/04/28 17:58:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune
[2011/04/28 17:58:12 | 000,000,000 | ---D | C] -- C:\Program Files\Zune
[2011/04/28 17:56:40 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2011/04/27 09:38:15 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2011/04/27 09:38:04 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll
[2011/04/27 09:38:03 | 000,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys
[2011/04/27 09:38:03 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe
[2011/04/27 09:37:41 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/04/27 09:37:36 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/10/02 10:45:52 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxcgusb1.dll
[2010/10/02 10:45:52 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxcginpa.dll
[2010/10/02 10:45:52 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcgiesc.dll
[2010/10/02 10:45:52 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\lxcghcp.dll
[2010/10/02 10:45:51 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxcgserv.dll
[2010/10/02 10:45:51 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxcgpmui.dll
[2010/10/02 10:45:51 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxcglmpm.dll
[2010/10/02 10:45:51 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxcgprox.dll
[2010/10/02 10:45:51 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxcgpplc.dll
[2010/10/02 10:45:50 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxcghbn3.dll
[2010/10/02 10:45:50 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxcgih.exe
[2010/10/02 10:45:49 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxcgcomc.dll
[2010/10/02 10:45:49 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxcgcoms.exe
[2010/10/02 10:45:49 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxcgcomm.dll
[2010/10/02 10:45:49 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxcgcfg.exe
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/26 11:02:00 | 000,014,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/26 11:02:00 | 000,014,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/26 05:24:35 | 000,001,749 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk
[2011/05/26 05:22:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/26 05:22:01 | 2314,117,120 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/25 22:57:37 | 000,008,618 | -HS- | M] () -- C:\ProgramData\t2342bpnbb47w8
[2011/05/25 19:55:25 | 000,000,012 | ---- | M] () -- C:\Users\Guest\Desktop\stinger10101619.opt
[2011/05/25 14:57:19 | 003,350,512 | ---- | M] (McAfee, Inc.) -- C:\Users\Guest\Desktop\SecurityScan_Release.exe
[2011/05/25 14:50:38 | 000,668,792 | ---- | M] () -- C:\Users\Guest\Desktop\bremove.exe
[2011/05/25 14:45:41 | 000,669,304 | ---- | M] () -- C:\Users\Guest\Desktop\kremove.exe
[2011/05/25 14:43:53 | 007,267,847 | ---- | M] (McAfee Inc.) -- C:\Users\Guest\Desktop\stinger10101619.exe
[2011/05/25 13:21:55 | 000,103,784 | ---- | M] () -- C:\Users\Guest\GoToAssistDownloadHelper.exe
[2011/05/25 08:09:26 | 000,093,149 | ---- | M] () -- C:\Users\Guest\Desktop\APPLICATION marshall.pdf
[2011/05/25 07:45:58 | 000,002,017 | ---- | M] () -- C:\Users\Public\Desktop\Configure McAfee Online Backup Service.lnk
[2011/05/23 16:42:57 | 000,001,967 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/23 16:42:27 | 000,623,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/23 16:42:27 | 000,106,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/22 12:10:59 | 000,130,552 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2011/05/21 08:50:25 | 000,007,996 | -HS- | M] () -- C:\ProgramData\605mcc14d74nw837
[2011/04/28 17:58:50 | 000,000,929 | ---- | M] () -- C:\Users\Public\Desktop\Zune.lnk
[2011/04/28 09:00:00 | 000,028,776 | ---- | M] (TuneClone Software) -- C:\Windows\System32\drivers\tclondrv.sys
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/25 19:55:25 | 000,000,012 | ---- | C] () -- C:\Users\Guest\Desktop\stinger10101619.opt
[2011/05/25 14:50:33 | 000,668,792 | ---- | C] () -- C:\Users\Guest\Desktop\bremove.exe
[2011/05/25 14:45:34 | 000,669,304 | ---- | C] () -- C:\Users\Guest\Desktop\kremove.exe
[2011/05/25 13:21:52 | 000,103,784 | ---- | C] () -- C:\Users\Guest\GoToAssistDownloadHelper.exe
[2011/05/25 08:09:25 | 000,093,149 | ---- | C] () -- C:\Users\Guest\Desktop\APPLICATION marshall.pdf
[2011/05/25 07:45:58 | 000,002,017 | ---- | C] () -- C:\Users\Public\Desktop\Configure McAfee Online Backup Service.lnk
[2011/05/24 22:17:50 | 000,008,618 | -HS- | C] () -- C:\ProgramData\t2342bpnbb47w8
[2011/05/23 16:42:57 | 000,001,967 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/22 12:10:59 | 000,130,552 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/05/20 10:02:57 | 000,007,996 | -HS- | C] () -- C:\ProgramData\605mcc14d74nw837
[2011/04/28 17:58:50 | 000,000,929 | ---- | C] () -- C:\Users\Public\Desktop\Zune.lnk
[2011/04/24 10:27:35 | 000,008,634 | -HS- | C] () -- C:\Users\Guest\AppData\Local\p035dbpjt3svb8585w6y4q3422bq336n0wyhmjh
[2011/04/24 10:27:35 | 000,008,634 | -HS- | C] () -- C:\ProgramData\p035dbpjt3svb8585w6y4q3422bq336n0wyhmjh
[2011/04/23 15:24:40 | 000,007,468 | -HS- | C] () -- C:\ProgramData\o0sd122fjvcq817q7r722h74dfs2m7kd5d185pd472
[2011/04/19 15:47:44 | 000,010,654 | -HS- | C] () -- C:\ProgramData\kb3d4720c61k408a38l6xyp5885epa3y3yi
[2010/10/31 17:17:08 | 000,000,000 | ---- | C] () -- C:\Windows\GStar.INI
[2010/10/02 10:45:52 | 000,274,432 | ---- | C] () -- C:\Windows\System32\lxcginst.dll
[2010/03/12 20:14:49 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/02/23 23:22:20 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Digital Basic
[2010/02/23 23:22:20 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2010/02/23 23:17:33 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Dialogs
[2010/02/23 23:17:33 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,313,832 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,623,940 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,106,316 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007/02/22 18:32:00 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxcgcoin.dll
[2005/08/18 06:26:46 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxcgvs.dll
[2005/03/13 14:32:14 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxcgcnv4.dll
[1999/02/22 18:27:36 | 000,280,064 | ---- | C] () -- C:\Windows\System32\Cncs232.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:41C283B2
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 26 May 2011 - 01:25 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there I am unable to work from the guest account as it does not have sufficient permissions. I would like you to log into the administrator account and run the following programmes please.
RogueKiller will only stop the malware initially so if you reboot you will need to run it again

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 1 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.

THEN

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
xochitlzin
Posted 28 May 2011 - 02:48 PM

xochitlzin

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Thank you very much for your reply; I ran RogueKiller and here's the report:


RogueKiller V5.1.8 [05/27/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User: Boss [Admin rights]
Mode: Scan -- Date : 05/28/2011 12:44:27

Bad processes: 1
[SUSP PATH] visicom_antiphishing.exe -- c:\programdata\anti-phishing domain advisor\visicom_antiphishing.exe -> KILLED

Registry Entries: 5
[SUSP PATH] HKLM\[...]\Run : Anti-phishing Domain Advisor ("C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe") -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[FILEASSO] HKCU\[...]Software\Classes\.exe\shell\open\command : ("C:\Users\Boss\AppData\Local\kae.exe" -a "%1" %*) -> FOUND
[FILEASSO] HKCR\[...].exe\shell\open\command : ("C:\Users\Boss\AppData\Local\kae.exe" -a "%1" %*) -> FOUND

HOSTS File:


Finished : << RKreport[1].txt >>
RKreport[1].txt

Once that was completed, I attempted to scan w/ OTL 3 times, but the scan never completed, it seemed like it "jammed" at the same spot.

Please let me know if I should attempt a different procedure; FYI, since my post, my son ran a malware remover which seemed to have cleared somethings up, but not very sure the virus is gone. Thank you.
  • 0

#4
Essexboy
Posted 28 May 2011 - 02:51 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Run RogueKiller again but this time select option 2 and verify

Then Try OTL again but this time change the extension from exe to scr... If you are not sure how to do that then download this copy that is allready renamed. Do not use the custom script this time though

Download OTL to your Desktop
  • 0

#5
xochitlzin
Posted 30 May 2011 - 10:32 AM

xochitlzin

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Thank you, here's the OLT report:

OTL logfile created on: 5/30/2011 10:29:20 AM - Run 3
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Boss\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 66.64% Memory free
5.75 Gb Paging File | 4.50 Gb Available in Paging File | 78.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.46 Gb Total Space | 180.02 Gb Free Space | 62.84% Space Free | Partition Type: NTFS
Drive D: | 11.63 Gb Total Space | 1.59 Gb Free Space | 13.63% Space Free | Partition Type: NTFS

Computer Name: TROELSTRUPPC | User Name: Boss | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/30 10:29:07 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Boss\Downloads\OTL (3).scr
PRC - [2011/05/29 18:53:21 | 000,776,704 | ---- | M] (CrypKey Inc.) -- C:\Windows\System32\KBDINHIN32.exe
PRC - [2011/05/29 18:53:21 | 000,776,704 | ---- | M] (CrypKey Inc.) -- C:\ProgramData\azroleui32.exe
PRC - [2011/05/28 12:48:20 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Boss\Desktop\OTL.exe
PRC - [2011/05/20 00:54:14 | 001,010,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2011/04/15 19:32:21 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2011/04/05 11:50:44 | 001,195,408 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/22 14:03:08 | 001,151,488 | ---- | M] (W3i, LLC) -- C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
PRC - [2010/11/11 13:55:46 | 000,159,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2010/05/14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/04/13 20:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2008/09/30 16:06:50 | 000,485,208 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2007/04/29 22:57:42 | 000,103,344 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 2300 Series\ezprint.exe
PRC - [2007/04/29 22:55:32 | 000,205,744 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
PRC - [2007/04/29 22:54:44 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxcgcoms.exe


========== Modules (SafeList) ==========

MOD - [2011/05/30 10:29:07 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Boss\Downloads\OTL (3).scr
MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/29 18:53:21 | 000,776,704 | ---- | M] (CrypKey Inc.) [Auto | Running] -- C:\Windows\System32\KBDINHIN32.exe -- (AeLookupSvc32)
SRV - [2011/05/17 21:55:02 | 003,275,864 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_8832f4b.dll -- (Akamai)
SRV - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/11/11 13:57:04 | 000,268,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2010/11/11 13:57:02 | 000,444,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/11/11 13:55:56 | 006,351,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2010/10/07 21:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/04/13 20:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2010/04/06 04:01:01 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2007/04/29 22:54:44 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxcgcoms.exe -- (lxcg_device)


========== Driver Services (SafeList) ==========

DRV - [2011/04/28 09:00:00 | 000,028,776 | ---- | M] (TuneClone Software) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tclondrv.sys -- (tclondrv)
DRV - [2011/04/14 14:01:38 | 000,387,480 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/04/14 14:01:38 | 000,314,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/04/14 14:01:38 | 000,165,032 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2011/04/14 14:01:38 | 000,153,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/04/14 14:01:38 | 000,095,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/04/14 14:01:38 | 000,084,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/04/14 14:01:38 | 000,064,584 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2011/04/14 14:01:38 | 000,056,064 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/04/14 14:01:38 | 000,052,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/07/01 17:52:18 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/04/13 20:10:22 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\MOBK.sys -- (MOBKFilter)
DRV - [2009/11/17 13:15:28 | 000,063,080 | ---- | M] (McAfee) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\McPvDrv.sys -- (McPvDrv)
DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 17:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2009/07/13 17:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/06/10 16:19:48 | 009,853,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 7C 0B E9 01 E5 74 AF 41 8E A1 BB 98 43 DE 2C F8 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 7C 0B E9 01 E5 74 AF 41 8E A1 BB 98 43 DE 2C F8 [binary data]

IE - HKU\S-1-5-21-4188428383-1288285551-1826371242-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://edition.cnn.com/
IE - HKU\S-1-5-21-4188428383-1288285551-1826371242-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-4188428383-1288285551-1826371242-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-4188428383-1288285551-1826371242-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 74 49 79 84 F7 BB CB 01 [binary data]
IE - HKU\S-1-5-21-4188428383-1288285551-1826371242-1003\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 7C 0B E9 01 E5 74 AF 41 8E A1 BB 98 43 DE 2C F8 [binary data]
IE - HKU\S-1-5-21-4188428383-1288285551-1826371242-1003\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-4188428383-1288285551-1826371242-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4188428383-1288285551-1826371242-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...TDF&PC=SUN3&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: [email protected]:1.10.01
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..keyword.URL: "http://search.yahoo....h?fr=mcafee&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/10/27 03:06:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/28 12:33:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/18 11:57:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/09 15:53:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/19 20:43:40 | 000,000,000 | ---D | M]

[2010/11/20 22:38:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Boss\AppData\Roaming\Mozilla\Extensions
[2011/05/30 10:25:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Boss\AppData\Roaming\Mozilla\Firefox\Profiles\fkt66dff.default\extensions
[2011/04/23 09:41:42 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Boss\AppData\Roaming\Mozilla\Firefox\Profiles\fkt66dff.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/05/29 18:53:23 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Boss\AppData\Roaming\Mozilla\Firefox\Profiles\fkt66dff.default\extensions\{6aa2bffd-4df5-49ae-a6ed-2b827b093399}
[2011/05/30 10:25:43 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Boss\AppData\Roaming\Mozilla\Firefox\Profiles\fkt66dff.default\extensions\{6eb9a08d-ace1-4979-bcb0-0306880a699f}
[2011/05/29 17:57:20 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\Boss\AppData\Roaming\Mozilla\Firefox\Profiles\fkt66dff.default\extensions\[email protected]
[2010/11/20 22:38:48 | 000,001,832 | ---- | M] () -- C:\Users\Boss\AppData\Roaming\Mozilla\Firefox\Profiles\fkt66dff.default\searchplugins\bing.xml
[2011/04/19 19:38:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/17 06:17:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
[2011/05/18 11:57:13 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2011/05/28 12:33:51 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
() (No name found) -- C:\USERS\BOSS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FKT66DFF.DEFAULT\EXTENSIONS\[email protected]
[2011/05/01 08:13:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/11/20 22:38:50 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2011/05/28 14:23:57 | 000,000,860 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {01E90B7C-74E5-41AF-8EA1-BB9843DE2CF8} - C:\Windows\System32\api-ms-win-core-interlocked-l1-1-032.dll ()
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20110509155355.dll (McAfee, Inc.)
O2 - BHO: (ccbf94f9) - {A5CD26AF-57E0-EE2D-11E2-74A1A274297A} - C:\ProgramData\api-ms-win-core-interlocked-l1-1-032.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-4188428383-1288285551-1826371242-1003\..\Toolbar\WebBrowser: (no name) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 2300 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [LXCGCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.DLL ()
O4 - HKLM..\Run: [lxcgmon.exe] C:\Program Files\Lexmark 2300 Series\lxcgmon.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [McPvTray] File not found
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4188428383-1288285551-1826371242-1003..\Run: [InstallIQUpdater] C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
O4 - HKU\S-1-5-21-4188428383-1288285551-1826371242-1003..\Run: [Weather] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-4188428383-1288285551-1826371242-1003\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-4188428383-1288285551-1826371242-1003\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-4188428383-1288285551-1826371242-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-4188428383-1288285551-1826371242-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....NPUplden-us.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\ProgramData\api-ms-win-core-interlocked-l1-1-032.dll) - C:\ProgramData\api-ms-win-core-interlocked-l1-1-032.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-4188428383-1288285551-1826371242-1003\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/05/30 10:04:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/05/29 18:53:26 | 000,776,704 | ---- | C] (CrypKey Inc.) -- C:\ProgramData\azroleui32.exe
[2011/05/29 18:53:24 | 000,776,704 | ---- | C] (CrypKey Inc.) -- C:\Windows\System32\KBDINHIN32.exe
[2011/05/28 18:20:11 | 000,000,000 | ---D | C] -- C:\Users\Boss\AppData\Roaming\GlarySoft
[2011/05/28 18:13:38 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2011/05/28 18:13:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities
[2011/05/28 18:13:10 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities
[2011/05/28 17:50:08 | 008,680,280 | ---- | C] (Glarysoft Ltd ) -- C:\Users\Boss\Desktop\gusetup.exe
[2011/05/28 17:45:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/28 17:45:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/28 17:45:15 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/28 17:43:42 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Boss\Desktop\mbam-setup-1.50.1.1100.exe
[2011/05/28 15:39:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/05/28 14:18:45 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2011/05/28 12:47:58 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Boss\Desktop\OTL.exe
[2011/05/28 12:44:27 | 000,000,000 | ---D | C] -- C:\Users\Boss\Desktop\RK_Quarantine
[2011/05/28 12:43:13 | 000,026,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2011/05/26 14:11:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/23 16:42:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/05/23 16:42:52 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/05/19 11:29:31 | 000,000,000 | ---D | C] -- C:\Users\Boss\AppData\Local\{69DED0ED-F088-4D6C-882F-EC5834D1748C}
[2011/05/11 18:45:49 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2011/05/11 06:23:26 | 000,284,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2011/05/11 06:23:25 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2011/05/11 06:23:20 | 003,957,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/05/11 06:23:19 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/05/10 12:05:29 | 000,000,000 | ---D | C] -- C:\Users\Boss\AppData\Local\{A50A75E6-CF88-4E4F-819B-C80EEFD0C347}
[2011/05/09 21:09:03 | 000,000,000 | ---D | C] -- C:\Users\Boss\Desktop\USB Stuff
[2011/05/07 17:51:31 | 000,000,000 | ---D | C] -- C:\Users\Boss\Documents\LETRAS LYRICS
[2011/05/07 14:29:09 | 000,000,000 | ---D | C] -- C:\Users\Boss\AppData\Local\{0B1C6648-26D7-4ABB-9613-11660BFB72BD}
[2011/05/02 17:34:22 | 000,000,000 | ---D | C] -- C:\Program Files\DRPU Barcode Label Maker (Professional)
[2011/05/02 17:14:01 | 000,415,176 | ---- | C] (Microsoft Corporation ) -- C:\Windows\System32\COMCT332.OCX
[2011/05/02 17:14:01 | 000,209,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tabctl32.ocx
[2011/05/02 17:14:01 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.ocx
[2011/05/02 17:14:01 | 000,000,000 | ---D | C] -- C:\Program Files\Naxter
[2011/05/01 18:30:42 | 000,000,000 | ---D | C] -- C:\Users\Boss\Documents\4ept_latest
[2010/10/02 10:45:52 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxcgusb1.dll
[2010/10/02 10:45:52 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxcginpa.dll
[2010/10/02 10:45:52 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcgiesc.dll
[2010/10/02 10:45:52 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\lxcghcp.dll
[2010/10/02 10:45:51 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxcgserv.dll
[2010/10/02 10:45:51 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxcgpmui.dll
[2010/10/02 10:45:51 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxcglmpm.dll
[2010/10/02 10:45:51 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxcgprox.dll
[2010/10/02 10:45:51 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxcgpplc.dll
[2010/10/02 10:45:50 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxcghbn3.dll
[2010/10/02 10:45:50 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxcgih.exe
[2010/10/02 10:45:49 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxcgcomc.dll
[2010/10/02 10:45:49 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxcgcoms.exe
[2010/10/02 10:45:49 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxcgcomm.dll
[2010/10/02 10:45:49 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxcgcfg.exe
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/30 10:22:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/30 10:11:28 | 000,014,816 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/30 10:11:28 | 000,014,816 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/30 10:04:12 | 000,000,310 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2011/05/30 10:04:07 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/30 10:04:01 | 000,001,749 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk
[2011/05/30 10:03:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/30 10:03:25 | 2314,117,120 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/29 18:53:26 | 000,167,936 | ---- | M] () -- C:\ProgramData\api-ms-win-core-interlocked-l1-1-032.dll
[2011/05/29 18:53:26 | 000,000,117 | ---- | M] () -- C:\Windows\System32\1180881883
[2011/05/29 18:53:22 | 000,365,568 | ---- | M] () -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-032.dll
[2011/05/29 18:53:21 | 000,776,704 | ---- | M] (CrypKey Inc.) -- C:\Windows\System32\KBDINHIN32.exe
[2011/05/29 18:53:21 | 000,776,704 | ---- | M] (CrypKey Inc.) -- C:\ProgramData\azroleui32.exe
[2011/05/28 18:13:19 | 000,001,030 | ---- | M] () -- C:\Users\Boss\Desktop\Glary Utilities.lnk
[2011/05/28 17:45:20 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/28 15:39:34 | 000,002,248 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/05/28 12:48:20 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Boss\Desktop\OTL.exe
[2011/05/28 12:42:23 | 000,485,888 | ---- | M] () -- C:\Users\Boss\Desktop\RogueKiller.exe
[2011/05/26 13:52:25 | 000,008,630 | -HS- | M] () -- C:\Users\Boss\AppData\Local\t2342bpnbb47w8
[2011/05/26 13:52:25 | 000,008,630 | -HS- | M] () -- C:\ProgramData\t2342bpnbb47w8
[2011/05/25 20:23:07 | 000,001,301 | ---- | M] () -- C:\Users\Boss\.recently-used.xbel
[2011/05/25 08:20:47 | 000,002,616 | ---- | M] () -- C:\Users\Boss\AppData\Roaming\E0A2.9A8
[2011/05/24 07:50:11 | 000,102,824 | ---- | M] () -- C:\Users\Boss\Desktop\KPR_Summer pg 16 Registration Forms.pdf
[2011/05/24 07:33:12 | 002,400,502 | ---- | M] () -- C:\Users\Boss\Desktop\KPR_Summer pg 3 Special Events.pdf
[2011/05/21 08:50:25 | 000,007,996 | -HS- | M] () -- C:\Users\Boss\AppData\Local\605mcc14d74nw837
[2011/05/21 08:50:25 | 000,007,996 | -HS- | M] () -- C:\ProgramData\605mcc14d74nw837
[2011/05/12 06:32:16 | 000,045,809 | ---- | M] () -- C:\Users\Boss\Desktop\phone List2.pdf
[2011/05/09 21:12:10 | 000,623,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/09 21:12:10 | 000,106,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/06 16:43:07 | 000,006,144 | ---- | M] () -- C:\Users\Boss\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/01 08:13:44 | 000,002,004 | ---- | M] () -- C:\Users\Boss\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/29 18:53:26 | 000,167,936 | ---- | C] () -- C:\ProgramData\api-ms-win-core-interlocked-l1-1-032.dll
[2011/05/29 18:53:24 | 000,000,117 | ---- | C] () -- C:\Windows\System32\1180881883
[2011/05/29 18:53:22 | 000,365,568 | ---- | C] () -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-032.dll
[2011/05/28 18:13:23 | 000,000,310 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
[2011/05/28 18:13:19 | 000,001,030 | ---- | C] () -- C:\Users\Boss\Desktop\Glary Utilities.lnk
[2011/05/28 17:49:56 | 000,504,657 | ---- | C] () -- C:\Users\Boss\Desktop\unhide.exe
[2011/05/28 17:45:20 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/28 15:39:34 | 000,002,248 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/05/28 12:42:22 | 000,485,888 | ---- | C] () -- C:\Users\Boss\Desktop\RogueKiller.exe
[2011/05/25 20:23:07 | 000,001,301 | ---- | C] () -- C:\Users\Boss\.recently-used.xbel
[2011/05/24 22:17:50 | 000,008,630 | -HS- | C] () -- C:\Users\Boss\AppData\Local\t2342bpnbb47w8
[2011/05/24 22:17:50 | 000,008,630 | -HS- | C] () -- C:\ProgramData\t2342bpnbb47w8
[2011/05/24 22:17:43 | 000,002,616 | ---- | C] () -- C:\Users\Boss\AppData\Roaming\E0A2.9A8
[2011/05/24 07:50:11 | 000,102,824 | ---- | C] () -- C:\Users\Boss\Desktop\KPR_Summer pg 16 Registration Forms.pdf
[2011/05/24 07:33:12 | 002,400,502 | ---- | C] () -- C:\Users\Boss\Desktop\KPR_Summer pg 3 Special Events.pdf
[2011/05/20 10:02:57 | 000,007,996 | -HS- | C] () -- C:\Users\Boss\AppData\Local\605mcc14d74nw837
[2011/05/20 10:02:57 | 000,007,996 | -HS- | C] () -- C:\ProgramData\605mcc14d74nw837
[2011/05/12 06:32:16 | 000,045,809 | ---- | C] () -- C:\Users\Boss\Desktop\phone List2.pdf
[2011/05/02 19:27:47 | 000,006,144 | ---- | C] () -- C:\Users\Boss\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/24 10:27:35 | 000,008,634 | -HS- | C] () -- C:\ProgramData\p035dbpjt3svb8585w6y4q3422bq336n0wyhmjh
[2011/04/23 15:24:40 | 000,007,468 | -HS- | C] () -- C:\ProgramData\o0sd122fjvcq817q7r722h74dfs2m7kd5d185pd472
[2011/04/23 15:24:40 | 000,007,460 | -HS- | C] () -- C:\Users\Boss\AppData\Local\o0sd122fjvcq817q7r722h74dfs2m7kd5d185pd472
[2011/04/19 15:47:44 | 000,010,654 | -HS- | C] () -- C:\Users\Boss\AppData\Local\kb3d4720c61k408a38l6xyp5885epa3y3yi
[2011/04/19 15:47:44 | 000,010,654 | -HS- | C] () -- C:\ProgramData\kb3d4720c61k408a38l6xyp5885epa3y3yi
[2010/10/31 17:17:08 | 000,000,000 | ---- | C] () -- C:\Windows\GStar.INI
[2010/10/02 10:45:52 | 000,274,432 | ---- | C] () -- C:\Windows\System32\lxcginst.dll
[2010/03/12 20:14:49 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/02/23 23:22:20 | 000,000,268 | R--- | C] () -- C:\ProgramData\Digital Basic
[2010/02/23 23:22:20 | 000,000,020 | ---- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2010/02/23 23:17:33 | 000,000,268 | R--- | C] () -- C:\ProgramData\Dialogs
[2010/02/23 23:17:33 | 000,000,020 | ---- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,313,832 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,623,940 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,106,316 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007/02/22 18:32:00 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxcgcoin.dll
[2005/08/18 06:26:46 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxcgvs.dll
[2005/03/13 14:32:14 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxcgcnv4.dll
[1999/02/22 18:27:36 | 000,280,064 | ---- | C] () -- C:\Windows\System32\Cncs232.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:41C283B2
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
  • 0

#6
Essexboy
Posted 30 May 2011 - 10:49 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
On completion of these runs can you let me know what problems remain

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    FF - prefs.js..browser.search.defaultenginename: "Secure Search"
    [2011/05/29 18:53:23 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Boss\AppData\Roaming\Mozilla\Firefox\Profiles\fkt66dff.default\extensions\{6aa2bffd-4df5-49ae-a6ed-2b827b093399}
    [2011/05/30 10:25:43 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Boss\AppData\Roaming\Mozilla\Firefox\Profiles\fkt66dff.default\extensions\{6eb9a08d-ace1-4979-bcb0-0306880a699f}
    O2 - BHO: (no name) - {01E90B7C-74E5-41AF-8EA1-BB9843DE2CF8} - C:\Windows\System32\api-ms-win-core-interlocked-l1-1-032.dll ()
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (ccbf94f9) - {A5CD26AF-57E0-EE2D-11E2-74A1A274297A} - C:\ProgramData\api-ms-win-core-interlocked-l1-1-032.dll ()
    O3 - HKU\S-1-5-21-4188428383-1288285551-1826371242-1003\..\Toolbar\WebBrowser: (no name) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No CLSID value found.
    O20 - AppInit_DLLs: (C:\ProgramData\api-ms-win-core-interlocked-l1-1-032.dll) - C:\ProgramData\api-ms-win-core-interlocked-l1-1-032.dll ()
    [2011/05/29 18:53:26 | 000,776,704 | ---- | C] (CrypKey Inc.) -- C:\ProgramData\azroleui32.exe
    [2011/05/29 18:53:24 | 000,776,704 | ---- | C] (CrypKey Inc.) -- C:\Windows\System32\KBDINHIN32.exe
    [2011/05/29 18:53:26 | 000,167,936 | ---- | M] () -- C:\ProgramData\api-ms-win-core-interlocked-l1-1-032.dll
    [2011/05/29 18:53:26 | 000,000,117 | ---- | M] () -- C:\Windows\System32\1180881883
    [2011/05/29 18:53:22 | 000,365,568 | ---- | M] () -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-032.dll
    [2011/05/29 18:53:21 | 000,776,704 | ---- | M] (CrypKey Inc.) -- C:\Windows\System32\KBDINHIN32.exe
    [2011/05/29 18:53:21 | 000,776,704 | ---- | M] (CrypKey Inc.) -- C:\ProgramData\azroleui32.exe
    [2011/05/26 13:52:25 | 000,008,630 | -HS- | M] () -- C:\Users\Boss\AppData\Local\t2342bpnbb47w8
    [2011/05/26 13:52:25 | 000,008,630 | -HS- | M] () -- C:\ProgramData\t2342bpnbb47w8
    [2011/05/25 08:20:47 | 000,002,616 | ---- | M] () -- C:\Users\Boss\AppData\Roaming\E0A2.9A8
    [2011/05/21 08:50:25 | 000,007,996 | -HS- | M] () -- C:\Users\Boss\AppData\Local\605mcc14d74nw837
    [2011/05/21 08:50:25 | 000,007,996 | -HS- | M] () -- C:\ProgramData\605mcc14d74nw837
    [2011/05/29 18:53:26 | 000,167,936 | ---- | C] () -- C:\ProgramData\api-ms-win-core-interlocked-l1-1-032.dll
    [2011/05/29 18:53:24 | 000,000,117 | ---- | C] () -- C:\Windows\System32\1180881883
    [2011/05/29 18:53:22 | 000,365,568 | ---- | C] () -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-032.dll
    [2011/05/24 22:17:50 | 000,008,630 | -HS- | C] () -- C:\Users\Boss\AppData\Local\t2342bpnbb47w8
    [2011/05/24 22:17:50 | 000,008,630 | -HS- | C] () -- C:\ProgramData\t2342bpnbb47w8
    [2011/05/24 22:17:43 | 000,002,616 | ---- | C] () -- C:\Users\Boss\AppData\Roaming\E0A2.9A8
    [2011/05/20 10:02:57 | 000,007,996 | -HS- | C] () -- C:\Users\Boss\AppData\Local\605mcc14d74nw837
    [2011/05/20 10:02:57 | 000,007,996 | -HS- | C] () -- C:\ProgramData\605mcc14d74nw837
    [2011/04/24 10:27:35 | 000,008,634 | -HS- | C] () -- C:\ProgramData\p035dbpjt3svb8585w6y4q3422bq336n0wyhmjh
    [2011/04/23 15:24:40 | 000,007,468 | -HS- | C] () -- C:\ProgramData\o0sd122fjvcq817q7r722h74dfs2m7kd5d185pd472
    [2011/04/23 15:24:40 | 000,007,460 | -HS- | C] () -- C:\Users\Boss\AppData\Local\o0sd122fjvcq817q7r722h74dfs2m7kd5d185pd472
    [2011/04/19 15:47:44 | 000,010,654 | -HS- | C] () -- C:\Users\Boss\AppData\Local\kb3d4720c61k408a38l6xyp5885epa3y3yi
    [2011/04/19 15:47:44 | 000,010,654 | -HS- | C] () -- C:\ProgramData\kb3d4720c61k408a38l6xyp5885epa3y3yi


    :Files
    ipconfig /flushdns /c
    C:\Users\Boss\AppData\Local\t2342bpnbb47w8
    C:\ProgramData\t2342bpnbb47w8
    C:\Users\Boss\AppData\Roaming\E0A2.9A8
    C:\Users\Boss\AppData\Local\605mcc14d74nw837
    C:\ProgramData\605mcc14d74nw837
    C:\ProgramData\p035dbpjt3svb8585w6y4q3422bq336n0wyhmjh
    C:\ProgramData\o0sd122fjvcq817q7r722h74dfs2m7kd5d185pd472
    C:\Users\Boss\AppData\Local\o0sd122fjvcq817q7r722h74dfs2m7kd5d185pd472
    C:\Users\Boss\AppData\Local\kb3d4720c61k408a38l6xyp5885epa3y3yi
    C:\ProgramData\kb3d4720c61k408a38l6xyp5885epa3y3yi

    :Commands
    [purity]
    [resethosts]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

NEXT

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

FINALLY

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

#7
xochitlzin
Posted 30 May 2011 - 12:36 PM

xochitlzin

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
OK, I'm currently working on the latest set of instructions; I ran the the OTL with the quote under custom scans/fixes, thereafter it prompted me to reboot-which I did, but the system did not reach the the account log-in screen, it displayed a black background and the cursor only. I turn off the PC and rebooted via safe mode (in which I am operating now)

Should I proceed with the rest of the instructions or do you need me to try something new,I appreciate all your help.
  • 0

#8
Essexboy
Posted 30 May 2011 - 01:46 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Run this fix in safe mode and retry to boot to normal please

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - [2011/05/29 18:53:21 | 000,776,704 | ---- | M] (CrypKey Inc.) [Auto | Running] -- C:\Windows\System32\KBDINHIN32.exe -- (AeLookupSvc32)


    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#9
xochitlzin
Posted 31 May 2011 - 06:40 AM

xochitlzin

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi, here's the Quick scan OTL log:


OTL logfile created on: 5/31/2011 7:35:30 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Boss\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 2.04 Gb Available Physical Memory | 71.09% Memory free
5.75 Gb Paging File | 4.57 Gb Available in Paging File | 79.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.46 Gb Total Space | 183.86 Gb Free Space | 64.18% Space Free | Partition Type: NTFS
Drive D: | 11.63 Gb Total Space | 1.59 Gb Free Space | 13.63% Space Free | Partition Type: NTFS

Computer Name: TROELSTRUPPC | User Name: Boss | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/28 12:48:20 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Boss\Desktop\OTL.exe
PRC - [2011/05/20 00:54:14 | 001,010,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2011/04/15 19:32:21 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2011/04/05 11:50:44 | 001,195,408 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/22 14:03:08 | 001,151,488 | ---- | M] (W3i, LLC) -- C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
PRC - [2010/12/15 11:20:54 | 000,223,400 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2010/11/11 13:55:46 | 000,159,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2010/05/14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/04/13 20:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2008/09/30 16:06:50 | 000,485,208 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2007/04/29 22:57:42 | 000,103,344 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 2300 Series\ezprint.exe
PRC - [2007/04/29 22:55:32 | 000,205,744 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
PRC - [2007/04/29 22:54:44 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxcgcoms.exe


========== Modules (SafeList) ==========

MOD - [2011/05/28 12:48:20 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Boss\Desktop\OTL.exe
MOD - [2011/05/12 03:02:13 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.5570_none_509463cabcb6ef2a\msvcr90.dll
MOD - [2011/05/12 03:02:13 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.5570_none_509463cabcb6ef2a\msvcp90.dll
MOD - [2011/04/15 19:33:08 | 000,043,520 | ---- | M] (RealNetworks, Inc.) -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome10browserrecordhelper.dll
MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/12/15 11:20:56 | 000,383,656 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.dll
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/13 20:03:50 | 001,624,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/17 21:55:02 | 003,275,864 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_8832f4b.dll -- (Akamai)
SRV - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/11/11 13:57:04 | 000,268,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2010/11/11 13:57:02 | 000,444,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/11/11 13:55:56 | 006,351,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2010/10/07 21:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/04/13 20:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2010/04/06 04:01:01 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2007/04/29 22:54:44 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxcgcoms.exe -- (lxcg_device)


========== Driver Services (SafeList) ==========

DRV - [2011/04/28 09:00:00 | 000,028,776 | ---- | M] (TuneClone Software) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tclondrv.sys -- (tclondrv)
DRV - [2011/04/14 14:01:38 | 000,387,480 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/04/14 14:01:38 | 000,314,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/04/14 14:01:38 | 000,165,032 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2011/04/14 14:01:38 | 000,153,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/04/14 14:01:38 | 000,095,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/04/14 14:01:38 | 000,084,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/04/14 14:01:38 | 000,064,584 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2011/04/14 14:01:38 | 000,056,064 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/04/14 14:01:38 | 000,052,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/07/01 17:52:18 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/04/13 20:10:22 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\MOBK.sys -- (MOBKFilter)
DRV - [2009/11/17 13:15:28 | 000,063,080 | ---- | M] (McAfee) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\McPvDrv.sys -- (McPvDrv)
DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 17:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2009/07/13 17:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/06/10 16:19:48 | 009,853,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-4188428383-1288285551-1826371242-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://edition.cnn.com/
IE - HKU\S-1-5-21-4188428383-1288285551-1826371242-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-4188428383-1288285551-1826371242-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-4188428383-1288285551-1826371242-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 74 49 79 84 F7 BB CB 01 [binary data]
IE - HKU\S-1-5-21-4188428383-1288285551-1826371242-1003\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-4188428383-1288285551-1826371242-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4188428383-1288285551-1826371242-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...TDF&PC=SUN3&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: [email protected]:1.10.01
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..keyword.URL: "http://search.yahoo....h?fr=mcafee&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/10/27 03:06:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/30 15:17:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/30 15:17:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/30 15:17:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/30 15:17:43 | 000,000,000 | ---D | M]

[2010/11/20 22:38:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Boss\AppData\Roaming\Mozilla\Extensions
[2011/05/30 13:07:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Boss\AppData\Roaming\Mozilla\Firefox\Profiles\fkt66dff.default\extensions
[2011/04/23 09:41:42 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Boss\AppData\Roaming\Mozilla\Firefox\Profiles\fkt66dff.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/05/30 12:58:41 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\Boss\AppData\Roaming\Mozilla\Firefox\Profiles\fkt66dff.default\extensions\[email protected]
[2010/11/20 22:38:48 | 000,001,832 | ---- | M] () -- C:\Users\Boss\AppData\Roaming\Mozilla\Firefox\Profiles\fkt66dff.default\searchplugins\bing.xml
[2011/04/19 19:38:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/17 06:17:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
[2011/05/30 15:17:42 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2011/05/30 15:17:43 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
() (No name found) -- C:\USERS\BOSS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FKT66DFF.DEFAULT\EXTENSIONS\[email protected]
[2011/05/01 08:13:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/11/20 22:38:50 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2011/05/31 07:24:28 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20110509155355.dll (McAfee, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 2300 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [LXCGCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.DLL ()
O4 - HKLM..\Run: [lxcgmon.exe] C:\Program Files\Lexmark 2300 Series\lxcgmon.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [McPvTray] File not found
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4188428383-1288285551-1826371242-1003..\Run: [InstallIQUpdater] C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
O4 - HKU\S-1-5-21-4188428383-1288285551-1826371242-1003..\Run: [Weather] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-4188428383-1288285551-1826371242-1003\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-4188428383-1288285551-1826371242-1003\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-4188428383-1288285551-1826371242-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-4188428383-1288285551-1826371242-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....NPUplden-us.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-4188428383-1288285551-1826371242-1003\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/05/31 07:27:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/05/30 13:07:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/28 18:20:11 | 000,000,000 | ---D | C] -- C:\Users\Boss\AppData\Roaming\GlarySoft
[2011/05/28 18:13:38 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2011/05/28 18:13:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities
[2011/05/28 18:13:10 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities
[2011/05/28 17:50:08 | 008,680,280 | ---- | C] (Glarysoft Ltd ) -- C:\Users\Boss\Desktop\gusetup.exe
[2011/05/28 17:45:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/28 17:45:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/28 17:45:15 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/28 17:43:42 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Boss\Desktop\mbam-setup-1.50.1.1100.exe
[2011/05/28 15:39:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/05/28 14:18:45 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2011/05/28 12:47:58 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Boss\Desktop\OTL.exe
[2011/05/28 12:44:27 | 000,000,000 | ---D | C] -- C:\Users\Boss\Desktop\RK_Quarantine
[2011/05/26 14:11:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/23 16:42:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/05/23 16:42:52 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/05/19 11:29:31 | 000,000,000 | ---D | C] -- C:\Users\Boss\AppData\Local\{69DED0ED-F088-4D6C-882F-EC5834D1748C}
[2011/05/10 12:05:29 | 000,000,000 | ---D | C] -- C:\Users\Boss\AppData\Local\{A50A75E6-CF88-4E4F-819B-C80EEFD0C347}
[2011/05/09 21:09:03 | 000,000,000 | ---D | C] -- C:\Users\Boss\Desktop\USB Stuff
[2011/05/07 17:51:31 | 000,000,000 | ---D | C] -- C:\Users\Boss\Documents\LETRAS LYRICS
[2011/05/07 14:29:09 | 000,000,000 | ---D | C] -- C:\Users\Boss\AppData\Local\{0B1C6648-26D7-4ABB-9613-11660BFB72BD}
[2011/05/02 17:34:22 | 000,000,000 | ---D | C] -- C:\Program Files\DRPU Barcode Label Maker (Professional)
[2011/05/02 17:14:01 | 000,000,000 | ---D | C] -- C:\Program Files\Naxter
[2011/05/01 18:30:42 | 000,000,000 | ---D | C] -- C:\Users\Boss\Documents\4ept_latest
[2010/10/02 10:45:52 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxcgusb1.dll
[2010/10/02 10:45:52 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxcginpa.dll
[2010/10/02 10:45:52 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcgiesc.dll
[2010/10/02 10:45:52 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\lxcghcp.dll
[2010/10/02 10:45:51 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxcgserv.dll
[2010/10/02 10:45:51 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxcgpmui.dll
[2010/10/02 10:45:51 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxcglmpm.dll
[2010/10/02 10:45:51 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxcgprox.dll
[2010/10/02 10:45:51 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxcgpplc.dll
[2010/10/02 10:45:50 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxcghbn3.dll
[2010/10/02 10:45:50 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxcgih.exe
[2010/10/02 10:45:49 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxcgcomc.dll
[2010/10/02 10:45:49 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxcgcoms.exe
[2010/10/02 10:45:49 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxcgcomm.dll
[2010/10/02 10:45:49 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxcgcfg.exe
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/31 07:36:02 | 000,014,816 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/31 07:36:02 | 000,014,816 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/31 07:27:31 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/31 07:27:31 | 000,000,310 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2011/05/31 07:27:30 | 000,001,749 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk
[2011/05/31 07:27:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/31 07:26:56 | 2314,117,120 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/31 07:24:28 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/05/30 16:22:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/28 18:13:19 | 000,001,030 | ---- | M] () -- C:\Users\Boss\Desktop\Glary Utilities.lnk
[2011/05/28 17:45:20 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/28 15:39:34 | 000,002,248 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/05/28 12:48:20 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Boss\Desktop\OTL.exe
[2011/05/28 12:42:23 | 000,485,888 | ---- | M] () -- C:\Users\Boss\Desktop\RogueKiller.exe
[2011/05/25 20:23:07 | 000,001,301 | ---- | M] () -- C:\Users\Boss\.recently-used.xbel
[2011/05/24 07:50:11 | 000,102,824 | ---- | M] () -- C:\Users\Boss\Desktop\KPR_Summer pg 16 Registration Forms.pdf
[2011/05/24 07:33:12 | 002,400,502 | ---- | M] () -- C:\Users\Boss\Desktop\KPR_Summer pg 3 Special Events.pdf
[2011/05/12 06:32:16 | 000,045,809 | ---- | M] () -- C:\Users\Boss\Desktop\phone List2.pdf
[2011/05/09 21:12:10 | 000,623,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/09 21:12:10 | 000,106,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/06 16:43:07 | 000,006,144 | ---- | M] () -- C:\Users\Boss\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/01 08:13:44 | 000,002,004 | ---- | M] () -- C:\Users\Boss\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/28 18:13:23 | 000,000,310 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
[2011/05/28 18:13:19 | 000,001,030 | ---- | C] () -- C:\Users\Boss\Desktop\Glary Utilities.lnk
[2011/05/28 17:49:56 | 000,504,657 | ---- | C] () -- C:\Users\Boss\Desktop\unhide.exe
[2011/05/28 17:45:20 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/28 15:39:34 | 000,002,248 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/05/28 12:42:22 | 000,485,888 | ---- | C] () -- C:\Users\Boss\Desktop\RogueKiller.exe
[2011/05/25 20:23:07 | 000,001,301 | ---- | C] () -- C:\Users\Boss\.recently-used.xbel
[2011/05/24 07:50:11 | 000,102,824 | ---- | C] () -- C:\Users\Boss\Desktop\KPR_Summer pg 16 Registration Forms.pdf
[2011/05/24 07:33:12 | 002,400,502 | ---- | C] () -- C:\Users\Boss\Desktop\KPR_Summer pg 3 Special Events.pdf
[2011/05/12 06:32:16 | 000,045,809 | ---- | C] () -- C:\Users\Boss\Desktop\phone List2.pdf
[2011/05/02 19:27:47 | 000,006,144 | ---- | C] () -- C:\Users\Boss\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/31 17:17:08 | 000,000,000 | ---- | C] () -- C:\Windows\GStar.INI
[2010/10/02 10:45:52 | 000,274,432 | ---- | C] () -- C:\Windows\System32\lxcginst.dll
[2010/03/12 20:14:49 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/02/23 23:22:20 | 000,000,268 | R--- | C] () -- C:\ProgramData\Digital Basic
[2010/02/23 23:22:20 | 000,000,020 | ---- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2010/02/23 23:17:33 | 000,000,268 | R--- | C] () -- C:\ProgramData\Dialogs
[2010/02/23 23:17:33 | 000,000,020 | ---- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,313,832 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,623,940 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,106,316 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007/02/22 18:32:00 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxcgcoin.dll
[2005/08/18 06:26:46 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxcgvs.dll
[2005/03/13 14:32:14 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxcgcnv4.dll
[1999/02/22 18:27:36 | 000,280,064 | ---- | C] () -- C:\Windows\System32\Cncs232.dll

========== LOP Check ==========

[2011/03/30 18:04:56 | 000,000,000 | ---D | M] -- C:\Users\Boss\AppData\Roaming\BitZipper
[2011/03/30 18:04:16 | 000,000,000 | ---D | M] -- C:\Users\Boss\AppData\Roaming\EurekaLog
[2011/02/07 10:06:44 | 000,000,000 | ---D | M] -- C:\Users\Boss\AppData\Roaming\FinalMediaPlayer
[2011/05/28 18:20:11 | 000,000,000 | ---D | M] -- C:\Users\Boss\AppData\Roaming\GlarySoft
[2011/04/05 16:50:42 | 000,000,000 | ---D | M] -- C:\Users\Boss\AppData\Roaming\inkscape
[2010/12/21 19:31:02 | 000,000,000 | ---D | M] -- C:\Users\Boss\AppData\Roaming\Leadertech
[2011/04/29 18:19:23 | 000,000,000 | ---D | M] -- C:\Users\Boss\AppData\Roaming\NCH Swift Sound
[2010/12/27 22:57:02 | 000,000,000 | ---D | M] -- C:\Users\Boss\AppData\Roaming\Nikon
[2011/02/07 10:10:13 | 000,000,000 | ---D | M] -- C:\Users\Boss\AppData\Roaming\WeatherBug
[2011/02/18 21:22:20 | 000,000,000 | ---D | M] -- C:\Users\Boss\AppData\Roaming\Windows Live Writer
[2011/02/07 10:36:11 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\FinalMediaPlayer
[2011/02/07 10:47:49 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Nikon
[2011/01/20 21:46:59 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Unity
[2010/08/28 15:22:38 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\FinalTorrent
[2011/05/22 14:30:22 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\NCH Swift Sound
[2010/02/24 08:52:53 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\Nikon
[2010/02/28 10:05:05 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\yalla-2009
[2011/05/31 07:27:31 | 000,000,310 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2011/05/28 18:23:43 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:41C283B2
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
  • 0

#10
Essexboy
Posted 31 May 2011 - 11:06 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looks a lot better, that was my fault I removed the file but neglected to kill the service entry :)

Could you run aswMBR now please : Along with malwarebytes, update and then run a quick scan. Posting both logs

Can you access the internet now ? And what are your current problems
  • 0

Advertisements

#11
xochitlzin
Posted 01 June 2011 - 11:27 AM

xochitlzin

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Thank you, I attempted to run aswMBR several times but the scan never completed, it stopped running.

I can use the internet as well as rebooting the PC without any problems,(thank you!!), my only issue is how to best prevent having a hidden virus or getting re-infected, and will accessing on-line banking/shopping be OK, please let me know your suggestions. Thnx.

I updated and ran Malwarebytes and here's the log:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6745

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

6/1/2011 11:51:12 AM
mbam-log-2011-06-01 (11-51-12).txt

Scan type: Quick scan
Objects scanned: 252073
Time elapsed: 12 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)
  • 0

#12
Essexboy
Posted 01 June 2011 - 11:39 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
As aswMBR will not complete I would like to run another programme it is a bit bigger and slower but it does the same job. I will need to see the result before I can decide where we are

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#13
xochitlzin
Posted 02 June 2011 - 08:26 AM

xochitlzin

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Thanks, nothing was found and it did not prompt me to reboot. Here's the report:


2011/06/02 09:19:30.0956 5716 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/06/02 09:19:32.0958 5716 ================================================================================
2011/06/02 09:19:32.0958 5716 SystemInfo:
2011/06/02 09:19:32.0958 5716
2011/06/02 09:19:32.0958 5716 OS Version: 6.1.7600 ServicePack: 0.0
2011/06/02 09:19:32.0958 5716 Product type: Workstation
2011/06/02 09:19:32.0958 5716 ComputerName: TROELSTRUPPC
2011/06/02 09:19:32.0958 5716 UserName: Boss
2011/06/02 09:19:32.0958 5716 Windows directory: C:\Windows
2011/06/02 09:19:32.0958 5716 System windows directory: C:\Windows
2011/06/02 09:19:32.0958 5716 Processor architecture: Intel x86
2011/06/02 09:19:32.0958 5716 Number of processors: 2
2011/06/02 09:19:32.0958 5716 Page size: 0x1000
2011/06/02 09:19:32.0959 5716 Boot type: Normal boot
2011/06/02 09:19:32.0959 5716 ================================================================================
2011/06/02 09:19:34.0448 5716 Initialize success
2011/06/02 09:20:07.0955 0420 ================================================================================
2011/06/02 09:20:07.0955 0420 Scan started
2011/06/02 09:20:07.0955 0420 Mode: Manual;
2011/06/02 09:20:07.0955 0420 ================================================================================
2011/06/02 09:20:08.0649 0420 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/06/02 09:20:08.0834 0420 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/06/02 09:20:08.0983 0420 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/06/02 09:20:09.0153 0420 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/06/02 09:20:09.0297 0420 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/06/02 09:20:09.0447 0420 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/06/02 09:20:09.0626 0420 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/06/02 09:20:09.0749 0420 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/06/02 09:20:09.0889 0420 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/06/02 09:20:10.0184 0420 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/06/02 09:20:10.0468 0420 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/06/02 09:20:10.0597 0420 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/06/02 09:20:10.0745 0420 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/06/02 09:20:10.0898 0420 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/06/02 09:20:11.0024 0420 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
2011/06/02 09:20:11.0163 0420 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/06/02 09:20:11.0311 0420 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
2011/06/02 09:20:11.0440 0420 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/06/02 09:20:11.0615 0420 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/06/02 09:20:11.0753 0420 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/06/02 09:20:11.0886 0420 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/02 09:20:12.0042 0420 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/06/02 09:20:12.0213 0420 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/06/02 09:20:12.0357 0420 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/06/02 09:20:12.0541 0420 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/06/02 09:20:12.0752 0420 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/06/02 09:20:12.0971 0420 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/02 09:20:13.0096 0420 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/06/02 09:20:13.0250 0420 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/06/02 09:20:13.0442 0420 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/06/02 09:20:13.0578 0420 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/06/02 09:20:13.0759 0420 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/06/02 09:20:13.0891 0420 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/06/02 09:20:14.0138 0420 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/06/02 09:20:14.0384 0420 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/02 09:20:14.0568 0420 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/02 09:20:14.0738 0420 cfwids (7fd604cd7a7a0ff8975af61bdf64c577) C:\Windows\system32\drivers\cfwids.sys
2011/06/02 09:20:14.0871 0420 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/06/02 09:20:15.0033 0420 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/06/02 09:20:15.0205 0420 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/02 09:20:15.0351 0420 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/06/02 09:20:15.0666 0420 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/06/02 09:20:15.0898 0420 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/02 09:20:16.0079 0420 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/06/02 09:20:16.0218 0420 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/06/02 09:20:16.0368 0420 dc3d (b6672f62f75fb952d7ae7cb4e80011a9) C:\Windows\system32\DRIVERS\dc3d.sys
2011/06/02 09:20:16.0548 0420 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/06/02 09:20:16.0752 0420 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/06/02 09:20:16.0840 0420 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/06/02 09:20:16.0924 0420 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/06/02 09:20:17.0074 0420 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/02 09:20:17.0297 0420 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/06/02 09:20:17.0499 0420 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/06/02 09:20:17.0673 0420 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/06/02 09:20:17.0847 0420 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/06/02 09:20:18.0014 0420 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/06/02 09:20:18.0164 0420 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/02 09:20:18.0321 0420 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/06/02 09:20:18.0451 0420 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/06/02 09:20:18.0579 0420 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/02 09:20:18.0760 0420 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/06/02 09:20:18.0948 0420 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/06/02 09:20:19.0078 0420 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/06/02 09:20:19.0217 0420 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/02 09:20:19.0366 0420 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/06/02 09:20:19.0501 0420 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/06/02 09:20:19.0667 0420 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/06/02 09:20:19.0924 0420 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/06/02 09:20:20.0324 0420 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/06/02 09:20:20.0483 0420 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/02 09:20:20.0691 0420 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/06/02 09:20:20.0830 0420 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/06/02 09:20:21.0002 0420 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/06/02 09:20:21.0166 0420 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/02 09:20:21.0351 0420 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/06/02 09:20:21.0502 0420 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/06/02 09:20:21.0663 0420 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/06/02 09:20:21.0829 0420 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/02 09:20:21.0977 0420 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
2011/06/02 09:20:22.0195 0420 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/06/02 09:20:22.0359 0420 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/06/02 09:20:22.0434 0420 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/02 09:20:22.0577 0420 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/02 09:20:22.0753 0420 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/06/02 09:20:22.0913 0420 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/06/02 09:20:23.0071 0420 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/06/02 09:20:23.0247 0420 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/06/02 09:20:23.0381 0420 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/02 09:20:23.0523 0420 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/02 09:20:23.0693 0420 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/02 09:20:23.0861 0420 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/02 09:20:24.0004 0420 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/06/02 09:20:24.0240 0420 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/02 09:20:24.0398 0420 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/06/02 09:20:24.0573 0420 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/06/02 09:20:24.0740 0420 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/06/02 09:20:24.0882 0420 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/06/02 09:20:25.0072 0420 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/06/02 09:20:25.0270 0420 McPvDrv (d1c7dce92a59663bea52244d165b215e) C:\Windows\system32\drivers\McPvDrv.sys
2011/06/02 09:20:25.0446 0420 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/06/02 09:20:25.0699 0420 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/06/02 09:20:25.0832 0420 mfeapfk (113445fc6a858ef453cded5b0a0df665) C:\Windows\system32\drivers\mfeapfk.sys
2011/06/02 09:20:25.0975 0420 mfeavfk (dbf6e1b388d5c070d438c61adb990c30) C:\Windows\system32\drivers\mfeavfk.sys
2011/06/02 09:20:26.0208 0420 mfebopk (a528b15e330edb83ea649be318d841d5) C:\Windows\system32\drivers\mfebopk.sys
2011/06/02 09:20:26.0321 0420 mfefirek (c7da1b8003c89acedaa13768f7a1c622) C:\Windows\system32\drivers\mfefirek.sys
2011/06/02 09:20:26.0491 0420 mfehidk (5e9679bb2fc4fa38ec8ca906c47acd46) C:\Windows\system32\drivers\mfehidk.sys
2011/06/02 09:20:26.0623 0420 mfenlfk (3a1aa28066785449da570462e0532d0c) C:\Windows\system32\DRIVERS\mfenlfk.sys
2011/06/02 09:20:26.0765 0420 mferkdet (ce1711f7c3f72f6762abd241dcfd5ee1) C:\Windows\system32\drivers\mferkdet.sys
2011/06/02 09:20:26.0959 0420 mfewfpk (b2baac6bbedda3e26e82db13fa0e5bee) C:\Windows\system32\drivers\mfewfpk.sys
2011/06/02 09:20:27.0109 0420 MOBKFilter (e896775837a8bce436348df460522394) C:\Windows\system32\DRIVERS\MOBK.sys
2011/06/02 09:20:27.0259 0420 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/06/02 09:20:27.0407 0420 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/02 09:20:27.0544 0420 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/02 09:20:27.0673 0420 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/02 09:20:27.0852 0420 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/06/02 09:20:28.0016 0420 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/06/02 09:20:28.0164 0420 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/02 09:20:28.0316 0420 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/06/02 09:20:28.0491 0420 mrxsmb (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/02 09:20:28.0629 0420 mrxsmb10 (e593d45024a3fdd11e93cc4a6ca91101) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/02 09:20:28.0766 0420 mrxsmb20 (a9f86c82c9cc3b679cc3957e1183a30f) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/02 09:20:28.0911 0420 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/06/02 09:20:29.0050 0420 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/06/02 09:20:29.0238 0420 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/06/02 09:20:29.0409 0420 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/06/02 09:20:29.0553 0420 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/06/02 09:20:29.0709 0420 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/02 09:20:29.0868 0420 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/02 09:20:29.0995 0420 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/06/02 09:20:30.0153 0420 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/06/02 09:20:30.0330 0420 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/02 09:20:30.0497 0420 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/06/02 09:20:30.0628 0420 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/06/02 09:20:30.0748 0420 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/06/02 09:20:30.0847 0420 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/02 09:20:31.0012 0420 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/06/02 09:20:31.0156 0420 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/06/02 09:20:31.0357 0420 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/02 09:20:31.0578 0420 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/02 09:20:31.0770 0420 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/02 09:20:31.0963 0420 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/06/02 09:20:32.0138 0420 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/02 09:20:32.0221 0420 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/02 09:20:32.0404 0420 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/06/02 09:20:32.0589 0420 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/06/02 09:20:32.0779 0420 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/02 09:20:32.0954 0420 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
2011/06/02 09:20:33.0140 0420 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/06/02 09:20:33.0290 0420 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
2011/06/02 09:20:33.0588 0420 nvlddmkm (b0881dda5a8160422561ffab7f0008b1) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/06/02 09:20:34.0141 0420 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
2011/06/02 09:20:34.0185 0420 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
2011/06/02 09:20:34.0334 0420 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/06/02 09:20:34.0502 0420 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/02 09:20:34.0661 0420 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/06/02 09:20:34.0832 0420 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/06/02 09:20:34.0980 0420 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/06/02 09:20:35.0144 0420 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/06/02 09:20:35.0276 0420 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/06/02 09:20:35.0421 0420 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/06/02 09:20:35.0719 0420 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/06/02 09:20:36.0091 0420 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/06/02 09:20:36.0295 0420 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/02 09:20:36.0566 0420 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/06/02 09:20:36.0743 0420 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/02 09:20:36.0906 0420 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/06/02 09:20:37.0056 0420 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/06/02 09:20:37.0206 0420 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/02 09:20:37.0341 0420 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/02 09:20:37.0486 0420 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/06/02 09:20:37.0652 0420 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/02 09:20:37.0822 0420 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/02 09:20:37.0973 0420 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/02 09:20:38.0154 0420 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/02 09:20:38.0295 0420 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/06/02 09:20:38.0422 0420 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/02 09:20:38.0556 0420 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/02 09:20:38.0714 0420 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/06/02 09:20:38.0890 0420 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/06/02 09:20:39.0030 0420 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/06/02 09:20:39.0229 0420 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/02 09:20:39.0500 0420 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/06/02 09:20:39.0659 0420 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/06/02 09:20:39.0823 0420 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/02 09:20:39.0978 0420 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/06/02 09:20:40.0134 0420 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/06/02 09:20:40.0277 0420 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/06/02 09:20:40.0471 0420 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/06/02 09:20:40.0654 0420 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/06/02 09:20:40.0816 0420 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/06/02 09:20:40.0963 0420 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/06/02 09:20:41.0151 0420 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/06/02 09:20:41.0300 0420 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/06/02 09:20:41.0441 0420 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/06/02 09:20:41.0583 0420 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/06/02 09:20:41.0744 0420 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/06/02 09:20:41.0908 0420 srv (4a9b0f215de2519e2363f91df25c1e97) C:\Windows\system32\DRIVERS\srv.sys
2011/06/02 09:20:42.0088 0420 srv2 (14c44875518ae1c982e54ea8c5f7fe28) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/02 09:20:42.0231 0420 srvnet (07a14223b0a50e76ade003fdf95d4fec) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/02 09:20:42.0409 0420 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/06/02 09:20:42.0549 0420 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/02 09:20:42.0713 0420 tclondrv (8e20d6dfb90fbb033c0282f2fa9a7e6e) C:\Windows\system32\DRIVERS\tclondrv.sys
2011/06/02 09:20:42.0875 0420 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/06/02 09:20:43.0040 0420 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/02 09:20:43.0227 0420 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/02 09:20:43.0372 0420 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/06/02 09:20:43.0517 0420 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/06/02 09:20:43.0688 0420 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/02 09:20:43.0826 0420 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/02 09:20:44.0019 0420 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/02 09:20:44.0202 0420 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/02 09:20:44.0378 0420 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/06/02 09:20:44.0515 0420 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/02 09:20:44.0708 0420 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/06/02 09:20:44.0856 0420 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/02 09:20:44.0993 0420 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/06/02 09:20:45.0186 0420 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/02 09:20:45.0327 0420 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/06/02 09:20:45.0473 0420 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/02 09:20:45.0610 0420 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/02 09:20:45.0813 0420 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\DRIVERS\usbohci.sys
2011/06/02 09:20:45.0982 0420 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/02 09:20:46.0139 0420 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/06/02 09:20:46.0300 0420 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/02 09:20:46.0456 0420 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys
2011/06/02 09:20:46.0618 0420 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/06/02 09:20:46.0784 0420 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/02 09:20:46.0942 0420 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/06/02 09:20:47.0087 0420 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/06/02 09:20:47.0241 0420 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/06/02 09:20:47.0398 0420 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/06/02 09:20:47.0528 0420 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/06/02 09:20:47.0662 0420 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/06/02 09:20:47.0806 0420 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/06/02 09:20:47.0960 0420 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/06/02 09:20:48.0128 0420 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/06/02 09:20:48.0283 0420 VSTHWBS2 (682fcf7d2eb5158cd30408e976562408) C:\Windows\system32\DRIVERS\VSTBS23.SYS
2011/06/02 09:20:48.0481 0420 VST_DPV (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/06/02 09:20:48.0601 0420 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/06/02 09:20:48.0754 0420 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/06/02 09:20:48.0901 0420 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/02 09:20:48.0918 0420 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/02 09:20:49.0120 0420 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/06/02 09:20:49.0285 0420 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/02 09:20:49.0487 0420 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/06/02 09:20:49.0617 0420 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/06/02 09:20:49.0772 0420 winachsf (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/06/02 09:20:49.0980 0420 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/06/02 09:20:50.0207 0420 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/06/02 09:20:50.0429 0420 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/02 09:20:50.0642 0420 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/06/02 09:20:50.0822 0420 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/02 09:20:51.0032 0420 xusb21 (c26c68bcbac1f33f890c226769759209) C:\Windows\system32\DRIVERS\xusb21.sys
2011/06/02 09:20:51.0077 0420 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/06/02 09:20:51.0085 0420 ================================================================================
2011/06/02 09:20:51.0086 0420 Scan finished
2011/06/02 09:20:51.0086 0420 ================================================================================
2011/06/02 09:20:51.0103 5756 Detected object count: 0
2011/06/02 09:20:51.0103 5756 Actual detected object count: 0
  • 0

#14
Essexboy
Posted 02 June 2011 - 10:46 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What is your current status ?

We will reset the TCIP next to clear any bad entries with the network connection

First run the fixit on this page

If that fails then try the following

  • To open a command prompt, click Start > All Programs > Accessories and then right click command prompt and select run as administrator.
  • Copy and paste (or type) the following command in the command box box and then press ENTER:
    netsh winsock reset c:\resetlog.txt
  • Reboot the computer.
  • In next reply please post content of the file c:\resetlog.txt

  • 0

#15
xochitlzin
Posted 03 June 2011 - 10:26 AM

xochitlzin

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I ran the Fixit option and it did not generate any report, FYI- this PC originally came with Windows Vista with a promo to upgrade to Windows 7 which is what I have running right now, I noticed the Fixit might have been for Vista. Thank you.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP