Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Rogue:win/32FakeRean


  • This topic is locked This topic is locked

#1
onnaday

onnaday

    Member

  • Member
  • PipPip
  • 26 posts
Thanks in advance for the help!

I suspected a virus when I started getting windows error messages saying that certain Windows programs had stopped working. I went to Microsoft.com and ran the free PC scan. The scan found that there was a problem. I uninstalled the McAfee that was running and then re-installed a new version from AT&T/Yahoo that comes with our internet. I re-ran a scan that came back with the following items detected: BackDoor-EXI.gen.k and Cookie-Burst, Cookie-Yieldmanager, Cookie-Zedo, and Cookie-Fastclick. Thinking that the issues were resolved I signed on to my son's desktop settings on the same computer and then things got hairy again. I started getting weird pop-ups from McAfee. I went to the Microsoft site again to update the PC scan. The download came back from and "untrusted" site. I did not run that version of the scan. I decided that McAfee was not blocking whatever was happening but I cannot uninstall it. The add/remove programs feature does not appear.

Here is the OTL notepad contents. I have two, OTL.Txt and Extras.Txt.


OTL logfile created on: 7/18/2011 9:44:31 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Mom\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.87 Gb Total Physical Memory | 3.09 Gb Available Physical Memory | 63.37% Memory free
9.95 Gb Paging File | 7.75 Gb Available in Paging File | 77.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.83 Gb Total Space | 338.38 Gb Free Space | 74.73% Space Free | Partition Type: NTFS
Drive D: | 12.93 Gb Total Space | 1.78 Gb Free Space | 13.76% Space Free | Partition Type: NTFS

Computer Name: MOM-PC | User Name: Mom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/18 21:44:07 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Mom\Downloads\OTL.exe
PRC - [2011/06/23 08:40:11 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/06/02 04:42:53 | 000,025,472 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
PRC - [2009/03/30 07:41:56 | 000,151,552 | ---- | M] (Livescribe) -- C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe
PRC - [2007/05/14 20:01:00 | 000,644,696 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.EXE
PRC - [2007/04/18 10:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/04/13 11:20:22 | 000,097,432 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe


========== Modules (SafeList) ==========

MOD - [2011/07/18 21:44:07 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Mom\Downloads\OTL.exe
MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/04/14 14:01:38 | 000,245,352 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV:64bit: - [2011/04/14 14:01:38 | 000,200,056 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/03/13 11:45:12 | 000,158,832 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2010/10/07 20:34:28 | 000,509,416 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2008/11/10 12:20:10 | 006,554,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2008/11/10 12:19:52 | 000,285,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/07/08 22:03:38 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/30 07:41:56 | 000,151,552 | ---- | M] (Livescribe) [Auto | Running] -- C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe -- (PenCommService)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/04/13 11:20:22 | 000,097,432 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/04/14 14:01:38 | 000,441,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2011/04/14 14:01:38 | 000,283,744 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,190,520 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,094,992 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2011/04/14 14:01:38 | 000,075,160 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,063,056 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011/03/13 11:20:10 | 000,639,216 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2011/03/13 11:20:10 | 000,156,792 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010/09/28 16:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/16 10:22:40 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2009/09/16 10:15:38 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2009/07/22 14:42:20 | 000,024,576 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\PulseUsb.sys -- (PulseUsb)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2009/08/14 08:45:24 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/08/14 08:45:24 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-3385600622-3777350188-503640899-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKU\S-1-5-21-3385600622-3777350188-503640899-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-3385600622-3777350188-503640899-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-3385600622-3777350188-503640899-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKU\S-1-5-21-3385600622-3777350188-503640899-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3385600622-3777350188-503640899-1000\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3385600622-3777350188-503640899-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Search-Results)
IE - HKU\S-1-5-21-3385600622-3777350188-503640899-1000\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKU\S-1-5-21-3385600622-3777350188-503640899-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-3385600622-3777350188-503640899-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3385600622-3777350188-503640899-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Search-Results"
FF - prefs.js..browser.search.defaultenginename: "Search-Results"
FF - prefs.js..browser.search.order.1: "Search-Results"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.aol.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.0.21
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..keyword.URL: "http://websearch.sea...=YYYYYYS1US&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files (x86)\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\Firefox [2010/08/30 11:02:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/08/31 09:26:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011/07/08 21:09:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/07/16 22:06:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/23 08:40:13 | 000,000,000 | ---D | M]

[2010/01/21 14:32:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mom\AppData\Roaming\Mozilla\Extensions
[2011/07/18 19:30:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\1rakunje.default\extensions
[2011/03/25 19:48:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\1rakunje.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/26 13:43:00 | 000,000,000 | ---D | M] (SlingHealth) -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\1rakunje.default\extensions\[email protected]
[2010/12/11 21:17:10 | 000,003,360 | ---- | M] () -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\1rakunje.default\searchplugins\search-results.xml
[2011/07/16 23:57:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/07/08 21:09:08 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll

O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110716220600.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Shop to Win 2) - {20FEC4E7-F7B7-438B-8191-33D2EFC5EBEA} - C:\Program Files (x86)\Shop to Win 2\Shop to Win 2.dll (Shop To Win, LLC)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110716220600.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Search-results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Search-Results)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Search-results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Search-Results)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3385600622-3777350188-503640899-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3385600622-3777350188-503640899-1000\..\Toolbar\WebBrowser: (Search-results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Search-Results)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3385600622-3777350188-503640899-1000..\Run: [Aim6] File not found
O4 - HKU\S-1-5-21-3385600622-3777350188-503640899-1000..\Run: [RegistryBooster] C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3385600622-3777350188-503640899-1000\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-3385600622-3777350188-503640899-1000\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3385600622-3777350188-503640899-1000\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Mom\Pictures\2009-08-11 summer 09\summer 09 034.JPG
O24 - Desktop BackupWallPaper: C:\Users\Mom\Pictures\2009-08-11 summer 09\summer 09 034.JPG
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{79f51818-c539-11dd-9c1a-002354132958}\Shell - "" = AutoRun
O33 - MountPoints2\{79f51818-c539-11dd-9c1a-002354132958}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-3385600622-3777350188-503640899-1000..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/18 19:19:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/07/17 21:05:41 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{0B53D96C-DECF-45E0-8099-9A83554E1D8A}
[2011/07/17 00:52:35 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/07/16 23:56:41 | 000,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2011/07/16 23:53:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/07/16 23:52:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/07/16 22:06:42 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{1F02598B-A66D-4114-A3F7-4617803B4B92}
[2011/07/15 21:16:28 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{F5BF4420-371D-4ABE-9510-E0B493F49C6C}
[2011/07/15 20:00:00 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{D9DD9000-B4BF-4E63-A733-2A2198DF5090}
[2011/07/14 19:41:31 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{0B51E05B-C4A1-49E6-AC4F-6F732CF0CDE0}
[2011/07/13 22:05:11 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{B911FE1A-C0BB-4830-8859-8E1F87107420}
[2011/07/12 22:43:54 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/07/12 22:43:54 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/07/12 22:43:54 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2011/07/12 22:43:54 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll
[2011/07/12 22:43:54 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/07/12 22:43:54 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2011/07/12 22:43:54 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2011/07/12 22:43:54 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2011/07/12 22:43:54 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2011/07/12 22:43:53 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2011/07/12 22:43:53 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2011/07/12 22:43:53 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/07/12 22:43:53 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/07/12 22:43:53 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/07/12 22:43:53 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011/07/12 22:43:53 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll
[2011/07/12 22:43:53 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/07/12 22:43:53 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011/07/12 22:43:53 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll
[2011/07/12 22:43:53 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2011/07/12 22:43:53 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2011/07/12 22:43:53 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/07/12 22:43:53 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/07/12 22:43:53 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2011/07/12 22:43:53 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2011/07/12 22:43:53 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/07/12 22:43:53 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/07/12 22:43:53 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/07/12 22:43:53 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2011/07/12 22:43:53 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2011/07/12 22:43:53 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/07/12 22:43:53 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/07/12 22:43:52 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2011/07/12 22:43:52 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2011/07/12 22:43:52 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/07/12 22:43:52 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\advpack.dll
[2011/07/12 22:43:52 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2011/07/12 22:43:52 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll
[2011/07/12 22:43:52 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/07/12 22:43:51 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/07/12 22:43:51 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/07/12 22:43:51 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2011/07/12 22:43:51 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/07/12 22:43:51 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2011/07/12 22:43:51 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2011/07/12 22:43:51 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2011/07/12 22:43:51 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2011/07/12 22:43:51 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/07/12 22:43:51 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advpack.dll
[2011/07/12 22:43:51 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2011/07/12 22:43:51 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2011/07/12 22:43:51 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011/07/12 22:43:51 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2011/07/12 22:43:51 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2011/07/12 22:43:51 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2011/07/12 22:43:51 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2011/07/12 22:43:51 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2011/07/12 22:43:51 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011/07/12 22:43:51 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/07/12 22:43:50 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2011/07/12 22:43:50 | 001,492,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/07/12 22:43:50 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/07/12 22:43:50 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/07/12 22:43:50 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011/07/12 22:43:50 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2011/07/12 22:43:50 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/07/12 22:43:50 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2011/07/12 22:43:50 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/07/12 22:43:50 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2011/07/12 22:43:50 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2011/07/12 22:43:50 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2011/07/12 22:43:50 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/07/12 22:43:50 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011/07/12 22:43:50 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011/07/12 22:43:50 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2011/07/12 22:43:50 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011/07/12 22:43:50 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/07/12 22:43:49 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011/07/12 22:43:49 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011/07/12 22:43:49 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2011/07/12 22:15:40 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/07/12 22:15:40 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/07/12 22:15:36 | 001,210,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011/07/12 21:58:08 | 049,089,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2011/07/12 20:38:47 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{65D44D42-1A9C-4A63-AA19-27C4E5BF129A}
[2011/07/10 19:15:11 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{78060910-11E6-4A54-B47D-6A7941306C09}
[2011/07/09 12:25:05 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{C769918A-F04B-4C03-9395-1B56246C3609}
[2011/07/08 21:01:21 | 000,009,984 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeclnk.sys
[2011/07/08 21:01:16 | 000,441,840 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfefirek.sys
[2011/07/08 21:01:16 | 000,283,744 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfewfpk.sys
[2011/07/08 21:01:16 | 000,190,520 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeavfk.sys
[2011/07/08 21:01:16 | 000,094,992 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mferkdet.sys
[2011/07/08 21:01:16 | 000,075,160 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfenlfk.sys
[2011/07/08 21:01:16 | 000,063,056 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\cfwids.sys
[2011/07/08 19:54:11 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{8A80A6D8-C8E5-42A6-A7CB-DBEB8B6273DE}
[2011/07/07 23:42:52 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\Uniblue
[2011/07/07 23:42:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
[2011/07/07 23:42:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2011/07/07 23:42:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2011/07/07 23:42:40 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\PackageAware
[2011/07/07 22:50:02 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{24CEDC26-8E8F-4E49-ACCA-192B53AE6A85}
[2011/07/07 22:50:00 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{E805A42E-F108-4C92-9A69-E4ACF57839EF}
[2011/07/07 22:44:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MpEngineStore
[2011/07/07 19:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2011/07/07 19:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2011/07/07 19:20:06 | 000,158,832 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe
[2011/07/04 18:45:36 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\Windows Live
[2011/07/04 18:45:08 | 001,103,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webservices.dll
[2011/07/04 18:45:08 | 000,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webservices.dll
[2011/06/22 19:01:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011/06/21 10:10:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo Layers
[2011/06/21 10:10:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2011/06/21 10:09:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Shop to Win 2
[2011/06/21 10:09:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Shop To Win
[1 C:\Users\Mom\AppData\Local\*.tmp files -> C:\Users\Mom\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/18 21:16:23 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/18 21:16:23 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/18 20:59:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/18 19:19:32 | 000,001,737 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2011/07/18 19:19:07 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/18 19:18:53 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2011/07/18 19:16:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/17 00:06:48 | 000,011,806 | -HS- | M] () -- C:\ProgramData\180676m7u7426jofutj5plxox57
[2011/07/17 00:06:47 | 000,011,806 | -HS- | M] () -- C:\Users\Mom\AppData\Local\180676m7u7426jofutj5plxox57
[2011/07/16 23:54:38 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/07/16 23:54:03 | 000,721,296 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/16 23:54:03 | 000,606,364 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/07/16 23:54:03 | 000,104,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/07/15 23:05:16 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/07/12 23:10:36 | 000,000,975 | ---- | M] () -- C:\Users\Mom\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/12 22:44:08 | 000,008,798 | ---- | M] () -- C:\Windows\SysWow64\icrav03.rat
[2011/07/12 22:44:08 | 000,001,988 | ---- | M] () -- C:\Windows\SysWow64\ticrf.rat
[2011/07/12 22:44:07 | 000,008,798 | ---- | M] () -- C:\Windows\SysNative\icrav03.rat
[2011/07/12 22:44:07 | 000,001,988 | ---- | M] () -- C:\Windows\SysNative\ticrf.rat
[2011/07/12 22:43:54 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/07/12 22:43:54 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/07/12 22:43:54 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2011/07/12 22:43:54 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll
[2011/07/12 22:43:54 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/07/12 22:43:54 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2011/07/12 22:43:54 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2011/07/12 22:43:54 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2011/07/12 22:43:54 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2011/07/12 22:43:53 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2011/07/12 22:43:53 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2011/07/12 22:43:53 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/07/12 22:43:53 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/07/12 22:43:53 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/07/12 22:43:53 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011/07/12 22:43:53 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll
[2011/07/12 22:43:53 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/07/12 22:43:53 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011/07/12 22:43:53 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll
[2011/07/12 22:43:53 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2011/07/12 22:43:53 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2011/07/12 22:43:53 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/07/12 22:43:53 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/07/12 22:43:53 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2011/07/12 22:43:53 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2011/07/12 22:43:53 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/07/12 22:43:53 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/07/12 22:43:53 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/07/12 22:43:53 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/07/12 22:43:53 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2011/07/12 22:43:53 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2011/07/12 22:43:53 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/07/12 22:43:53 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/07/12 22:43:52 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2011/07/12 22:43:52 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2011/07/12 22:43:52 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/07/12 22:43:52 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\advpack.dll
[2011/07/12 22:43:52 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2011/07/12 22:43:52 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll
[2011/07/12 22:43:52 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/07/12 22:43:51 | 002,303,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/07/12 22:43:51 | 000,818,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/07/12 22:43:51 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2011/07/12 22:43:51 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/07/12 22:43:51 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2011/07/12 22:43:51 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2011/07/12 22:43:51 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2011/07/12 22:43:51 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2011/07/12 22:43:51 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/07/12 22:43:51 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\advpack.dll
[2011/07/12 22:43:51 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2011/07/12 22:43:51 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2011/07/12 22:43:51 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011/07/12 22:43:51 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2011/07/12 22:43:51 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2011/07/12 22:43:51 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2011/07/12 22:43:51 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2011/07/12 22:43:51 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2011/07/12 22:43:51 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011/07/12 22:43:51 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/07/12 22:43:50 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2011/07/12 22:43:50 | 001,492,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/07/12 22:43:50 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/07/12 22:43:50 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/07/12 22:43:50 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011/07/12 22:43:50 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2011/07/12 22:43:50 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/07/12 22:43:50 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2011/07/12 22:43:50 | 000,236,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/07/12 22:43:50 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2011/07/12 22:43:50 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2011/07/12 22:43:50 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2011/07/12 22:43:50 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/07/12 22:43:50 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011/07/12 22:43:50 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011/07/12 22:43:50 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2011/07/12 22:43:50 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011/07/12 22:43:50 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011/07/12 22:43:50 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/07/12 22:43:49 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011/07/12 22:43:49 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011/07/12 22:43:49 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2011/07/12 22:20:23 | 000,333,600 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/07/08 22:05:35 | 000,001,214 | ---- | M] () -- C:\Users\Mom\Desktop\msert - Shortcut.lnk
[2011/07/07 23:42:50 | 000,001,635 | ---- | M] () -- C:\Users\Mom\Desktop\Uniblue RegistryBooster.lnk
[2011/07/07 23:42:50 | 000,001,625 | ---- | M] () -- C:\Users\Mom\Application Data\Microsoft\Internet Explorer\Quick Launch\Uniblue RegistryBooster.lnk
[2011/07/07 23:03:04 | 000,001,985 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Virtual Technician.lnk
[2011/07/01 09:54:42 | 049,089,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2011/06/27 08:45:57 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/06/22 19:01:12 | 000,001,924 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[1 C:\Users\Mom\AppData\Local\*.tmp files -> C:\Users\Mom\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/16 23:54:38 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/07/16 23:54:03 | 000,721,296 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/16 23:52:59 | 000,001,810 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/07/15 23:50:04 | 000,011,806 | -HS- | C] () -- C:\Users\Mom\AppData\Local\180676m7u7426jofutj5plxox57
[2011/07/15 23:50:04 | 000,011,806 | -HS- | C] () -- C:\ProgramData\180676m7u7426jofutj5plxox57
[2011/07/12 22:43:53 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/07/12 22:43:50 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/07/08 21:40:20 | 000,001,214 | ---- | C] () -- C:\Users\Mom\Desktop\msert - Shortcut.lnk
[2011/07/08 21:04:07 | 000,001,737 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2011/07/07 23:42:56 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\RegistryBooster.job
[2011/07/07 23:42:50 | 000,001,635 | ---- | C] () -- C:\Users\Mom\Desktop\Uniblue RegistryBooster.lnk
[2011/07/07 23:42:50 | 000,001,625 | ---- | C] () -- C:\Users\Mom\Application Data\Microsoft\Internet Explorer\Quick Launch\Uniblue RegistryBooster.lnk
[2011/07/07 19:43:29 | 000,001,985 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Virtual Technician.lnk
[2011/07/07 19:42:56 | 000,001,995 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Virtual Technician.lnk
[2011/07/04 18:47:41 | 000,002,081 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/06/22 19:01:12 | 000,001,924 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/06/22 19:01:12 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2010/07/25 15:23:45 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/06/27 10:10:48 | 000,000,680 | ---- | C] () -- C:\Users\Mom\AppData\Local\d3d9caps.dat
[2010/05/16 21:36:25 | 000,000,012 | ---- | C] () -- C:\Users\Mom\AppData\Roaming\kqyvwo.dat
[2009/10/19 16:40:53 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/10/19 16:40:24 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/10/19 16:39:56 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/23 10:39:47 | 000,000,021 | ---- | C] () -- C:\Windows\atid.ini
[2009/03/10 20:38:55 | 000,048,128 | ---- | C] () -- C:\Users\Mom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/26 10:34:07 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/11/20 09:27:33 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll
[2008/11/20 09:26:13 | 000,000,424 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2008/11/19 21:40:53 | 000,029,556 | ---- | C] () -- C:\Users\Mom\AppData\Roaming\wklnhst.dat
[2008/09/06 03:29:23 | 000,107,384 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/09/06 03:01:26 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2008/09/06 03:01:26 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== Alternate Data Streams ==========

@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:178D4338
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:4AC9B4B7

< End of report >

OTL Extras logfile created on: 7/18/2011 9:44:31 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Mom\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.87 Gb Total Physical Memory | 3.09 Gb Available Physical Memory | 63.37% Memory free
9.95 Gb Paging File | 7.75 Gb Available in Paging File | 77.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.83 Gb Total Space | 338.38 Gb Free Space | 74.73% Space Free | Partition Type: NTFS
Drive D: | 12.93 Gb Total Space | 1.78 Gb Free Space | 13.76% Space Free | Partition Type: NTFS

Computer Name: MOM-PC | User Name: Mom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3385600622-3777350188-503640899-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 73 84 4B AA 07 6D CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BED8589-E5A4-4CBD-B7A7-D827CF3927B2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0E1D9B6B-20AA-4FFF-9CF2-92303BF3599A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{2D716D58-25F5-41B0-8BE7-B59C214C3051}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{C9170C4E-8D14-47E6-8336-61EC0653AB99}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00655F11-83B7-4CAB-921F-7C7BFCB0C7C5}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{01130BE0-0F36-46C1-8769-BCA887F6FC8D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{023E00DF-38C4-452E-B5F5-0E5CE97A8F81}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{1123D465-C5E8-4444-8B11-27EF5C154C02}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qq games\qqgames.exe |
"{1DDAA60B-67ED-4C5C-B048-FE76B21E2690}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{2BFA2DC9-E455-4DE7-9DED-77386D35C837}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{2EF4C8B3-7469-4FC1-9675-B99811CFCDA9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\world of goo\worldofgoo.exe |
"{3244B4F8-B323-4B8C-B6B0-C297FE2FB11C}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{47613990-ACBE-4A32-91A3-1B9A9AA910C4}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{481F9AA9-438A-404F-80A8-B8120F26E172}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qq games\update\update.exe |
"{526E2768-40AA-4526-9199-CC6EABCC25B1}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{55038E20-B325-4731-87A0-EC20881BF382}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qq games\update\update.exe |
"{583F54C5-6F8A-49A6-AE93-E2CC0FF56D3D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5924AD2B-0DD8-4C8D-B3CF-E8380C21420C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\world of goo demo\worldofgoo.exe |
"{6E924960-B80D-4101-B287-248953AE199E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{7A11B318-FCAC-4EED-AADC-DDF7CB5F138E}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{7DF4E917-4536-450B-AA25-A4A4BCF38905}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{8B52FC55-6AED-4C4B-B1D9-A2E0E577BB1E}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{8BB6C6F3-53A6-426D-B141-21EDD4D5376A}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qq games\qqgamesd.exe |
"{A007F560-A461-4413-B38D-226054028DB7}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A5DEDAB0-7C1B-4E38-979C-5A932BF94D8B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\world of goo\worldofgoo.exe |
"{B47B14D5-6482-4A41-8208-6A34BB1AD6A6}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{C00E2430-32BF-4922-8AFF-4D8D8F367409}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{C7A05411-38C4-449A-A967-1F94E6AF209E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\world of goo demo\worldofgoo.exe |
"{D4370E52-7FF1-41AF-B6B9-0C5832897BB8}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D593CE1B-B503-457F-A206-62BFFC5D2DBE}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{E11A73AA-343D-441E-9018-352542D69E56}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qq games\qqgames.exe |
"{EE11DDD8-74CA-4DEC-BD62-9CF2C4815199}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{F62A060D-E540-4323-BD7A-D382AA411C0D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{F8D3624D-8348-4241-9C68-217DE3F871AD}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qq games\qqgamesd.exe |
"{FE977390-C4E5-489B-8910-64AD3C1135F7}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX310_series" = Canon MX310 series
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{56F26668-13DA-497A-883F-61434A10CBAB}" = MobileMe Control Panel
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers 1.10.01
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFFF260C-F510-45BB-8F8E-1D4AC1232786}" = Adobe Photoshop Lightroom 3.3 64-bit
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF70513F-E3A7-402F-84FB-B7810A064BE2}" = Zune
"1ECD657E4445D4F72EB15751A07E4215BA450674" = Windows Driver Package - Livescribe (PulseUsb) DigitalPen (07/22/2009 2.1.6.0)
"CanonMyPrinter" = Canon My Printer
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"Inspiration 9 PDF Driver_is1" = Inspiration 9 PDF Driver (novaPDF 7.0 printer)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"Zune" = Zune

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3E5DA526-F420-45A6-9F27-D2B5246D6823}" = Free Natural Text to Speech Reader 2008
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6EFDBA50-4ABE-4194-86F7-F3BD0A011F5B}_is1" = Shop To Win
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Search-Results Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{97ABD26A-3249-46CB-B2E2-F66E64B2E480}" = HP Demo
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{ABB977BD-2CBF-4C4D-BB4C-AB415AA42DAA}" = Livescribe™ Desktop
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{B2F3DBD9-A9D2-4838-B45D-C917DAB32BC3}" = ScanSoft OmniPage SE 4
"{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{B9AB88D8-3A09-4A4A-8993-0E2F6F9F294B}" = muvee autoProducer 6.1
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.16
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E21DA178-9FB0-4F91-B79C-5A6DDEEBFB8D}" = Bing Bar Platform
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F31E534B-4199-4552-8154-5C130710D68E}" = HP Total Care Advisor
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Age of Mythology 1.0" = Age of Mythology
"Aim Plugin for QQ Games" = Aim Plugin for QQ Games
"AIM Toolbar" = AIM Toolbar
"AIM_6" = AIM 6
"AIMTunes" = AIMTunes
"ATT-PRT22" = ATT-PRT22
"Canon MX310 series User Registration" = Canon MX310 series User Registration
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"FrostWire" = FrostWire 4.20.9
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007 Trial
"Inspiration 9" = Inspiration 9
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Kidspiration 3" = Kidspiration 3
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.1.0 (Standard)
"McAfee Virtual Technician" = McAfee Virtual Technician
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MSC" = McAfee SecurityCenter
"Mystery P.I. - The Vegas Heist" = Mystery P.I. - The Vegas Heist
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"PokerStars" = PokerStars
"PokerStars.net" = PokerStars.net
"Product_Name" = Ouba
"QQ Games" = QQ Games
"RC_Vista.exe" = RC_Vista.exe
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"sp41119" = sp41119
"Steam App 22000" = World of Goo
"Steam App 22010" = World of Goo Demo
"TabIt for Windows_is1" = TabIt version 2.03
"TimeCalcPro" = TimeCalcPro
"Uniblue RegistryBooster" = Uniblue RegistryBooster
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WTA-611499fc-c89b-41cd-ba93-3a7abc48036d" = Island Wars 2 Christmas Edition
"WTA-c9c0cf9c-042d-49af-b503-ff1c852c8b72" = Crazy Chicken Kart 2
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Mail" = AT&T Yahoo! Internet Mail

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3385600622-3777350188-503640899-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/13/2010 11:41:21 AM | Computer Name = Mom-PC | Source = HP AdvisorUpdate | ID = 0
Description = Could not find a part of the path 'C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd'.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String
path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare
share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize) at System.Xml.XmlDownloadManager.GetStream(Uri
uri, ICredentials credentials) at System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri,
String role, Type ofObjectToReturn) at System.Xml.XmlReader.Create(String inputUri,
XmlReaderSettings settings, XmlParserContext inputContext) at System.Xml.Schema.XmlSchemaSet.Add(String
targetNamespace, String schemaUri) at HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String
path) ValidateDocument failed Business\SearchTargets.xml

Error - 9/13/2010 5:01:27 PM | Computer Name = Mom-PC | Source = Bonjour Service | ID = 100
Description = 400: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 9/13/2010 5:01:27 PM | Computer Name = Mom-PC | Source = Bonjour Service | ID = 100
Description = 404: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 9/13/2010 5:01:27 PM | Computer Name = Mom-PC | Source = Bonjour Service | ID = 100
Description = 416: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 9/13/2010 5:01:27 PM | Computer Name = Mom-PC | Source = Bonjour Service | ID = 100
Description = 420: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 9/13/2010 5:06:36 PM | Computer Name = Mom-PC | Source = HP AdvisorUpdate | ID = 0
Description = Could not find a part of the path 'C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd'.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String
path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare
share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize) at System.Xml.XmlDownloadManager.GetStream(Uri
uri, ICredentials credentials) at System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri,
String role, Type ofObjectToReturn) at System.Xml.XmlReader.Create(String inputUri,
XmlReaderSettings settings, XmlParserContext inputContext) at System.Xml.Schema.XmlSchemaSet.Add(String
targetNamespace, String schemaUri) at HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String
path) ValidateDocument failed Business\SearchTargets.xml

Error - 9/14/2010 2:50:15 PM | Computer Name = Mom-PC | Source = WinMgmt | ID = 10
Description =

Error - 9/14/2010 2:53:07 PM | Computer Name = Mom-PC | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 4064 (0xfe0) Thread address : 0x0000000076DF6D8A Thread message : Build VSCORE.14.0.0.435
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\Program Files (x86)\Ouba\Ouba.exe

by C:\Windows\Explorer.EXE 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0)

5006(0)(0) 5004(0)(0)

Error - 9/14/2010 2:54:22 PM | Computer Name = Mom-PC | Source = HP AdvisorUpdate | ID = 0
Description = Could not find a part of the path 'C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd'.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String
path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare
share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize) at System.Xml.XmlDownloadManager.GetStream(Uri
uri, ICredentials credentials) at System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri,
String role, Type ofObjectToReturn) at System.Xml.XmlReader.Create(String inputUri,
XmlReaderSettings settings, XmlParserContext inputContext) at System.Xml.Schema.XmlSchemaSet.Add(String
targetNamespace, String schemaUri) at HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String
path) ValidateDocument failed Business\SearchTargets.xml

Error - 9/14/2010 5:02:08 PM | Computer Name = Mom-PC | Source = HP AdvisorUpdate | ID = 0
Description = Could not find a part of the path 'C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd'.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String
path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare
share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize) at System.Xml.XmlDownloadManager.GetStream(Uri
uri, ICredentials credentials) at System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri,
String role, Type ofObjectToReturn) at System.Xml.XmlReader.Create(String inputUri,
XmlReaderSettings settings, XmlParserContext inputContext) at System.Xml.Schema.XmlSchemaSet.Add(String
targetNamespace, String schemaUri) at HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String
path) ValidateDocument failed Business\SearchTargets.xml

[ Media Center Events ]
Error - 3/13/2009 3:44:06 PM | Computer Name = Mom-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/29/2009 3:26:27 PM | Computer Name = Mom-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/9/2009 11:52:24 AM | Computer Name = Mom-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 7/1/2009 3:27:47 PM | Computer Name = Mom-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 9/12/2009 3:25:45 PM | Computer Name = Mom-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/7/2009 6:11:46 PM | Computer Name = Mom-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 7/17/2011 10:46:43 PM | Computer Name = Mom-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 7/17/2011 10:46:50 PM | Computer Name = Mom-PC | Source = nvstor64 | ID = 262149
Description = A parity error was detected on \Device\RaidPort0.

Error - 7/17/2011 10:46:50 PM | Computer Name = Mom-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 7/17/2011 10:46:55 PM | Computer Name = Mom-PC | Source = nvstor64 | ID = 262149
Description = A parity error was detected on \Device\RaidPort0.

Error - 7/17/2011 10:46:59 PM | Computer Name = Mom-PC | Source = nvstor64 | ID = 262149
Description = A parity error was detected on \Device\RaidPort0.

Error - 7/17/2011 10:46:59 PM | Computer Name = Mom-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 7/17/2011 10:49:31 PM | Computer Name = Mom-PC | Source = DCOM | ID = 10010
Description =

Error - 7/18/2011 8:16:45 PM | Computer Name = Mom-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.64 for the Network Card with network
address 002354132958 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 7/18/2011 8:17:00 PM | Computer Name = Mom-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 7/18/2011 8:21:16 PM | Computer Name = Mom-PC | Source = DCOM | ID = 10010
Description =


< End of report >
  • 0

Advertisements


#2
Homburg

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hello onnaday and welcome to GeeksToGo :)

I'm Homburg and I'm going to help you fix your problem.

Note that I'm currently in training and my posts have to be approved by an expert before I reply.

  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you
  • Please do not try to fix anything without being asked
  • Please continue to follow my instructions until I tell you your machine is clean. Absence of symptoms does not mean that everything is clear.
  • I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
  • I am currently reviewing your logs.

  • 0

#3
Homburg

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hello onnaday,

Please do the following:


Step 1:

Run OTLPosted Image
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
    SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
    [2011/07/17 00:06:48 | 000,011,806 | -HS- | M] () -- C:\ProgramData\180676m7u7426jofutj5plxox57
    [2011/07/17 00:06:47 | 000,011,806 | -HS- | M] () -- C:\Users\Mom\AppData\Local\180676m7u7426jofutj5plxox57
    [2010/05/16 21:36:25 | 000,000,012 | ---- | C] () -- C:\Users\Mom\AppData\Roaming\kqyvwo.dat
    
    :Services
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    C:\ProgramData\180676m7u7426jofutj5plxox57
    C:\Users\Mom\AppData\Local\180676m7u7426jofutj5plxox57
    
    :Commands
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done and post the fix log.
  • Open OTL again
  • Select All users
  • Click the Quick Scan button. Post the log it produces in your next reply.


Step 2:

Download aswMBR.exe ( 1.8mB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image


Step 3:

Please remember to post:

The OTL fix log
The new OTL QuickScan log
The aswMBR scan log

How is your PC running now?

Homburg
  • 0

#4
onnaday

onnaday

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Thanks so much for you help Homburg. I really appreciate it! Here are the log results of the scans.

All processes killed
========== OTL ==========
Process ViewpointService.exe killed successfully!
Service Viewpoint Manager Service stopped successfully!
Service Viewpoint Manager Service deleted successfully!
C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe moved successfully.
C:\ProgramData\180676m7u7426jofutj5plxox57 moved successfully.
C:\Users\Mom\AppData\Local\180676m7u7426jofutj5plxox57 moved successfully.
C:\Users\Mom\AppData\Roaming\kqyvwo.dat moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
c:\Users\Mom\Downloads\cmd.bat deleted successfully.
c:\Users\Mom\Downloads\cmd.txt deleted successfully.
File\Folder C:\ProgramData\180676m7u7426jofutj5plxox57 not found.
File\Folder C:\Users\Mom\AppData\Local\180676m7u7426jofutj5plxox57 not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: chris
->Temp folder emptied: 4774245 bytes
->Temporary Internet Files folder emptied: 13926011 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 9655004 bytes
->Flash cache emptied: 6252 bytes

User: chris.Mom-PC
->Temp folder emptied: 16627913 bytes
->Temporary Internet Files folder emptied: 110876713 bytes
->Java cache emptied: 5754764 bytes
->FireFox cache emptied: 34279047 bytes
->Google Chrome cache emptied: 6569241 bytes
->Flash cache emptied: 50511 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56586 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: me
->Temp folder emptied: 32707 bytes
->Temporary Internet Files folder emptied: 560095 bytes
->Flash cache emptied: 405 bytes

User: Mom
->Temp folder emptied: 36279872 bytes
->Temporary Internet Files folder emptied: 206458476 bytes
->Java cache emptied: 118002702 bytes
->FireFox cache emptied: 62988426 bytes
->Google Chrome cache emptied: 6138516 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 3003743 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 318048200 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 910.00 mb


[EMPTYFLASH]

User: All Users

User: chris
->Flash cache emptied: 0 bytes

User: chris.Mom-PC
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: me
->Flash cache emptied: 0 bytes

User: Mom
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.26.1 log created on 07192011_201933

Files\Folders moved on Reboot...
C:\Windows\temp\TMP00000019AA3E19598CB9206D moved successfully.

Registry entries deleted on Reboot...


OTL logfile created on: 7/19/2011 8:37:49 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = c:\Users\Mom\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.87 Gb Total Physical Memory | 3.13 Gb Available Physical Memory | 64.27% Memory free
9.89 Gb Paging File | 7.68 Gb Available in Paging File | 77.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.83 Gb Total Space | 333.80 Gb Free Space | 73.71% Space Free | Partition Type: NTFS
Drive D: | 12.93 Gb Total Space | 1.78 Gb Free Space | 13.76% Space Free | Partition Type: NTFS

Computer Name: MOM-PC | User Name: Mom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/18 21:44:07 | 000,579,584 | ---- | M] (OldTimer Tools) -- c:\Users\Mom\Downloads\OTL.exe
PRC - [2011/06/23 08:40:11 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/06/02 04:42:53 | 000,025,472 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
PRC - [2009/03/30 07:41:56 | 000,151,552 | ---- | M] (Livescribe) -- C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe
PRC - [2007/05/14 20:01:00 | 000,644,696 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.EXE
PRC - [2007/04/18 10:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/04/13 11:20:22 | 000,097,432 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe


========== Modules (SafeList) ==========

MOD - [2011/07/18 21:44:07 | 000,579,584 | ---- | M] (OldTimer Tools) -- c:\Users\Mom\Downloads\OTL.exe
MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/04/14 14:01:38 | 000,245,352 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV:64bit: - [2011/04/14 14:01:38 | 000,200,056 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/03/13 11:45:12 | 000,158,832 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2010/10/07 20:34:28 | 000,509,416 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2008/11/10 12:20:10 | 006,554,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2008/11/10 12:19:52 | 000,285,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/07/08 22:03:38 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/24 06:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/03/30 07:41:56 | 000,151,552 | ---- | M] (Livescribe) [Auto | Running] -- C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe -- (PenCommService)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/04/13 11:20:22 | 000,097,432 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/04/14 14:01:38 | 000,441,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2011/04/14 14:01:38 | 000,283,744 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,190,520 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,094,992 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2011/04/14 14:01:38 | 000,075,160 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,063,056 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011/03/13 11:20:10 | 000,639,216 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2011/03/13 11:20:10 | 000,156,792 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010/09/28 16:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/16 10:22:40 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2009/09/16 10:15:38 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2009/07/22 14:42:20 | 000,024,576 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\PulseUsb.sys -- (PulseUsb)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2009/08/14 08:45:24 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/08/14 08:45:24 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-3385600622-3777350188-503640899-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKU\S-1-5-21-3385600622-3777350188-503640899-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-3385600622-3777350188-503640899-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-3385600622-3777350188-503640899-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKU\S-1-5-21-3385600622-3777350188-503640899-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3385600622-3777350188-503640899-1000\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3385600622-3777350188-503640899-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Search-Results)
IE - HKU\S-1-5-21-3385600622-3777350188-503640899-1000\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKU\S-1-5-21-3385600622-3777350188-503640899-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-3385600622-3777350188-503640899-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3385600622-3777350188-503640899-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Search-Results"
FF - prefs.js..browser.search.defaultenginename: "Search-Results"
FF - prefs.js..browser.search.order.1: "Search-Results"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.aol.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.0.21
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..keyword.URL: "http://websearch.sea...=YYYYYYS1US&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files (x86)\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\Firefox [2010/08/30 11:02:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/08/31 09:26:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011/07/08 21:09:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/07/16 22:06:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/23 08:40:13 | 000,000,000 | ---D | M]

[2010/01/21 14:32:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mom\AppData\Roaming\Mozilla\Extensions
[2011/07/19 20:17:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\1rakunje.default\extensions
[2011/03/25 19:48:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\1rakunje.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/26 13:43:00 | 000,000,000 | ---D | M] (SlingHealth) -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\1rakunje.default\extensions\[email protected]
[2010/12/11 21:17:10 | 000,003,360 | ---- | M] () -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\1rakunje.default\searchplugins\search-results.xml
[2011/07/16 23:57:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/07/08 21:09:08 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll

O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110716220600.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Shop to Win 2) - {20FEC4E7-F7B7-438B-8191-33D2EFC5EBEA} - C:\Program Files (x86)\Shop to Win 2\Shop to Win 2.dll (Shop To Win, LLC)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110716220600.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Search-results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Search-Results)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Search-results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Search-Results)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3385600622-3777350188-503640899-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3385600622-3777350188-503640899-1000\..\Toolbar\WebBrowser: (Search-results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Search-Results)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3385600622-3777350188-503640899-1000..\Run: [Aim6] File not found
O4 - HKU\S-1-5-21-3385600622-3777350188-503640899-1000..\Run: [RegistryBooster] C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3385600622-3777350188-503640899-1000\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-3385600622-3777350188-503640899-1000\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3385600622-3777350188-503640899-1000\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Mom\Pictures\2009-08-11 summer 09\summer 09 034.JPG
O24 - Desktop BackupWallPaper: C:\Users\Mom\Pictures\2009-08-11 summer 09\summer 09 034.JPG
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{79f51818-c539-11dd-9c1a-002354132958}\Shell - "" = AutoRun
O33 - MountPoints2\{79f51818-c539-11dd-9c1a-002354132958}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-3385600622-3777350188-503640899-1000..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/19 20:35:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/07/19 20:19:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/19 19:46:48 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{7A5E1B46-1FEC-4265-BB5A-40B21B32622E}
[2011/07/17 21:05:41 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{0B53D96C-DECF-45E0-8099-9A83554E1D8A}
[2011/07/17 00:52:35 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/07/16 23:53:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/07/16 23:52:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/07/16 22:06:42 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{1F02598B-A66D-4114-A3F7-4617803B4B92}
[2011/07/15 21:16:28 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{F5BF4420-371D-4ABE-9510-E0B493F49C6C}
[2011/07/15 20:00:00 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{D9DD9000-B4BF-4E63-A733-2A2198DF5090}
[2011/07/14 19:41:31 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{0B51E05B-C4A1-49E6-AC4F-6F732CF0CDE0}
[2011/07/13 22:05:11 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{B911FE1A-C0BB-4830-8859-8E1F87107420}
[2011/07/12 20:38:47 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{65D44D42-1A9C-4A63-AA19-27C4E5BF129A}
[2011/07/10 19:15:11 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{78060910-11E6-4A54-B47D-6A7941306C09}
[2011/07/09 12:25:05 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{C769918A-F04B-4C03-9395-1B56246C3609}
[2011/07/08 21:01:21 | 000,009,984 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeclnk.sys
[2011/07/08 21:01:16 | 000,441,840 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfefirek.sys
[2011/07/08 21:01:16 | 000,283,744 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfewfpk.sys
[2011/07/08 21:01:16 | 000,190,520 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeavfk.sys
[2011/07/08 21:01:16 | 000,094,992 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mferkdet.sys
[2011/07/08 21:01:16 | 000,075,160 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfenlfk.sys
[2011/07/08 21:01:16 | 000,063,056 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\cfwids.sys
[2011/07/08 19:54:11 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{8A80A6D8-C8E5-42A6-A7CB-DBEB8B6273DE}
[2011/07/07 23:42:52 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\Uniblue
[2011/07/07 23:42:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
[2011/07/07 23:42:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2011/07/07 23:42:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2011/07/07 23:42:40 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\PackageAware
[2011/07/07 22:50:02 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{24CEDC26-8E8F-4E49-ACCA-192B53AE6A85}
[2011/07/07 22:50:00 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\{E805A42E-F108-4C92-9A69-E4ACF57839EF}
[2011/07/07 22:44:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MpEngineStore
[2011/07/07 19:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2011/07/07 19:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2011/07/07 19:20:06 | 000,158,832 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe
[2011/07/04 18:45:36 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\Windows Live
[2011/06/22 19:01:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011/06/21 10:10:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo Layers
[2011/06/21 10:10:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2011/06/21 10:09:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Shop to Win 2
[2011/06/21 10:09:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Shop To Win
[1 C:\Users\Mom\AppData\Local\*.tmp files -> C:\Users\Mom\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/19 20:35:09 | 000,001,737 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2011/07/19 20:32:13 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/19 20:32:03 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2011/07/19 20:31:04 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/19 20:31:04 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/19 20:30:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/19 19:59:03 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/16 23:54:38 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/07/16 23:54:03 | 000,721,296 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/16 23:54:03 | 000,606,364 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/07/16 23:54:03 | 000,104,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/07/15 23:05:16 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/07/12 23:10:36 | 000,000,975 | ---- | M] () -- C:\Users\Mom\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/12 22:44:08 | 000,008,798 | ---- | M] () -- C:\Windows\SysWow64\icrav03.rat
[2011/07/12 22:44:08 | 000,001,988 | ---- | M] () -- C:\Windows\SysWow64\ticrf.rat
[2011/07/12 22:44:07 | 000,008,798 | ---- | M] () -- C:\Windows\SysNative\icrav03.rat
[2011/07/12 22:44:07 | 000,001,988 | ---- | M] () -- C:\Windows\SysNative\ticrf.rat
[2011/07/12 22:43:53 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/07/12 22:43:50 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011/07/12 22:20:23 | 000,333,600 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/07/08 22:05:35 | 000,001,214 | ---- | M] () -- C:\Users\Mom\Desktop\msert - Shortcut.lnk
[2011/07/07 23:42:50 | 000,001,635 | ---- | M] () -- C:\Users\Mom\Desktop\Uniblue RegistryBooster.lnk
[2011/07/07 23:42:50 | 000,001,625 | ---- | M] () -- C:\Users\Mom\Application Data\Microsoft\Internet Explorer\Quick Launch\Uniblue RegistryBooster.lnk
[2011/07/07 23:03:04 | 000,001,985 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Virtual Technician.lnk
[2011/06/22 19:01:12 | 000,001,924 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[1 C:\Users\Mom\AppData\Local\*.tmp files -> C:\Users\Mom\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/16 23:54:38 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/07/16 23:54:03 | 000,721,296 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/16 23:52:59 | 000,001,810 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/07/12 22:43:53 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/07/12 22:43:50 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/07/08 21:40:20 | 000,001,214 | ---- | C] () -- C:\Users\Mom\Desktop\msert - Shortcut.lnk
[2011/07/08 21:04:07 | 000,001,737 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2011/07/07 23:42:56 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\RegistryBooster.job
[2011/07/07 23:42:50 | 000,001,635 | ---- | C] () -- C:\Users\Mom\Desktop\Uniblue RegistryBooster.lnk
[2011/07/07 23:42:50 | 000,001,625 | ---- | C] () -- C:\Users\Mom\Application Data\Microsoft\Internet Explorer\Quick Launch\Uniblue RegistryBooster.lnk
[2011/07/07 19:43:29 | 000,001,985 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Virtual Technician.lnk
[2011/07/07 19:42:56 | 000,001,995 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Virtual Technician.lnk
[2011/07/04 18:47:41 | 000,002,081 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/06/22 19:01:12 | 000,001,924 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/06/22 19:01:12 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2010/07/25 15:23:45 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/06/27 10:10:48 | 000,000,680 | ---- | C] () -- C:\Users\Mom\AppData\Local\d3d9caps.dat
[2009/10/19 16:40:53 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/10/19 16:40:24 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/10/19 16:39:56 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/23 10:39:47 | 000,000,021 | ---- | C] () -- C:\Windows\atid.ini
[2009/03/10 20:38:55 | 000,048,128 | ---- | C] () -- C:\Users\Mom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/26 10:34:07 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/11/20 09:27:33 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll
[2008/11/20 09:26:13 | 000,000,424 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2008/11/19 21:40:53 | 000,029,556 | ---- | C] () -- C:\Users\Mom\AppData\Roaming\wklnhst.dat
[2008/09/06 03:29:23 | 000,107,384 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/09/06 03:01:26 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2008/09/06 03:01:26 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== LOP Check ==========

[2010/06/08 13:51:37 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Canon
[2010/07/28 10:49:44 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Softland
[2010/07/28 10:49:45 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Template
[2010/08/12 15:18:57 | 000,000,000 | ---D | M] -- C:\Users\chris.Mom-PC\AppData\Roaming\Canon
[2011/06/21 10:12:30 | 000,000,000 | ---D | M] -- C:\Users\chris.Mom-PC\AppData\Roaming\EpicBot
[2011/07/06 14:38:34 | 000,000,000 | ---D | M] -- C:\Users\chris.Mom-PC\AppData\Roaming\FrostWire
[2010/08/30 13:00:19 | 000,000,000 | ---D | M] -- C:\Users\chris.Mom-PC\AppData\Roaming\NewSoft
[2010/08/30 13:07:03 | 000,000,000 | ---D | M] -- C:\Users\chris.Mom-PC\AppData\Roaming\Softland
[2010/08/30 13:07:04 | 000,000,000 | ---D | M] -- C:\Users\chris.Mom-PC\AppData\Roaming\Template
[2009/04/18 21:08:13 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\acccore
[2008/11/20 23:08:17 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Canon
[2010/08/08 00:09:10 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\FrostWire
[2011/03/19 09:59:11 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Gamelab
[2008/12/21 00:32:29 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Gold Casual Games
[2010/03/02 09:56:08 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Inspiration Software
[2009/06/13 21:53:06 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\iWin
[2009/03/10 18:09:54 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Meridian93
[2009/08/09 13:17:15 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\MusicNet
[2009/01/04 20:04:58 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\NewSoft
[2009/07/23 10:41:51 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\QQ Games Plugin
[2008/11/20 09:26:10 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\ScanSoft
[2009/01/07 17:47:37 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\SecretIslandEng
[2010/12/26 13:43:05 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Sling Media
[2010/03/02 09:55:45 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Softland
[2009/05/27 15:30:44 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\SpinTop
[2011/03/19 20:52:30 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\SPORE Creature Creator
[2008/11/19 21:40:55 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Template
[2010/08/02 16:54:38 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\TimeCalcPro
[2011/07/07 23:42:52 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Uniblue
[2008/11/19 21:38:26 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\WildTangent
[2009/01/14 22:52:10 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\WildTangentv1001
[2009/02/14 16:33:06 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\WildTangentv1005
[2008/11/27 22:27:57 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\WinBatch
[2011/07/19 20:32:03 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job
[2011/07/19 20:29:15 | 000,032,540 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:178D4338
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:4AC9B4B7

< End of report >


aswMBR version 0.9.7.777 Copyright© 2011 AVAST Software
Run date: 2011-07-19 20:49:37
-----------------------------
20:49:37.786 OS Version: Windows x64 6.0.6002 Service Pack 2
20:49:37.786 Number of processors: 2 586 0x6B02
20:49:37.786 ComputerName: MOM-PC UserName: Mom
20:49:39.268 Initialize success
20:49:55.561 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000056
20:49:55.577 Disk 0 Vendor: SAMSUNG_ CR10 Size: 476940MB BusType: 3
20:49:55.577 Device \Driver\nvstor64 -> MajorFunction fffffa8005a9a6c0
20:49:57.589 Disk 0 MBR read successfully
20:49:57.589 Disk 0 MBR scan
20:49:57.589 Disk 0 unknown MBR code
20:49:57.589 Service scanning
20:49:58.791 Disk 0 trace - called modules:
20:49:58.791 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys >>UNKNOWN [0xfffffa8005a9a6c0]<<
20:49:58.791 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800596f060]
20:49:58.791 3 CLASSPNP.SYS[fffffa6000991c33] -> nt!IofCallDriver -> [0xfffffa800565ee40]
20:49:58.791 5 acpi.sys[fffffa6000825fde] -> nt!IofCallDriver -> \Device\00000056[0xfffffa800576c910]
20:49:58.806 \Driver\nvstor64[0xfffffa8005970d00] -> IRP_MJ_CREATE -> 0xfffffa8005a9a6c0
20:49:58.806 Scan finished successfully
20:51:30.277 Disk 0 MBR has been saved successfully to "C:\Users\Mom\Desktop\MBR.dat"
20:51:30.371 The log file has been saved successfully to "C:\Users\Mom\Desktop\aswMBR.txt"


The PC seems to be running fine. It took a little longer than usual for the Windows to start up after the scan. I was able to open Mozilla normally without the "dialup" pop-up. Thanks again for your help. I will look forward to your next instructions. Thanks again for taking the time to help me!!
  • 0

#5
Homburg

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hi,

Can you please do the following:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.



Step 2:

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.


Please remember to post both the TDSSkiller log and the MBRcheck log

Homburg
  • 0

#6
onnaday

onnaday

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi Homburg,

Here are the next two logs.

Thanks for taking the time to help!!

2011/07/20 18:09:38.0342 4416 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/20 18:09:38.0815 4416 ================================================================================
2011/07/20 18:09:38.0815 4416 SystemInfo:
2011/07/20 18:09:38.0815 4416
2011/07/20 18:09:38.0815 4416 OS Version: 6.0.6002 ServicePack: 2.0
2011/07/20 18:09:38.0815 4416 Product type: Workstation
2011/07/20 18:09:38.0815 4416 ComputerName: MOM-PC
2011/07/20 18:09:38.0816 4416 UserName: Mom
2011/07/20 18:09:38.0816 4416 Windows directory: C:\Windows
2011/07/20 18:09:38.0816 4416 System windows directory: C:\Windows
2011/07/20 18:09:38.0816 4416 Running under WOW64
2011/07/20 18:09:38.0816 4416 Processor architecture: Intel x64
2011/07/20 18:09:38.0816 4416 Number of processors: 2
2011/07/20 18:09:38.0816 4416 Page size: 0x1000
2011/07/20 18:09:38.0816 4416 Boot type: Normal boot
2011/07/20 18:09:38.0816 4416 ================================================================================
2011/07/20 18:09:39.0332 4416 Initialize success
2011/07/20 18:09:42.0296 4452 ================================================================================
2011/07/20 18:09:42.0296 4452 Scan started
2011/07/20 18:09:42.0297 4452 Mode: Manual;
2011/07/20 18:09:42.0297 4452 ================================================================================
2011/07/20 18:09:42.0738 4452 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
2011/07/20 18:09:42.0809 4452 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
2011/07/20 18:09:42.0899 4452 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
2011/07/20 18:09:42.0936 4452 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
2011/07/20 18:09:42.0961 4452 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
2011/07/20 18:09:43.0054 4452 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
2011/07/20 18:09:43.0098 4452 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
2011/07/20 18:09:43.0171 4452 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2011/07/20 18:09:43.0213 4452 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
2011/07/20 18:09:43.0268 4452 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
2011/07/20 18:09:43.0320 4452 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/20 18:09:43.0401 4452 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
2011/07/20 18:09:43.0451 4452 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
2011/07/20 18:09:43.0546 4452 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/20 18:09:43.0601 4452 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
2011/07/20 18:09:43.0740 4452 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
2011/07/20 18:09:43.0794 4452 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/20 18:09:43.0822 4452 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2011/07/20 18:09:43.0868 4452 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2011/07/20 18:09:43.0932 4452 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2011/07/20 18:09:43.0960 4452 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2011/07/20 18:09:43.0991 4452 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2011/07/20 18:09:44.0017 4452 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2011/07/20 18:09:44.0064 4452 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2011/07/20 18:09:44.0105 4452 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/20 18:09:44.0144 4452 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/20 18:09:44.0218 4452 cfwids (676535b3156fecf7133cf80b4d2f6cf7) C:\Windows\system32\drivers\cfwids.sys
2011/07/20 18:09:44.0244 4452 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
2011/07/20 18:09:44.0292 4452 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
2011/07/20 18:09:44.0360 4452 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
2011/07/20 18:09:44.0396 4452 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
2011/07/20 18:09:44.0418 4452 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
2011/07/20 18:09:44.0506 4452 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
2011/07/20 18:09:44.0564 4452 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
2011/07/20 18:09:44.0630 4452 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2011/07/20 18:09:44.0686 4452 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/20 18:09:44.0713 4452 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
2011/07/20 18:09:44.0759 4452 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
2011/07/20 18:09:44.0817 4452 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
2011/07/20 18:09:44.0860 4452 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
2011/07/20 18:09:44.0909 4452 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
2011/07/20 18:09:44.0942 4452 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
2011/07/20 18:09:44.0976 4452 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/20 18:09:45.0013 4452 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2011/07/20 18:09:45.0054 4452 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2011/07/20 18:09:45.0079 4452 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/20 18:09:45.0116 4452 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
2011/07/20 18:09:45.0169 4452 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/20 18:09:45.0200 4452 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
2011/07/20 18:09:45.0249 4452 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/07/20 18:09:45.0342 4452 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/20 18:09:45.0372 4452 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2011/07/20 18:09:45.0396 4452 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
2011/07/20 18:09:45.0435 4452 HidUsb (d02c82cb3a20f391c8aeff94e8e0baa1) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/20 18:09:45.0486 4452 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
2011/07/20 18:09:45.0532 4452 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
2011/07/20 18:09:45.0574 4452 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
2011/07/20 18:09:45.0615 4452 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/20 18:09:45.0653 4452 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
2011/07/20 18:09:45.0703 4452 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2011/07/20 18:09:45.0795 4452 IntcAzAudAddService (46cb3abe8150e7b181e86d4906de17e8) C:\Windows\system32\drivers\RTKVHD64.sys
2011/07/20 18:09:45.0829 4452 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
2011/07/20 18:09:45.0859 4452 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/20 18:09:45.0926 4452 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/20 18:09:45.0980 4452 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
2011/07/20 18:09:46.0008 4452 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2011/07/20 18:09:46.0062 4452 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2011/07/20 18:09:46.0098 4452 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
2011/07/20 18:09:46.0142 4452 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/20 18:09:46.0185 4452 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2011/07/20 18:09:46.0214 4452 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2011/07/20 18:09:46.0240 4452 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/20 18:09:46.0261 4452 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/20 18:09:46.0318 4452 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/20 18:09:46.0358 4452 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2011/07/20 18:09:46.0420 4452 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/20 18:09:46.0468 4452 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
2011/07/20 18:09:46.0493 4452 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
2011/07/20 18:09:46.0524 4452 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
2011/07/20 18:09:46.0550 4452 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2011/07/20 18:09:46.0685 4452 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
2011/07/20 18:09:46.0719 4452 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
2011/07/20 18:09:46.0774 4452 mfeapfk (fb752feb1ed4e660ff51712892905c04) C:\Windows\system32\drivers\mfeapfk.sys
2011/07/20 18:09:46.0821 4452 mfeavfk (5822e70233218bcf22a65fcea74d012d) C:\Windows\system32\drivers\mfeavfk.sys
2011/07/20 18:09:46.0901 4452 mfefirek (5a24e7c834576313d8c5eaf0825da844) C:\Windows\system32\drivers\mfefirek.sys
2011/07/20 18:09:46.0940 4452 mfehidk (39030c98198f02a2f3a1c3166bf56253) C:\Windows\system32\drivers\mfehidk.sys
2011/07/20 18:09:47.0067 4452 mfenlfk (50c3a9d7465d385061c0601deefb5a8e) C:\Windows\system32\DRIVERS\mfenlfk.sys
2011/07/20 18:09:47.0171 4452 mferkdet (edf5ee799a0b3ed6dce8bb16a51f3d1f) C:\Windows\system32\drivers\mferkdet.sys
2011/07/20 18:09:47.0204 4452 mferkdk (624d717b11e5004f68442b5740f17f21) C:\Windows\system32\drivers\mferkdk.sys
2011/07/20 18:09:47.0245 4452 mfesmfk (0cd9de7b96735f33f078c4ea044e8b34) C:\Windows\system32\drivers\mfesmfk.sys
2011/07/20 18:09:47.0286 4452 mfewfpk (9182faf9addd5ea6308d155ceb502c6f) C:\Windows\system32\drivers\mfewfpk.sys
2011/07/20 18:09:47.0390 4452 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2011/07/20 18:09:47.0433 4452 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/20 18:09:47.0459 4452 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/20 18:09:47.0498 4452 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/20 18:09:47.0523 4452 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2011/07/20 18:09:47.0570 4452 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/07/20 18:09:47.0665 4452 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
2011/07/20 18:09:47.0695 4452 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/07/20 18:09:47.0721 4452 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/20 18:09:47.0751 4452 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2011/07/20 18:09:47.0824 4452 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
2011/07/20 18:09:47.0938 4452 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
2011/07/20 18:09:47.0988 4452 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
2011/07/20 18:09:48.0025 4452 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/20 18:09:48.0069 4452 mrxsmb10 (6dc9461915a551c2a625986f5fb3b851) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/20 18:09:48.0162 4452 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/20 18:09:48.0186 4452 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
2011/07/20 18:09:48.0210 4452 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
2011/07/20 18:09:48.0256 4452 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2011/07/20 18:09:48.0273 4452 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2011/07/20 18:09:48.0327 4452 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/20 18:09:48.0368 4452 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/20 18:09:48.0391 4452 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2011/07/20 18:09:48.0434 4452 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
2011/07/20 18:09:48.0466 4452 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/20 18:09:48.0490 4452 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2011/07/20 18:09:48.0513 4452 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
2011/07/20 18:09:48.0564 4452 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/20 18:09:48.0623 4452 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
2011/07/20 18:09:48.0654 4452 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/20 18:09:48.0677 4452 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/20 18:09:48.0711 4452 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/20 18:09:48.0737 4452 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2011/07/20 18:09:48.0766 4452 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/20 18:09:48.0812 4452 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/20 18:09:48.0887 4452 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2011/07/20 18:09:48.0948 4452 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/07/20 18:09:49.0000 4452 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
2011/07/20 18:09:49.0024 4452 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/20 18:09:49.0105 4452 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
2011/07/20 18:09:49.0150 4452 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2011/07/20 18:09:49.0218 4452 NVENETFD (13ec5b8a4b82b6deb739fc577b4217a7) C:\Windows\system32\DRIVERS\nvmfdx64.sys
2011/07/20 18:09:49.0476 4452 nvlddmkm (155b6747e190342b20f9f0b4c34e96d2) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/07/20 18:09:49.0570 4452 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
2011/07/20 18:09:49.0620 4452 nvrd64 (a4b9af8d1793f67ce894bf051342110f) C:\Windows\system32\drivers\nvrd64.sys
2011/07/20 18:09:49.0667 4452 nvsmu (16d36074b84da72d160233c8d132dc89) C:\Windows\system32\drivers\nvsmu.sys
2011/07/20 18:09:49.0700 4452 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
2011/07/20 18:09:49.0742 4452 nvstor64 (3487159a72f1b76e32641f9a9b5f88d1) C:\Windows\system32\drivers\nvstor64.sys
2011/07/20 18:09:49.0787 4452 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
2011/07/20 18:09:49.0902 4452 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/20 18:09:49.0955 4452 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
2011/07/20 18:09:49.0997 4452 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
2011/07/20 18:09:50.0043 4452 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
2011/07/20 18:09:50.0074 4452 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
2011/07/20 18:09:50.0122 4452 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2011/07/20 18:09:50.0196 4452 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2011/07/20 18:09:50.0384 4452 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/20 18:09:50.0413 4452 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
2011/07/20 18:09:50.0476 4452 Ps2 (1d0a3f565397d08707f3d75b88586645) C:\Windows\system32\DRIVERS\PS2.sys
2011/07/20 18:09:50.0528 4452 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/20 18:09:50.0564 4452 PulseUsb (aed8f67d34f38b1d50b1a021015ff835) C:\Windows\system32\DRIVERS\PulseUsb.sys
2011/07/20 18:09:50.0673 4452 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
2011/07/20 18:09:50.0712 4452 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2011/07/20 18:09:50.0745 4452 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/20 18:09:50.0769 4452 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/20 18:09:50.0798 4452 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/20 18:09:50.0853 4452 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/20 18:09:50.0897 4452 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/20 18:09:50.0949 4452 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/20 18:09:50.0978 4452 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/20 18:09:51.0015 4452 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
2011/07/20 18:09:51.0045 4452 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/20 18:09:51.0095 4452 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
2011/07/20 18:09:51.0163 4452 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/20 18:09:51.0200 4452 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2011/07/20 18:09:51.0255 4452 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/07/20 18:09:51.0291 4452 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
2011/07/20 18:09:51.0320 4452 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
2011/07/20 18:09:51.0350 4452 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2011/07/20 18:09:51.0401 4452 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
2011/07/20 18:09:51.0433 4452 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/20 18:09:51.0463 4452 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/20 18:09:51.0479 4452 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2011/07/20 18:09:51.0523 4452 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
2011/07/20 18:09:51.0547 4452 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
2011/07/20 18:09:51.0598 4452 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
2011/07/20 18:09:51.0646 4452 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
2011/07/20 18:09:51.0702 4452 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
2011/07/20 18:09:51.0751 4452 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/20 18:09:51.0772 4452 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/20 18:09:51.0838 4452 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/20 18:09:51.0885 4452 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2011/07/20 18:09:51.0911 4452 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2011/07/20 18:09:51.0936 4452 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2011/07/20 18:09:52.0020 4452 Tcpip (0011810b5211fdacd784de585262ecfe) C:\Windows\system32\drivers\tcpip.sys
2011/07/20 18:09:52.0061 4452 Tcpip6 (0011810b5211fdacd784de585262ecfe) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/20 18:09:52.0106 4452 tcpipreg (ce3ae2ba7a076f0ade9f48c598c1d15d) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/20 18:09:52.0192 4452 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2011/07/20 18:09:52.0215 4452 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2011/07/20 18:09:52.0254 4452 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/20 18:09:52.0290 4452 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/20 18:09:52.0353 4452 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/20 18:09:52.0391 4452 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2011/07/20 18:09:52.0447 4452 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/20 18:09:52.0478 4452 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
2011/07/20 18:09:52.0506 4452 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/20 18:09:52.0557 4452 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/20 18:09:52.0589 4452 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
2011/07/20 18:09:52.0628 4452 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2011/07/20 18:09:52.0660 4452 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2011/07/20 18:09:52.0692 4452 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/20 18:09:52.0736 4452 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
2011/07/20 18:09:52.0775 4452 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/20 18:09:52.0806 4452 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
2011/07/20 18:09:52.0854 4452 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/20 18:09:52.0889 4452 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/20 18:09:52.0923 4452 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
2011/07/20 18:09:52.0973 4452 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/20 18:09:53.0013 4452 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
2011/07/20 18:09:53.0055 4452 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/20 18:09:53.0081 4452 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/20 18:09:53.0132 4452 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/20 18:09:53.0157 4452 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2011/07/20 18:09:53.0181 4452 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
2011/07/20 18:09:53.0215 4452 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
2011/07/20 18:09:53.0274 4452 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
2011/07/20 18:09:53.0322 4452 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
2011/07/20 18:09:53.0358 4452 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
2011/07/20 18:09:53.0411 4452 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2011/07/20 18:09:53.0443 4452 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/20 18:09:53.0461 4452 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/20 18:09:53.0502 4452 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
2011/07/20 18:09:53.0549 4452 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/20 18:09:53.0715 4452 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
2011/07/20 18:09:53.0796 4452 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/07/20 18:09:53.0820 4452 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/20 18:09:53.0883 4452 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/20 18:09:53.0943 4452 MBR (0x1B8) (13af81ffe36981a6a5910f5f7a43b4f8) \Device\Harddisk0\DR0
2011/07/20 18:09:53.0949 4452 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/07/20 18:09:53.0962 4452 Boot (0x1200) (518c89e4e95b35e3e30f3ac3d3c89f48) \Device\Harddisk0\DR0\Partition0
2011/07/20 18:09:54.0011 4452 Boot (0x1200) (e390d7a30fb0bedd04b62359822acb37) \Device\Harddisk0\DR0\Partition1
2011/07/20 18:09:54.0017 4452 ================================================================================
2011/07/20 18:09:54.0017 4452 Scan finished
2011/07/20 18:09:54.0017 4452 ================================================================================
2011/07/20 18:09:54.0033 3984 Detected object count: 1
2011/07/20 18:09:54.0033 3984 Actual detected object count: 1
2011/07/20 18:10:17.0906 3984 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/07/20 18:10:17.0906 3984 \Device\Harddisk0\DR0 - ok
2011/07/20 18:10:17.0912 3984 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/07/20 18:10:43.0354 4864 Deinitialize success



MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: PEGATRON CORPORATION
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: HP-Pavilion
System Product Name: FQ424AA-ABA a6645f
Logical Drives Mask: 0x000001fc

Kernel Drivers (total 136):
0x02453000 \SystemRoot\system32\ntoskrnl.exe
0x0240D000 \SystemRoot\system32\hal.dll
0x00608000 \SystemRoot\system32\kdcom.dll
0x00612000 \SystemRoot\system32\PSHED.dll
0x00626000 \SystemRoot\system32\CLFS.SYS
0x00683000 \SystemRoot\system32\CI.dll
0x00802000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008DC000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008EA000 \SystemRoot\system32\drivers\acpi.sys
0x00940000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00949000 \SystemRoot\system32\drivers\msisadrv.sys
0x00953000 \SystemRoot\system32\drivers\pci.sys
0x00983000 \SystemRoot\System32\drivers\partmgr.sys
0x00998000 \SystemRoot\system32\drivers\volmgr.sys
0x00735000 \SystemRoot\System32\drivers\volmgrx.sys
0x009AC000 \SystemRoot\system32\drivers\pciide.sys
0x009B3000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x009C3000 \SystemRoot\System32\drivers\mountmgr.sys
0x009D6000 \SystemRoot\system32\drivers\nvraid.sys
0x0079B000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x007C7000 \SystemRoot\system32\drivers\atapi.sys
0x007CF000 \SystemRoot\system32\drivers\ataport.SYS
0x00A04000 \SystemRoot\system32\drivers\nvstor64.sys
0x00A2F000 \SystemRoot\system32\drivers\storport.sys
0x00A8C000 \SystemRoot\system32\drivers\fltmgr.sys
0x00AD3000 \SystemRoot\system32\drivers\fileinfo.sys
0x00AE7000 \SystemRoot\system32\drivers\mfehidk.sys
0x00C0D000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00E06000 \SystemRoot\system32\drivers\ndis.sys
0x00C94000 \SystemRoot\system32\drivers\msrpc.sys
0x00CE4000 \SystemRoot\system32\drivers\NETIO.SYS
0x01007000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01187000 \SystemRoot\system32\drivers\volsnap.sys
0x011CB000 \SystemRoot\System32\Drivers\spldr.sys
0x011D3000 \SystemRoot\System32\Drivers\mup.sys
0x00FC9000 \SystemRoot\System32\drivers\ecache.sys
0x011E5000 \SystemRoot\system32\drivers\disk.sys
0x00FF5000 \SystemRoot\system32\drivers\crcdisk.sys
0x00D80000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x00D8D000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x00D96000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x00DAA000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x00DC0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x00DCC000 \SystemRoot\system32\DRIVERS\PS2.sys
0x00DD5000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x00DE3000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x00B81000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x00DEE000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x00BC7000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x00BD9000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x02E0C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x0320E000 \SystemRoot\system32\DRIVERS\nvmfdx64.sys
0x0337A000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x03396000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x0340B000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x02EF9000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03D2B000 \SystemRoot\System32\drivers\watchdog.sys
0x03D3B000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x03D74000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03D81000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03DA4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03DB0000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03DE1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x033A3000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x033C1000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x033D9000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03DF1000 \SystemRoot\system32\DRIVERS\swenum.sys
0x03E02000 \SystemRoot\system32\DRIVERS\ks.sys
0x03E36000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03E41000 \SystemRoot\system32\DRIVERS\umbus.sys
0x03E51000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x03E99000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04404000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x0456C000 \SystemRoot\system32\drivers\portcls.sys
0x045A7000 \SystemRoot\system32\drivers\drmk.sys
0x045CA000 \SystemRoot\system32\drivers\ksthunk.sys
0x03EAD000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x045D0000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x045DA000 \SystemRoot\System32\Drivers\Null.SYS
0x045E3000 \SystemRoot\System32\drivers\vga.sys
0x03EDE000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x045F1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x03F03000 \SystemRoot\system32\drivers\rdpencdd.sys
0x03F0C000 \SystemRoot\System32\Drivers\Msfs.SYS
0x03F17000 \SystemRoot\System32\Drivers\Npfs.SYS
0x03F28000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x04608000 \SystemRoot\System32\drivers\tcpip.sys
0x0477C000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x047A8000 \SystemRoot\system32\drivers\mfewfpk.sys
0x03F31000 \SystemRoot\system32\DRIVERS\tdx.sys
0x03F4E000 \SystemRoot\system32\DRIVERS\smb.sys
0x03F69000 \SystemRoot\System32\DRIVERS\netbt.sys
0x04804000 \SystemRoot\system32\drivers\afd.sys
0x0486F000 \SystemRoot\system32\DRIVERS\pacer.sys
0x0488D000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
0x0489E000 \SystemRoot\system32\DRIVERS\netbios.sys
0x048AD000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x048C8000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04915000 \SystemRoot\system32\drivers\nsiproxy.sys
0x04921000 \SystemRoot\System32\Drivers\dfsc.sys
0x0493E000 \SystemRoot\system32\drivers\mfeavfk.sys
0x0496B000 \SystemRoot\system32\drivers\mfefirek.sys
0x049D5000 \SystemRoot\System32\Drivers\crashdmp.sys
0x049E3000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x03FAD000 \SystemRoot\System32\Drivers\dump_nvstor64.sys
0x03FD8000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x049ED000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x00050000 \SystemRoot\System32\win32k.sys
0x049EF000 \SystemRoot\System32\drivers\Dxapi.sys
0x047EC000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00430000 \SystemRoot\System32\TSDDD.dll
0x00660000 \SystemRoot\System32\cdd.dll
0x02FDC000 \SystemRoot\system32\drivers\luafv.sys
0x08809000 \SystemRoot\system32\drivers\spsys.sys
0x088A3000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x088B7000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x088CF000 \SystemRoot\system32\drivers\HTTP.sys
0x08972000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0899B000 \SystemRoot\system32\DRIVERS\bowser.sys
0x089B9000 \SystemRoot\System32\drivers\mpsdrv.sys
0x089D3000 \SystemRoot\system32\drivers\mrxdav.sys
0x00D3D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x08C0B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x08C54000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x08C73000 \SystemRoot\System32\DRIVERS\srv2.sys
0x08CA5000 \SystemRoot\System32\DRIVERS\srv.sys
0x08D38000 \SystemRoot\system32\drivers\peauth.sys
0x08DEE000 \SystemRoot\System32\Drivers\secdrv.SYS
0x03FF0000 \SystemRoot\System32\drivers\tcpipreg.sys
0x09602000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x09622000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x09665000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
0x0967D000 \SystemRoot\system32\drivers\cfwids.sys
0x0968B000 \SystemRoot\system32\drivers\mfeapfk.sys
0x096B0000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77720000 \Windows\System32\ntdll.dll

Processes (total 76):
0 System Idle Process
4 System
592 C:\Windows\System32\smss.exe
660 csrss.exe
704 C:\Windows\System32\wininit.exe
732 csrss.exe
760 C:\Windows\System32\services.exe
776 C:\Windows\System32\lsass.exe
784 C:\Windows\System32\lsm.exe
860 C:\Windows\System32\winlogon.exe
964 C:\Windows\System32\svchost.exe
1012 C:\Windows\System32\nvvsvc.exe
336 C:\Windows\System32\svchost.exe
464 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
956 C:\Windows\System32\svchost.exe
1072 C:\Windows\System32\svchost.exe
1096 C:\Windows\System32\svchost.exe
1168 C:\Windows\System32\audiodg.exe
1192 C:\Windows\System32\svchost.exe
1212 C:\Windows\System32\SLsvc.exe
1236 C:\Windows\System32\svchost.exe
1452 C:\Windows\System32\rundll32.exe
1580 C:\Windows\System32\svchost.exe
1736 C:\Windows\System32\spoolsv.exe
1760 C:\Windows\System32\svchost.exe
1552 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1672 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1772 C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
1832 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
832 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
1124 C:\Windows\System32\rundll32.exe
1520 C:\Windows\SysWOW64\rundll32.exe
1112 C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
2092 C:\Program Files\Common Files\Motive\McciCMService.exe
2112 C:\Windows\System32\mfevtps.exe
2200 C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe
2224 C:\Windows\System32\svchost.exe
2240 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2280 C:\Windows\System32\svchost.exe
2320 C:\Windows\System32\svchost.exe
2336 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2392 C:\Windows\System32\SearchIndexer.exe
2460 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
2532 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2576 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
2764 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
2800 WUDFHost.exe
2564 C:\Windows\System32\dwm.exe
1376 C:\Windows\System32\taskeng.exe
756 C:\Windows\explorer.exe
3104 C:\Windows\System32\taskeng.exe
3164 C:\Windows\System32\taskeng.exe
3292 C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
3512 C:\Windows\System32\rundll32.exe
3528 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
3644 C:\Program Files\Microsoft Security Client\msseces.exe
3660 C:\Program Files\Windows Sidebar\sidebar.exe
3668 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
3676 C:\Windows\ehome\ehtray.exe
3924 C:\hp\support\hpsysdrv.exe
3940 C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
3964 C:\Program Files (x86)\iTunes\iTunesHelper.exe
3972 C:\Program Files\McAfee.com\Agent\mcagent.exe
3332 C:\Program Files\iPod\bin\iPodService.exe
220 C:\Windows\ehome\ehmsas.exe
3804 C:\Windows\System32\svchost.exe
3692 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
3420 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
4312 WmiPrvSE.exe
4412 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
3760 C:\Windows\System32\notepad.exe
4712 C:\Windows\System32\SearchProtocolHost.exe
3140 C:\Windows\System32\SearchFilterHost.exe
3016 dllhost.exe
4920 dllhost.exe
5080 C:\Users\Mom\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000071`35075200 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHD501LJ, Rev: CR10

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: CEFD837A02A1F4445A136688B10013AE4399C2CF


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
  • 0

#7
Homburg

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hello,

TDSSkiller has removed the main infection :)

I'd just like to check the MBR to make sure it's not infected.

Please do the following:


Step 1:


Run MBRCheck.exe once again.

You will be presented with the following dialog:

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Enter Y and press Enter.

The following dialog will be presented:

Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:


Enter 1 and press Enter

The following dialog will be presented:

Enter the physical disk number to fix (0-99, -1 to cancel):


Enter 0 and press Enter

The program will ask for the file name to dump to, type dump.dat and Press Enter. You should see a Dumped successfully message. Type -1 and press Enter twice to exit the program. Save the dump.dat file to your desktop.


Step 2:

Please attach the dump.dat file to your next post, before doing that you will need to zip it.
If you don't have a zip utility, you can download a free version for your 64bit Vista here

To attach a file:
How to add an attachment to a new topic or reply



Homburg
  • 0

#8
onnaday

onnaday

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi Homburg!

I am so glad to hear that we are heading in the right direction. I did not see a seperate dump.dat file other than the one that was automatically saved to the desktop. I hope it is the correct one.

Have a great day, and thanks so much for your efforts!

Onnaday

Attached Files


  • 0

#9
Homburg

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hi,
That was the MBRcheck text file that you attached. Did you get to the stage where it asked you where you wanted to save the file to? If so then it should be in the same location where you ran MBRcheck from. After you run MBRcheck don't forget to select Y when asked for other options.
Can you please try it again, it might be easier if you print the instructions :)

Homburg
  • 0

#10
onnaday

onnaday

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi Homburg,

I did follow your directions exactly but for some reason I do not get an option to save the dump.dat file. The program just closes after it is finished. Can I retrieve it by doing a search? I repeated the instructions again this evening and again did not get the option to save the file. The program does give a dialog box that dump.dat was successful, but does not give me an option to save it. Each of the dialog boxes in your post appear exactly as you show them.


:)

Edited by onnaday, 22 July 2011 - 10:13 PM.

  • 0

Advertisements


#11
Homburg

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hello,

You don't have to select a location to save to, when you get the dumped successful message it should be automatically saved wherever you saved the MBRcheck application :)

Can you search for it by clicking on the Start icon, then type dump.dat (assuming you named the file dump.dat) in the search box which appears just above the Start icon, click on Search Everywhere and this will open a search results window. If the location of the file is not shown then check the box beside where it says include non-indexed, hidden and system files make sure dump.dat is in the box beside name and click on search. This should then display where the file is.

Are you experiencing any problems now?

Homburg
  • 0

#12
onnaday

onnaday

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi Homburg!

I found it!!! However, I cannot zip it. 7-zip says it cannot compress or open it. The file location is SysWOW64. The other files for MBR check are automatically saved to the desktop. So sorry Homburg. I am not sure why? Could this be a virus still lurking?

The computer is running fine. There are no fake pop-ups. That being said, I have not been doing much online until you give me the all clear. I have avoided anything that requires a password in the event that the virus was tracking my passwords. I have not gone on my son's desktop settings yet. I will try that tonight to see if anything seems amiss.

I will wait to hear from you soon. Thanks for sticking with me!

Onnaday
  • 0

#13
Homburg

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hi,

We'll upload the file to be scanned online and also do a couple of more scans to check there's nothing else lurking on your system.

Can you please do the following:


Step 1:

  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Click the browse button next to the "Suspicious files to scan" box on the top of the page and browse to the file you found in the syswow64 folder:

    dump.dat
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button which is at the bottom of the page. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.


Step 2:

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediantly.


Step 3:

Please do another aswMBR scan as you done earlier.

Please remember to post:
Link to VirusTotal scan result
MalwareByte scan log
aswMBR scan log

Homburg
  • 0

#14
onnaday

onnaday

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi Homburg,

When I opened IE, it opened two IE windows with the exact same content. I am not sure if that is normal. I usually use Mozilla. I just thought I would mention that in case that is an indication of something awry.

The VirScan.org performed fine. It came back with no infections detected. However, when I clicked on "save to clipboard", nothing happened. Hmmmmmm.........not sure why? So, unfortunately I cannot post the link to the scan results.

MalwareByte did find an infection. Here are the two logs that you requested. As always, thanks for taking the time to help me.

Onnaday

aswMBR version 0.9.7.777 Copyright© 2011 AVAST Software
Run date: 2011-07-24 10:49:00
-----------------------------
10:49:00.348 OS Version: Windows x64 6.0.6002 Service Pack 2
10:49:00.349 Number of processors: 2 586 0x6B02
10:49:00.349 ComputerName: MOM-PC UserName: Mom
10:49:01.416 Initialize success
10:49:26.573 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000056
10:49:26.578 Disk 0 Vendor: SAMSUNG_ CR10 Size: 476940MB BusType: 3
10:49:26.589 Disk 0 MBR read successfully
10:49:26.594 Disk 0 MBR scan
10:49:26.600 Disk 0 unknown MBR code
10:49:26.608 Service scanning
10:49:27.828 Disk 0 trace - called modules:
10:49:27.838 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys storport.sys hal.dll nvstor64.sys
10:49:27.842 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800594c060]
10:49:27.845 3 CLASSPNP.SYS[fffffa60007b8c33] -> nt!IofCallDriver -> [0xfffffa8005678e40]
10:49:27.849 5 acpi.sys[fffffa60008fcfde] -> nt!IofCallDriver -> \Device\00000056[0xfffffa8004d0c060]
10:49:27.853 Scan finished successfully
10:50:30.514 Disk 0 MBR has been saved successfully to "C:\Users\Mom\Desktop\MBR.dat"
10:50:30.522 The log file has been saved successfully to "C:\Users\Mom\Desktop\aswMBR.txt"


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7262

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

7/24/2011 10:34:18 AM
mbam-log-2011-07-24 (10-34-18).txt

Scan type: Quick scan
Objects scanned: 214411
Time elapsed: 5 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\chris.mom-pc\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
  • 0

#15
Homburg

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hello onnaday,

Your PC is now clean :)

First we'll remove the tools that we've used then look at preventing getting infected again. It's important to remove the tools as it also removes the malware that we currently have quarantined.

Please do the following:

Reset SR Points/Clean up with OTL:
  • Double-click OTL to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Commands
    [ClearAllRestorePoints]
  • Return to OTL, right-click in the Custom Scans/Fixes window and choose Paste.
  • Then click the Run Fix button.
  • Let the program run unhindered. When finished click on OK and close the log that appears.
  • Note: I do not need to review the log produced.
  • Now close all other programs apart from OTL as this step will require a reboot.
  • On the OTL main screen, depress the CleanUp button.
  • Say Yes to the prompt and then allow the program to reboot your computer.

The above process will flush old System Restore Points and create a new clean one.


Next

Please delete aswMBR and any remaining logs from your desktop.


1. Protection Now that you are clean, to help protect your computer in the future I recommend that you download the following free programs:

SpywareBlaster to help prevent spyware from installing in the first place. It also consumes no system resources.
SpywareGuard to catch and block spyware before it can execute. It offers real time protection.
MalwareBytes to remove any malware that might slip the net and get through. I recommend that you run this at least once a week.

2. Windows Updates.

It is essential that you regularly check and install the latest Windows Updates. Vulnerabilities within Windows can leave your computer open to infection. Regular updates are released to fix these security vulnerabilities. I recommend that you set Windows to check, download and install your updates automatically.

Click Start
Select Control Panel
Click on Automatic (recommended)
Set the day and time for the update check. Set this to a time when your computer will normally be on and connected to the internet.
Click Apply then OK.

3. JAVA updates.
As with Windows, Java also needs to be regularly updated to fix security vulnerabilities. You can download the latest version of the Java Runtime Environment (JRE) from here. Download, install and reboot your computer. You also need to uininstall older versions of Java.

Click Start
Select Control Panel
Select Add or Remove Programs
Remove all Java updates except the latest one you have just installed.

4. Adobe updates.
You should ensure you use the latest Adobe Acrobat Reader and install any security updates that are released. Older versions are susceptible to attack. You can download the latest reader and updates from here.

5. Firewall and antivirus.
A firewall is essential to stop hackers infiltrating your computer, if you are not using one then the following firewalls are free for personal use. Do not install more than one firewall.

Zone Alarm is an excellent free basic firewall which is very easy to use.
Online Armor is a more advanced firewall which includes a Host Intrusion Protection System (HIPS).
Comodo is a combined firewall and anti virus.

It is essential that you have an antivirus program installed on your computer. An Anti-Virus program protects your computer from many common viruses and trojans which can be deadly for your system. The following antivirus programs are free for personal use and you should install one if you are not using one. Do not install more than one antivirus.

AVG
Avira Free
Avast


To learn more about how to protect yourself while on the internet you might like to read this GeeksToGo article. This covers some of the safety measures that I've included and also some more.

Thanks for sticking with it to the end :unsure:

Happy surfing and stay safe :yes:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP