Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

OTL Log for Google Redirect Virus

Started by redleader74 , Nov 10 2011 05:14 PM

  • Please log in to reply

#1
redleader74
Posted 10 November 2011 - 05:14 PM

redleader74

    Member

  • Member
  • PipPipPip
  • 195 posts
My computer has been infected with a Google Redirect virus. Basically, when I do searches in Google and click on the resultant links, I get sent to all sorts of different websites. I have followed the steps outlines in this procedure:

http://www.geekstogo...ogle-redirects/

However, it did not get rid of the problem. I did not encounter any problems while following the steps, except for the need to reboot, and the TDSSKiller step did not yield any problems. So I'm now following this procedure:

http://www.geekstogo...cleaning-guide/

Below is my OTL Log:

OTL logfile created on: 11/10/2011 2:54:32 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Stacey Yee\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.09 Mb Total Physical Memory | 167.04 Mb Available Physical Memory | 16.34% Memory free
2.40 Gb Paging File | 1.54 Gb Available in Paging File | 64.07% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.72 Gb Total Space | 55.87 Gb Free Space | 79.00% Space Free | Partition Type: NTFS

Computer Name: STAT002 | User Name: Stacey Yee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/10 14:53:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stacey Yee\Desktop\OTL.exe
PRC - [2011/10/06 15:41:16 | 000,166,024 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/09/16 17:38:10 | 001,318,552 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/09/02 05:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/08/19 14:59:30 | 000,148,520 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2011/08/19 14:55:34 | 000,160,344 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011/08/15 05:49:50 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/08/10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2009/05/21 09:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/08 23:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/10/19 09:31:02 | 000,102,400 | ---- | M] (SHARP CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\IN0XRCV.exe
PRC - [2005/09/08 03:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/06/17 05:55:58 | 000,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/12 02:02:35 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_67037e2b\mscorlib.dll
MOD - [2011/10/12 02:02:19 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_cfb8707d\system.xml.dll
MOD - [2011/10/12 02:01:42 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_fecadeeb\system.dll
MOD - [2011/10/12 02:01:26 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2011/10/11 13:50:10 | 000,193,904 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
MOD - [2011/10/11 13:50:08 | 000,210,288 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
MOD - [2011/08/11 12:36:48 | 000,508,776 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw
MOD - [2011/07/21 13:59:08 | 000,589,184 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2011/07/21 13:59:08 | 000,430,568 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Viprebridge.dll
MOD - [2011/07/21 13:59:08 | 000,308,560 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll
MOD - [2009/02/13 11:44:56 | 000,071,696 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\mcfrmwk.dll
MOD - [2009/02/13 11:44:52 | 000,207,376 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\cntscan.dll
MOD - [2009/02/13 11:44:52 | 000,117,264 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\apengine.dll
MOD - [2007/07/12 21:33:58 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2004/08/11 15:23:22 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2002/11/26 13:43:18 | 000,106,496 | ---- | M] () -- C:\WINDOWS\system32\BrMuSNMP.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/10/06 15:41:16 | 000,166,024 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/09/02 05:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/08/19 14:59:30 | 000,148,520 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2011/08/19 14:55:34 | 000,160,344 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011/08/10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/06/23 14:22:58 | 000,361,712 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/08/08 23:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2005/06/17 05:55:58 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel®


========== Driver Services (SafeList) ==========

DRV - [2011/08/15 09:00:06 | 000,461,864 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/08/15 09:00:06 | 000,338,040 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/08/15 09:00:06 | 000,180,072 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/08/15 09:00:06 | 000,119,808 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/08/15 09:00:06 | 000,089,624 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/08/15 09:00:06 | 000,087,808 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/08/15 09:00:06 | 000,083,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011/08/15 09:00:06 | 000,083,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011/08/15 09:00:06 | 000,059,288 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/08/15 09:00:06 | 000,057,432 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/07/21 13:59:08 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/03/04 10:15:44 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/11/16 19:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/09/08 03:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 03:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 03:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 03:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 03:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 03:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 03:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 10:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 10:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/04 02:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/11/17 19:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 19:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 19:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co...=en&client=dell
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.co...=en&client=dell

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=en&client=dell
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.1.*;127.0.0.*;10.1.10.*;169.254.58.*

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.4.0
FF - prefs.js..keyword.URL: "http://search.yahoo....h?fr=mcafee&p="
FF - prefs.js..network.proxy.no_proxies_on: "192.168.1.*,127.0.0.*"

FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/11/10 10:44:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/12 21:22:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/28 09:25:20 | 000,000,000 | ---D | M]

[2010/06/22 09:26:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stacey Yee\Application Data\Mozilla\Extensions
[2011/08/11 12:33:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stacey Yee\Application Data\Mozilla\Firefox\Profiles\o3xpom4y.default\extensions
[2010/06/22 09:25:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/04/01 10:22:29 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/11/10 10:44:09 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2011/04/14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2011/02/19 10:10:17 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2011/11/10 14:33:08 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111011120939.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll (Google)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IN0XRCV] C:\WINDOWS\system32\spool\drivers\w32x86\3\IN0XRCV.exe (SHARP CORPORATION)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html File not found
O15 - HKLM\..Trusted Domains: travelers.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: travelers.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: travelerspc.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: travelerspc.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: travelers.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: travelers.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: travelers.com ([agenthq] https in Trusted sites)
O15 - HKCU\..Trusted Domains: travelerspc.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: travelerspc.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([https] in Trusted sites)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} http://tcupload.appl...oad/XUpload.ocx (Persits Software XUpload)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05BAD38D-77A6-4932-B9EE-30B314248148}: DhcpNameServer = 10.1.10.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sds {79E0F14C-9C52-4218-89A7-7C4B0563D121} - C:\Program Files\Oce\Desktop Document Manager\ExplorerExtensions.dll (SHARP CORPORATION)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\mdhcp32: DllName - (mdhcp32.dll) - File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 15:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/10 14:53:33 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Stacey Yee\Desktop\OTL.exe
[2011/11/10 14:44:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/11/10 14:42:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stacey Yee\Desktop\tdsskiller
[2011/11/10 14:42:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stacey Yee\Desktop\GooredFix Backups
[2011/11/10 14:41:36 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Stacey Yee\Desktop\GooredFix.exe
[2011/11/10 14:32:47 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/11/10 14:31:35 | 000,523,264 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Stacey Yee\Desktop\OTM.exe
[2011/11/10 14:29:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stacey Yee\Desktop\11-10-2011
[2011/10/28 09:12:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[5 C:\Documents and Settings\Stacey Yee\My Documents\*.tmp files -> C:\Documents and Settings\Stacey Yee\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/10 14:53:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stacey Yee\Desktop\OTL.exe
[2011/11/10 14:42:39 | 001,545,505 | ---- | M] () -- C:\Documents and Settings\Stacey Yee\Desktop\tdsskiller.zip
[2011/11/10 14:41:59 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Stacey Yee\Desktop\GooredFix.exe
[2011/11/10 14:39:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/10 14:39:28 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/11/10 14:39:00 | 000,000,312 | -HS- | M] () -- C:\WINDOWS\tasks\iljkaqd.job
[2011/11/10 14:38:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/10 14:38:54 | 1071,812,608 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/10 14:33:08 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/11/10 14:31:52 | 000,523,264 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stacey Yee\Desktop\OTM.exe
[2011/11/10 14:28:18 | 000,001,960 | ---- | M] () -- C:\Documents and Settings\Stacey Yee\Desktop\NTREGOPT.LOC
[2011/11/10 14:28:17 | 000,163,328 | ---- | M] () -- C:\Documents and Settings\Stacey Yee\Desktop\ERDNT.E_E
[2011/11/10 14:28:17 | 000,157,696 | ---- | M] () -- C:\Documents and Settings\Stacey Yee\Desktop\ERUNT.EXE
[2011/11/10 14:28:17 | 000,140,288 | ---- | M] () -- C:\Documents and Settings\Stacey Yee\Desktop\NTREGOPT.EXE
[2011/11/10 14:28:17 | 000,005,417 | ---- | M] () -- C:\Documents and Settings\Stacey Yee\Desktop\LOC_GER.ZIP
[2011/11/10 14:28:17 | 000,004,090 | ---- | M] () -- C:\Documents and Settings\Stacey Yee\Desktop\ERUNT.LOC
[2011/11/10 14:28:17 | 000,003,275 | ---- | M] () -- C:\Documents and Settings\Stacey Yee\Desktop\ERDNTWIN.LOC
[2011/11/10 14:28:17 | 000,002,815 | ---- | M] () -- C:\Documents and Settings\Stacey Yee\Desktop\ERDNTDOS.LOC
[2011/11/10 14:28:16 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\Stacey Yee\Desktop\AUTOBACK.EXE
[2011/11/10 14:25:26 | 000,000,426 | ---- | M] () -- C:\WINDOWS\brwmark.ini
[2011/11/10 13:37:20 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/11/10 13:37:20 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/11/10 10:12:46 | 000,039,240 | ---- | M] () -- C:\Documents and Settings\Stacey Yee\My Documents\2011-11-10 Wai La.pdf
[2011/11/09 15:06:48 | 000,069,708 | ---- | M] () -- C:\Documents and Settings\Stacey Yee\My Documents\2011-11-09 Daniel Doan.pdf
[2011/11/09 09:25:43 | 000,399,522 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/09 09:25:43 | 000,061,188 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/09 09:23:21 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\crt.dat
[2011/11/04 13:47:20 | 001,083,829 | ---- | M] () -- C:\Documents and Settings\Stacey Yee\My Documents\2011-11-04 LIG_Proposal[2].pdf
[2011/11/04 09:04:14 | 001,801,249 | ---- | M] () -- C:\Documents and Settings\Stacey Yee\My Documents\Blue Cross viewer.pdf
[2011/11/02 13:09:39 | 000,033,426 | ---- | M] () -- C:\Documents and Settings\Stacey Yee\My Documents\2011-11-02 Dale Oliver Umbrella.pdf
[2011/10/31 08:17:36 | 000,296,286 | ---- | M] () -- C:\WINDOWS\System32\shimg.dll
[2011/10/28 09:25:21 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/10/26 11:32:09 | 000,070,656 | RHS- | M] () -- C:\WINDOWS\System32\Odbcjetq.dll
[2011/10/26 11:29:16 | 000,014,592 | ---- | M] () -- C:\Documents and Settings\Stacey Yee\Desktop\0.983808242934434.exe
[2011/10/26 10:03:58 | 000,340,794 | ---- | M] () -- C:\Documents and Settings\Stacey Yee\My Documents\2011-10-26 Frank Ma Inspection.pdf
[2011/10/25 16:29:54 | 000,033,520 | ---- | M] () -- C:\Documents and Settings\Stacey Yee\My Documents\2011-10-25 LIG_AcordForm[1].pdf
[2011/10/25 09:46:19 | 000,033,781 | ---- | M] () -- C:\Documents and Settings\Stacey Yee\My Documents\2011-10-25 Chu Umbrealla Quote.htm
[2011/10/24 14:15:04 | 000,126,884 | ---- | M] () -- C:\Documents and Settings\Stacey Yee\My Documents\2011-10-24 Fariview LIG_AcordForm[1].pdf
[2011/10/24 14:14:31 | 001,099,294 | ---- | M] () -- C:\Documents and Settings\Stacey Yee\My Documents\2011-10-24 Fairview LIG_Proposal[1].pdf
[2011/10/24 08:21:26 | 000,110,910 | ---- | M] () -- C:\Documents and Settings\Stacey Yee\My Documents\2011-10-24CLBillingInvoiceCopiesEventSource.pdf
[2011/10/20 09:44:23 | 000,222,104 | ---- | M] () -- C:\Documents and Settings\Stacey Yee\My Documents\2011-10-20 HomeownersApplication[1].pdf
[2011/10/12 02:23:15 | 000,196,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/12 02:06:24 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[5 C:\Documents and Settings\Stacey Yee\My Documents\*.tmp files -> C:\Documents and Settings\Stacey Yee\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/10 14:42:34 | 001,545,505 | ---- | C] () -- C:\Documents and Settings\Stacey Yee\Desktop\tdsskiller.zip
[2011/11/10 10:12:37 | 000,039,240 | ---- | C] () -- C:\Documents and Settings\Stacey Yee\My Documents\2011-11-10 Wai La.pdf
[2011/11/09 15:06:48 | 000,069,708 | ---- | C] () -- C:\Documents and Settings\Stacey Yee\My Documents\2011-11-09 Daniel Doan.pdf
[2011/11/04 13:47:20 | 001,083,829 | ---- | C] () -- C:\Documents and Settings\Stacey Yee\My Documents\2011-11-04 LIG_Proposal[2].pdf
[2011/11/04 09:04:14 | 001,801,249 | ---- | C] () -- C:\Documents and Settings\Stacey Yee\My Documents\Blue Cross viewer.pdf
[2011/11/02 13:09:33 | 000,033,426 | ---- | C] () -- C:\Documents and Settings\Stacey Yee\My Documents\2011-11-02 Dale Oliver Umbrella.pdf
[2011/10/28 09:25:20 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/10/28 09:25:20 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/10/26 11:32:11 | 000,000,312 | -HS- | C] () -- C:\WINDOWS\tasks\iljkaqd.job
[2011/10/26 11:32:09 | 000,070,656 | RHS- | C] () -- C:\WINDOWS\System32\Odbcjetq.dll
[2011/10/26 11:31:53 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\crt.dat
[2011/10/26 11:31:43 | 000,296,286 | ---- | C] () -- C:\WINDOWS\System32\shimg.dll
[2011/10/26 11:29:12 | 000,014,592 | ---- | C] () -- C:\Documents and Settings\Stacey Yee\Desktop\0.983808242934434.exe
[2011/10/26 10:03:58 | 000,340,794 | ---- | C] () -- C:\Documents and Settings\Stacey Yee\My Documents\2011-10-26 Frank Ma Inspection.pdf
[2011/10/25 16:29:55 | 000,033,520 | ---- | C] () -- C:\Documents and Settings\Stacey Yee\My Documents\2011-10-25 LIG_AcordForm[1].pdf
[2011/10/25 09:46:19 | 000,033,781 | ---- | C] () -- C:\Documents and Settings\Stacey Yee\My Documents\2011-10-25 Chu Umbrealla Quote.htm
[2011/10/24 14:15:04 | 000,126,884 | ---- | C] () -- C:\Documents and Settings\Stacey Yee\My Documents\2011-10-24 Fariview LIG_AcordForm[1].pdf
[2011/10/24 14:14:31 | 001,099,294 | ---- | C] () -- C:\Documents and Settings\Stacey Yee\My Documents\2011-10-24 Fairview LIG_Proposal[1].pdf
[2011/10/24 08:21:26 | 000,110,910 | ---- | C] () -- C:\Documents and Settings\Stacey Yee\My Documents\2011-10-24CLBillingInvoiceCopiesEventSource.pdf
[2011/10/20 09:36:10 | 000,222,104 | ---- | C] () -- C:\Documents and Settings\Stacey Yee\My Documents\2011-10-20 HomeownersApplication[1].pdf
[2011/08/15 08:07:38 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/08/15 08:07:38 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/08/11 15:40:50 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/08/11 10:36:26 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/12/17 16:21:36 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Stacey Yee\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/31 13:19:12 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/02/13 15:28:33 | 000,375,230 | ---- | C] () -- C:\Documents and Settings\Stacey Yee\Application Data\fontlst2.opf
[2008/02/25 15:46:22 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\uin0x.dll
[2008/02/25 15:46:22 | 000,000,142 | ---- | C] () -- C:\WINDOWS\System32\Uin0xMsg.dat
[2008/01/15 16:21:26 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\IN0FLMON.dat
[2008/01/15 16:20:56 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\IN0ELMON.dat
[2008/01/15 16:20:50 | 000,196,696 | ---- | C] () -- C:\WINDOWS\_isusr32.dll
[2008/01/15 16:20:41 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\uin0.dll
[2008/01/15 16:20:41 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\_isusr2k.dll
[2008/01/15 16:20:41 | 000,000,142 | ---- | C] () -- C:\WINDOWS\System32\Uin0Msg.dat
[2008/01/15 16:20:33 | 000,000,395 | ---- | C] () -- C:\WINDOWS\System32\SCN2PM.DAT
[2007/11/27 09:37:01 | 000,000,053 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2007/11/27 09:37:01 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2007/11/26 11:01:29 | 000,001,147 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2007/11/26 11:01:29 | 000,000,426 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2007/11/26 11:01:29 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2007/11/26 11:01:29 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\BD7820N.dat
[2007/11/26 11:01:29 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2007/11/26 11:01:02 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2007/11/26 11:00:57 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2007/11/26 11:00:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2007/11/26 09:24:03 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2007/11/26 09:23:55 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2007/11/26 09:16:32 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2007/11/23 15:00:40 | 000,001,084 | ---- | C] () -- C:\WINDOWS\DKAAP2DD.ini
[2006/09/19 10:22:21 | 000,000,690 | ---- | C] () -- C:\WINDOWS\LPWFSC.INI
[2006/08/14 08:27:48 | 000,000,165 | ---- | C] () -- C:\WINDOWS\fsc.INI
[2006/04/25 09:20:57 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/04/25 09:20:57 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\62461F16AF.sys
[2006/04/04 12:09:55 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\reboin01.exe
[2006/03/18 15:03:36 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006/03/18 15:03:19 | 000,000,149 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2006/03/18 15:02:30 | 000,000,694 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2006/03/04 10:27:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/04 10:21:31 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/03/04 10:19:06 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/03/04 10:15:05 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/03/04 10:13:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/04 09:48:10 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/03/04 09:48:02 | 000,095,617 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/03/04 09:47:28 | 000,000,393 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 06:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/04/06 14:58:45 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\OMNI2UI.DLL
[2004/08/11 15:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 15:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 15:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 15:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 15:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 15:06:43 | 000,196,160 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 15:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 15:00:28 | 000,399,522 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 15:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 15:00:28 | 000,061,188 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 15:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 15:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 15:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 15:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 15:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 15:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 15:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 15:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/07 13:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1997/11/21 18:03:20 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[1997/09/30 14:30:02 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL

========== LOP Check ==========

[2009/02/13 15:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Desktop Document Manager
[2009/04/01 09:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MCA23C.tmp
[2009/02/13 15:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sharp
[2008/09/06 09:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2006/03/04 10:15:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/09/19 10:23:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stacey Yee\Application Data\1.0.0.0
[2009/04/04 10:38:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stacey Yee\Application Data\Desktop Document Manager
[2009/02/20 17:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stacey Yee\Application Data\Image Zone Express
[2006/07/26 16:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stacey Yee\Application Data\Leadertech
[2008/02/25 15:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stacey Yee\Application Data\Oce
[2011/08/11 12:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stacey Yee\Application Data\Sammsoft
[2011/08/11 10:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stacey Yee\Application Data\ScanSoft
[2011/11/10 14:39:28 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/11/10 14:39:00 | 000,000,312 | -HS- | M] () -- C:\WINDOWS\Tasks\iljkaqd.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
RKinner
Posted 17 November 2011 - 10:31 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c 


:processes
killallprocesses

:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O20 - Winlogon\Notify\mdhcp32: DllName - (mdhcp32.dll) - File not found
[2011/10/26 11:32:11 | 000,000,312 | -HS- | C] () -- C:\WINDOWS\tasks\iljkaqd.job
[2011/10/26 11:32:09 | 000,070,656 | RHS- | C] () -- C:\WINDOWS\System32\Odbcjetq.dll

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

:Commands
[RESETHOSTS]
[EMPTYJAVA]
[EMPTYFLASH]
[purity]
[Reboot]

Close all Programs and pause your antivirus
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.



Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Ron
  • 0

#3
redleader74
Posted 21 November 2011 - 05:15 PM

redleader74

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 195 posts
Thanks!!

Ok, I went through all the next steps and here are the logs that were generated:

OTL LOG
========== PROCESSES ==========
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mdhcp32\ deleted successfully.
C:\WINDOWS\tasks\iljkaqd.job moved successfully.
C:\WINDOWS\system32\Odbcjetq.dll moved successfully.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
F:\cmd.bat deleted successfully.
F:\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
F:\cmd.bat deleted successfully.
F:\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
F:\cmd.bat deleted successfully.
F:\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
F:\cmd.bat deleted successfully.
F:\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Stacey Yee
->Java cache emptied: 4832 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

User: Stacey Yee
->Flash cache emptied: 1402 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 11212011_132658

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

MALWAREBYTES LOG


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8211

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/21/2011 2:00:39 PM
mbam-log-2011-11-21 (14-00-39).txt

Scan type: Quick scan
Objects scanned: 181026
Time elapsed: 8 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\stacey yee\Desktop\0.983808242934434.exe (Malware.Packer) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\crt.dat (Malware.Trace) -> Quarantined and deleted successfully.


COMBOFIX LOG

ComboFix 11-11-21.01 - Stacey Yee 11/21/2011 14:23:42.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.587 [GMT -8:00]
Running from: c:\documents and settings\Stacey Yee\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Stacey Yee\g2mdlhlpx.exe
c:\documents and settings\Stacey Yee\My Documents\~WRL0002.tmp
c:\documents and settings\Stacey Yee\My Documents\~WRL0004.tmp
c:\documents and settings\Stacey Yee\My Documents\~WRL0497.tmp
c:\documents and settings\Stacey Yee\My Documents\~WRL1245.tmp
c:\documents and settings\Stacey Yee\My Documents\~WRL3858.tmp
c:\windows\dasetup.log
c:\windows\system32\shimg.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-10-21 to 2011-11-21 )))))))))))))))))))))))))))))))
.
.
2011-11-21 21:37 . 2011-11-21 21:37 -------- d-----w- c:\documents and settings\Stacey Yee\Application Data\Malwarebytes
2011-11-21 21:37 . 2011-11-21 21:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-11-21 21:37 . 2011-11-21 21:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-21 21:37 . 2011-09-01 01:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-10 22:32 . 2011-11-10 22:32 -------- d-----w- C:\_OTM
2011-10-28 17:36 . 2011-10-28 17:36 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-10-28 17:12 . 2011-10-28 17:17 -------- d-----w- c:\windows\SxsCaPendDel
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 14:22 . 2004-08-11 23:12 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2004-08-11 23:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 18:41 . 2011-09-26 18:41 611328 ------w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41 . 2004-08-11 23:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41 . 2004-08-11 23:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20 . 2004-08-11 23:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-04-14 21:01 . 2010-07-27 19:24 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"IN0XRCV"="c:\windows\system32\spool\drivers\w32x86\3\IN0XRCV.exe" [2006-10-19 102400]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-17 1318552]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-03-04 98304]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
Ime File REG_SZ GOOGLEPINYIN2.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
2004-11-12 06:00 864256 ------w- c:\program files\Brother\ControlCenter2\brctrcen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 18:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 17:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 09:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 16:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FtpServer.exe]
2006-12-01 20:38 692224 ----a-w- c:\program files\Oce\Desktop Document Manager\FTPServer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Pinyin 2 Autoupdater]
2011-07-07 17:20 1160760 ----a-w- c:\program files\Google\Google Pinyin 2\GooglePinyinDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2005-06-17 13:56 139264 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexTray]
2006-12-05 19:02 106496 ----a-w- c:\program files\Oce\Desktop Document Manager\IndexTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 16:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 16:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-03-04 18:15 98304 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2006-03-04 18:15 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SharpTray]
2006-12-05 19:13 32768 ----a-w- c:\program files\Oce\Desktop Document Manager\SharpTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2005-03-23 05:20 339968 ----a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-04-01 18:22 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TypeRegChecker]
2006-12-05 19:04 57344 ----a-w- c:\program files\Oce\Desktop Document Manager\TypeRegChecker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/11/2011 12:35 PM 64512]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [7/27/2010 11:24 AM 89624]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [4/1/2009 9:57 AM 94880]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/27/2010 11:24 AM 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [7/27/2010 11:24 AM 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [7/27/2010 11:24 AM 160344]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [7/27/2010 11:24 AM 148520]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [7/27/2010 11:24 AM 57432]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [7/27/2010 11:24 AM 338040]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [7/27/2010 11:24 AM 83688]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/21/2011 1:59 PM 2152152]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [7/27/2010 11:24 AM 83688]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [7/27/2010 11:24 AM 87808]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-07-21 07:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = 192.168.1.*;127.0.0.*;10.1.10.*;169.254.58.*
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
Trusted Zone: travelers.com
Trusted Zone: travelers.com\agenthq
Trusted Zone: travelerspc.com
Trusted Zone: travelers.com
Trusted Zone: travelerspc.com
TCP: DhcpNameServer = 10.1.10.1
FF - ProfilePath - c:\documents and settings\Stacey Yee\Application Data\Mozilla\Firefox\Profiles\o3xpom4y.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: McAfee SiteAdvisor: {4ED1F68A-5463-4931-9384-8FFF5ED91D92} - c:\program files\McAfee\SiteAdvisor
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
MSConfigStartUp-Corel Photo Downloader - c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe
MSConfigStartUp-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe
MSConfigStartUp-IndexSearch - c:\program files\ScanSoft\PaperPort\IndexSearch.exe
MSConfigStartUp-Microsoft Default Manager - c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
MSConfigStartUp-MimBoot - c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe
MSConfigStartUp-PaperPort PTD - c:\program files\ScanSoft\PaperPort\pptd40nt.exe
MSConfigStartUp-SSBkgdUpdate - c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-McAfee Uninstall Utility - c:\progra~1\McAfee.com\Shared\mcappins.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-21 14:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-11-21 14:33:01
ComboFix-quarantined-files.txt 2011-11-21 22:32
.
Pre-Run: 59,371,245,568 bytes free
Post-Run: 59,581,583,360 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - BC5C01313927EA4EEC413E053C1C48C2


TDSSKILLER LOG

14:38:27.0109 1540 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
14:38:27.0906 1540 ============================================================
14:38:27.0906 1540 Current date / time: 2011/11/21 14:38:27.0906
14:38:27.0906 1540 SystemInfo:
14:38:27.0906 1540
14:38:27.0906 1540 OS Version: 5.1.2600 ServicePack: 3.0
14:38:27.0906 1540 Product type: Workstation
14:38:27.0906 1540 ComputerName: STAT002
14:38:27.0906 1540 UserName: Stacey Yee
14:38:27.0906 1540 Windows directory: C:\WINDOWS
14:38:27.0906 1540 System windows directory: C:\WINDOWS
14:38:27.0906 1540 Processor architecture: Intel x86
14:38:27.0906 1540 Number of processors: 2
14:38:27.0906 1540 Page size: 0x1000
14:38:27.0906 1540 Boot type: Normal boot
14:38:27.0906 1540 ============================================================
14:38:28.0140 1540 Initialize success
14:38:42.0109 2220 ============================================================
14:38:42.0109 2220 Scan started
14:38:42.0109 2220 Mode: Manual;
14:38:42.0109 2220 ============================================================
14:38:42.0312 2220 Abiosdsk - ok
14:38:42.0375 2220 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
14:38:42.0375 2220 abp480n5 - ok
14:38:42.0406 2220 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:38:42.0406 2220 ACPI - ok
14:38:42.0453 2220 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:38:42.0453 2220 ACPIEC - ok
14:38:42.0500 2220 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
14:38:42.0500 2220 adpu160m - ok
14:38:42.0515 2220 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:38:42.0515 2220 aec - ok
14:38:42.0562 2220 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
14:38:42.0562 2220 AFD - ok
14:38:42.0593 2220 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
14:38:42.0593 2220 agp440 - ok
14:38:42.0609 2220 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
14:38:42.0609 2220 agpCPQ - ok
14:38:42.0640 2220 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
14:38:42.0640 2220 Aha154x - ok
14:38:42.0656 2220 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
14:38:42.0656 2220 aic78u2 - ok
14:38:42.0671 2220 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
14:38:42.0671 2220 aic78xx - ok
14:38:42.0703 2220 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
14:38:42.0703 2220 AliIde - ok
14:38:42.0734 2220 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
14:38:42.0734 2220 alim1541 - ok
14:38:42.0750 2220 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
14:38:42.0750 2220 amdagp - ok
14:38:42.0781 2220 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
14:38:42.0781 2220 amsint - ok
14:38:42.0796 2220 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
14:38:42.0796 2220 asc - ok
14:38:42.0812 2220 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
14:38:42.0812 2220 asc3350p - ok
14:38:42.0843 2220 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
14:38:42.0843 2220 asc3550 - ok
14:38:42.0906 2220 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
14:38:42.0906 2220 ASCTRM - ok
14:38:42.0937 2220 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:38:42.0953 2220 AsyncMac - ok
14:38:42.0953 2220 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:38:42.0953 2220 atapi - ok
14:38:42.0968 2220 Atdisk - ok
14:38:43.0046 2220 ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:38:43.0046 2220 ati2mtag - ok
14:38:43.0078 2220 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:38:43.0078 2220 Atmarpc - ok
14:38:43.0171 2220 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:38:43.0171 2220 audstub - ok
14:38:43.0218 2220 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:38:43.0218 2220 Beep - ok
14:38:43.0265 2220 bvrp_pci - ok
14:38:43.0375 2220 catchme - ok
14:38:43.0421 2220 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
14:38:43.0421 2220 cbidf - ok
14:38:43.0437 2220 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:38:43.0437 2220 cbidf2k - ok
14:38:43.0468 2220 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
14:38:43.0468 2220 cd20xrnt - ok
14:38:43.0500 2220 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:38:43.0500 2220 Cdaudio - ok
14:38:43.0546 2220 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:38:43.0562 2220 Cdfs - ok
14:38:43.0562 2220 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:38:43.0562 2220 Cdrom - ok
14:38:43.0593 2220 cfwids (142e4e00ad91600a2d20692ed52fafc8) C:\WINDOWS\system32\drivers\cfwids.sys
14:38:43.0593 2220 cfwids - ok
14:38:43.0609 2220 Changer - ok
14:38:43.0640 2220 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
14:38:43.0640 2220 CmdIde - ok
14:38:43.0671 2220 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
14:38:43.0671 2220 Cpqarray - ok
14:38:43.0703 2220 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
14:38:43.0703 2220 dac2w2k - ok
14:38:43.0703 2220 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
14:38:43.0718 2220 dac960nt - ok
14:38:43.0750 2220 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:38:43.0750 2220 Disk - ok
14:38:43.0812 2220 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
14:38:43.0812 2220 DLABOIOM - ok
14:38:43.0812 2220 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
14:38:43.0812 2220 DLACDBHM - ok
14:38:43.0828 2220 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
14:38:43.0828 2220 DLADResN - ok
14:38:43.0843 2220 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
14:38:43.0843 2220 DLAIFS_M - ok
14:38:43.0859 2220 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
14:38:43.0859 2220 DLAOPIOM - ok
14:38:43.0875 2220 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
14:38:43.0875 2220 DLAPoolM - ok
14:38:43.0890 2220 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
14:38:43.0890 2220 DLARTL_N - ok
14:38:43.0890 2220 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
14:38:43.0890 2220 DLAUDFAM - ok
14:38:43.0906 2220 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
14:38:43.0906 2220 DLAUDF_M - ok
14:38:43.0968 2220 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:38:43.0968 2220 dmboot - ok
14:38:44.0015 2220 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:38:44.0015 2220 dmio - ok
14:38:44.0015 2220 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:38:44.0015 2220 dmload - ok
14:38:44.0046 2220 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:38:44.0046 2220 DMusic - ok
14:38:44.0093 2220 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
14:38:44.0093 2220 dpti2o - ok
14:38:44.0140 2220 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:38:44.0140 2220 drmkaud - ok
14:38:44.0156 2220 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
14:38:44.0156 2220 DRVMCDB - ok
14:38:44.0171 2220 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
14:38:44.0171 2220 DRVNDDM - ok
14:38:44.0375 2220 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
14:38:44.0375 2220 DSproct - ok
14:38:44.0421 2220 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
14:38:44.0437 2220 dsunidrv - ok
14:38:44.0468 2220 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
14:38:44.0468 2220 E100B - ok
14:38:44.0515 2220 e1express (5b75bbf89d8341f424171df7ad9dc465) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
14:38:44.0515 2220 e1express - ok
14:38:44.0546 2220 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:38:44.0546 2220 Fastfat - ok
14:38:44.0593 2220 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:38:44.0593 2220 Fdc - ok
14:38:44.0625 2220 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:38:44.0625 2220 Fips - ok
14:38:44.0656 2220 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:38:44.0656 2220 Flpydisk - ok
14:38:44.0687 2220 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:38:44.0687 2220 FltMgr - ok
14:38:44.0703 2220 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:38:44.0703 2220 Fs_Rec - ok
14:38:44.0718 2220 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:38:44.0718 2220 Ftdisk - ok
14:38:44.0734 2220 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:38:44.0734 2220 Gpc - ok
14:38:44.0765 2220 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:38:44.0781 2220 HDAudBus - ok
14:38:44.0796 2220 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:38:44.0796 2220 HidUsb - ok
14:38:44.0828 2220 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
14:38:44.0828 2220 hpn - ok
14:38:44.0843 2220 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
14:38:44.0843 2220 HSFHWBS2 - ok
14:38:44.0890 2220 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
14:38:44.0906 2220 HSF_DP - ok
14:38:44.0937 2220 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:38:44.0937 2220 HTTP - ok
14:38:44.0953 2220 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
14:38:44.0968 2220 i2omgmt - ok
14:38:45.0000 2220 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
14:38:45.0000 2220 i2omp - ok
14:38:45.0000 2220 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:38:45.0000 2220 i8042prt - ok
14:38:45.0062 2220 iastor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\drivers\iastor.sys
14:38:45.0062 2220 iastor - ok
14:38:45.0109 2220 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:38:45.0109 2220 Imapi - ok
14:38:45.0140 2220 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
14:38:45.0140 2220 ini910u - ok
14:38:45.0171 2220 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
14:38:45.0171 2220 IntelIde - ok
14:38:45.0203 2220 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:38:45.0203 2220 intelppm - ok
14:38:45.0250 2220 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:38:45.0250 2220 Ip6Fw - ok
14:38:45.0265 2220 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:38:45.0265 2220 IpFilterDriver - ok
14:38:45.0312 2220 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:38:45.0312 2220 IpInIp - ok
14:38:45.0343 2220 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:38:45.0343 2220 IpNat - ok
14:38:45.0359 2220 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:38:45.0359 2220 IPSec - ok
14:38:45.0390 2220 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:38:45.0390 2220 IRENUM - ok
14:38:45.0406 2220 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:38:45.0406 2220 isapnp - ok
14:38:45.0437 2220 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:38:45.0437 2220 Kbdclass - ok
14:38:45.0453 2220 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:38:45.0453 2220 kbdhid - ok
14:38:45.0468 2220 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:38:45.0468 2220 kmixer - ok
14:38:45.0484 2220 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:38:45.0484 2220 KSecDD - ok
14:38:45.0531 2220 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
14:38:45.0531 2220 Lbd - ok
14:38:45.0531 2220 lbrtfdc - ok
14:38:45.0562 2220 MBAMSwissArmy - ok
14:38:45.0625 2220 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
14:38:45.0625 2220 mdmxsdk - ok
14:38:45.0671 2220 mfeapfk (c373a719d704d12f5a4503f6f10239ff) C:\WINDOWS\system32\drivers\mfeapfk.sys
14:38:45.0671 2220 mfeapfk - ok
14:38:45.0703 2220 mfeavfk (851ad52871b62457152a8acaff0c632d) C:\WINDOWS\system32\drivers\mfeavfk.sys
14:38:45.0703 2220 mfeavfk - ok
14:38:45.0718 2220 mfeavfk01 - ok
14:38:45.0750 2220 mfebopk (5b9ffb027669a8ac30aac0b4996bc603) C:\WINDOWS\system32\drivers\mfebopk.sys
14:38:45.0750 2220 mfebopk - ok
14:38:45.0765 2220 mfefirek (2cabe72e53365834cb9969dde47bd690) C:\WINDOWS\system32\drivers\mfefirek.sys
14:38:45.0765 2220 mfefirek - ok
14:38:45.0796 2220 mfehidk (46db8f041e928bdc17b8daba249a2148) C:\WINDOWS\system32\drivers\mfehidk.sys
14:38:45.0796 2220 mfehidk - ok
14:38:45.0843 2220 mfendisk (348e3db31cf458adaa3798fb8af659c3) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
14:38:45.0859 2220 mfendisk - ok
14:38:45.0859 2220 mfendiskmp (348e3db31cf458adaa3798fb8af659c3) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
14:38:45.0859 2220 mfendiskmp - ok
14:38:45.0921 2220 mferkdet (316fd7c31cd57ca793fb10912aeeb2d2) C:\WINDOWS\system32\drivers\mferkdet.sys
14:38:45.0921 2220 mferkdet - ok
14:38:45.0984 2220 mfetdi2k (2026fe7c9e6b26ffeb08cd89c6326b91) C:\WINDOWS\system32\drivers\mfetdi2k.sys
14:38:45.0984 2220 mfetdi2k - ok
14:38:46.0031 2220 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:38:46.0031 2220 mnmdd - ok
14:38:46.0062 2220 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:38:46.0078 2220 Modem - ok
14:38:46.0078 2220 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
14:38:46.0093 2220 MODEMCSA - ok
14:38:46.0093 2220 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:38:46.0093 2220 Mouclass - ok
14:38:46.0140 2220 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:38:46.0140 2220 mouhid - ok
14:38:46.0156 2220 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:38:46.0156 2220 MountMgr - ok
14:38:46.0171 2220 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
14:38:46.0187 2220 mraid35x - ok
14:38:46.0187 2220 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:38:46.0187 2220 MRxDAV - ok
14:38:46.0250 2220 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:38:46.0250 2220 MRxSmb - ok
14:38:46.0265 2220 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:38:46.0281 2220 Msfs - ok
14:38:46.0312 2220 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:38:46.0312 2220 MSKSSRV - ok
14:38:46.0359 2220 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:38:46.0359 2220 MSPCLOCK - ok
14:38:46.0375 2220 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:38:46.0375 2220 MSPQM - ok
14:38:46.0406 2220 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:38:46.0406 2220 mssmbios - ok
14:38:46.0421 2220 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:38:46.0421 2220 Mup - ok
14:38:46.0453 2220 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:38:46.0453 2220 NDIS - ok
14:38:46.0468 2220 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:38:46.0468 2220 NdisTapi - ok
14:38:46.0500 2220 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:38:46.0500 2220 Ndisuio - ok
14:38:46.0515 2220 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:38:46.0515 2220 NdisWan - ok
14:38:46.0531 2220 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:38:46.0531 2220 NDProxy - ok
14:38:46.0546 2220 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:38:46.0546 2220 NetBIOS - ok
14:38:46.0562 2220 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:38:46.0562 2220 NetBT - ok
14:38:46.0593 2220 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:38:46.0609 2220 Npfs - ok
14:38:46.0625 2220 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:38:46.0625 2220 Ntfs - ok
14:38:46.0656 2220 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:38:46.0656 2220 Null - ok
14:38:46.0734 2220 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:38:46.0750 2220 nv - ok
14:38:46.0781 2220 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:38:46.0781 2220 NwlnkFlt - ok
14:38:46.0796 2220 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:38:46.0812 2220 NwlnkFwd - ok
14:38:46.0828 2220 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
14:38:46.0828 2220 Parport - ok
14:38:46.0843 2220 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:38:46.0843 2220 PartMgr - ok
14:38:46.0859 2220 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:38:46.0859 2220 ParVdm - ok
14:38:46.0875 2220 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:38:46.0875 2220 PCI - ok
14:38:46.0890 2220 PCIDump - ok
14:38:46.0906 2220 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:38:46.0906 2220 PCIIde - ok
14:38:46.0921 2220 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:38:46.0921 2220 Pcmcia - ok
14:38:46.0937 2220 PDCOMP - ok
14:38:46.0953 2220 PDFRAME - ok
14:38:46.0953 2220 PDRELI - ok
14:38:46.0968 2220 PDRFRAME - ok
14:38:47.0015 2220 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
14:38:47.0015 2220 perc2 - ok
14:38:47.0031 2220 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
14:38:47.0031 2220 perc2hib - ok
14:38:47.0078 2220 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:38:47.0093 2220 PptpMiniport - ok
14:38:47.0093 2220 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:38:47.0093 2220 PSched - ok
14:38:47.0125 2220 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:38:47.0125 2220 Ptilink - ok
14:38:47.0140 2220 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:38:47.0140 2220 PxHelp20 - ok
14:38:47.0171 2220 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
14:38:47.0171 2220 ql1080 - ok
14:38:47.0187 2220 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
14:38:47.0187 2220 Ql10wnt - ok
14:38:47.0203 2220 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
14:38:47.0203 2220 ql12160 - ok
14:38:47.0234 2220 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
14:38:47.0234 2220 ql1240 - ok
14:38:47.0265 2220 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
14:38:47.0265 2220 ql1280 - ok
14:38:47.0296 2220 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:38:47.0296 2220 RasAcd - ok
14:38:47.0328 2220 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:38:47.0328 2220 Rasl2tp - ok
14:38:47.0390 2220 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:38:47.0390 2220 RasPppoe - ok
14:38:47.0406 2220 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:38:47.0406 2220 Raspti - ok
14:38:47.0421 2220 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:38:47.0437 2220 Rdbss - ok
14:38:47.0453 2220 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:38:47.0453 2220 RDPCDD - ok
14:38:47.0500 2220 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:38:47.0500 2220 rdpdr - ok
14:38:47.0546 2220 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
14:38:47.0546 2220 RDPWD - ok
14:38:47.0593 2220 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:38:47.0593 2220 redbook - ok
14:38:47.0687 2220 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:38:47.0687 2220 Secdrv - ok
14:38:47.0750 2220 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:38:47.0750 2220 serenum - ok
14:38:47.0765 2220 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
14:38:47.0765 2220 Serial - ok
14:38:47.0812 2220 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:38:47.0812 2220 Sfloppy - ok
14:38:47.0828 2220 Simbad - ok
14:38:47.0875 2220 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
14:38:47.0875 2220 sisagp - ok
14:38:47.0890 2220 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
14:38:47.0890 2220 Sparrow - ok
14:38:47.0921 2220 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:38:47.0921 2220 splitter - ok
14:38:47.0968 2220 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:38:47.0968 2220 sr - ok
14:38:48.0031 2220 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:38:48.0031 2220 Srv - ok
14:38:48.0093 2220 STHDA (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\system32\drivers\sthda.sys
14:38:48.0109 2220 STHDA - ok
14:38:48.0140 2220 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
14:38:48.0140 2220 StillCam - ok
14:38:48.0187 2220 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:38:48.0187 2220 swenum - ok
14:38:48.0234 2220 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:38:48.0234 2220 swmidi - ok
14:38:48.0265 2220 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
14:38:48.0265 2220 symc810 - ok
14:38:48.0281 2220 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
14:38:48.0281 2220 symc8xx - ok
14:38:48.0296 2220 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
14:38:48.0296 2220 sym_hi - ok
14:38:48.0312 2220 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
14:38:48.0312 2220 sym_u3 - ok
14:38:48.0328 2220 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:38:48.0343 2220 sysaudio - ok
14:38:48.0390 2220 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:38:48.0390 2220 Tcpip - ok
14:38:48.0437 2220 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:38:48.0437 2220 TDPIPE - ok
14:38:48.0484 2220 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:38:48.0484 2220 TDTCP - ok
14:38:48.0562 2220 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:38:48.0562 2220 TermDD - ok
14:38:48.0593 2220 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
14:38:48.0593 2220 TosIde - ok
14:38:48.0625 2220 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:38:48.0625 2220 Udfs - ok
14:38:48.0656 2220 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
14:38:48.0656 2220 ultra - ok
14:38:48.0703 2220 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:38:48.0718 2220 Update - ok
14:38:48.0750 2220 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:38:48.0750 2220 usbccgp - ok
14:38:48.0765 2220 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:38:48.0781 2220 usbehci - ok
14:38:48.0781 2220 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:38:48.0781 2220 usbhub - ok
14:38:48.0828 2220 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:38:48.0828 2220 usbprint - ok
14:38:48.0875 2220 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:38:48.0875 2220 USBSTOR - ok
14:38:48.0906 2220 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:38:48.0906 2220 usbuhci - ok
14:38:48.0921 2220 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:38:48.0921 2220 VgaSave - ok
14:38:48.0953 2220 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
14:38:48.0953 2220 viaagp - ok
14:38:48.0968 2220 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
14:38:48.0968 2220 ViaIde - ok
14:38:49.0062 2220 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:38:49.0062 2220 VolSnap - ok
14:38:49.0093 2220 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:38:49.0093 2220 Wanarp - ok
14:38:49.0109 2220 wanatw - ok
14:38:49.0125 2220 WDICA - ok
14:38:49.0156 2220 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:38:49.0156 2220 wdmaud - ok
14:38:49.0187 2220 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
14:38:49.0187 2220 winachsf - ok
14:38:49.0281 2220 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
14:38:49.0281 2220 \Device\Harddisk0\DR0 - ok
14:38:49.0296 2220 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR4
14:38:50.0125 2220 \Device\Harddisk1\DR4 - ok
14:38:50.0140 2220 Boot (0x1200) (b2c0de0339fa66239396f33bf7fbefbe) \Device\Harddisk0\DR0\Partition0
14:38:50.0140 2220 \Device\Harddisk0\DR0\Partition0 - ok
14:38:50.0156 2220 Boot (0x1200) (b066d874a6f7091195ffd157b8ca4d3b) \Device\Harddisk1\DR4\Partition0
14:38:50.0156 2220 \Device\Harddisk1\DR4\Partition0 - ok
14:38:50.0156 2220 ============================================================
14:38:50.0156 2220 Scan finished
14:38:50.0156 2220 ============================================================
14:38:50.0171 3964 Detected object count: 0
14:38:50.0171 3964 Actual detected object count: 0
14:39:13.0703 2824 Deinitialize success


AVAST LOG

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-21 14:39:51
-----------------------------
14:39:51.218 OS Version: Windows 5.1.2600 Service Pack 3
14:39:51.218 Number of processors: 2 586 0x407
14:39:51.218 ComputerName: STAT002 UserName:
14:39:51.531 Initialize success
14:42:33.343 AVAST engine defs: 11112101
14:42:43.093 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:42:43.093 Disk 0 Vendor: WDC_WD80 10.0 Size: 76293MB BusType: 3
14:42:43.109 Disk 0 MBR read successfully
14:42:43.109 Disk 0 MBR scan
14:42:43.140 Disk 0 unknown MBR code
14:42:43.156 Disk 0 scanning sectors +156232125
14:42:43.234 Disk 0 scanning C:\WINDOWS\system32\drivers
14:42:56.531 Service scanning
14:42:57.484 Modules scanning
14:43:02.437 AVAST engine scan C:\WINDOWS
14:43:24.359 AVAST engine scan C:\WINDOWS\system32
14:45:20.328 AVAST engine scan C:\WINDOWS\system32\drivers
14:45:36.328 AVAST engine scan C:\Documents and Settings\Stacey Yee
14:48:27.328 AVAST engine scan C:\Documents and Settings\All Users
15:02:52.078 Scan finished successfully
15:11:19.125 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Stacey Yee\Desktop\MBR.dat"
15:11:19.125 The log file has been saved successfully to "C:\Documents and Settings\Stacey Yee\Desktop\aswMBR.txt"



Finally, the "FIX" button on Avast is NOT enabled after the san, only the "FixMBR" button is enabled.
  • 0

#4
RKinner
Posted 21 November 2011 - 05:28 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Are you still getting redirected?

It appears you have two anti-viruses. McAfee and AdAware. You really only want one as they fight each other if there are two.

Pick one and uninstall the other.
  • 0

#5
redleader74
Posted 21 November 2011 - 05:56 PM

redleader74

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 195 posts
Thanks for the help. Problem seems to be fixed for now.

I actually prefer MSE over McAfee, but the McAfee is paid up for another year so I'll keep it for now. McAfee just feels cumbersome and plants itself all over the computer in all your other programs, browsers, etc., which sometimes just gets in the way rather than being helpful.
  • 0

#6
RKinner
Posted 21 November 2011 - 07:52 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
If it were me I would just write off the McAfee subscription and go with something else. MSSE is OK tho I prefer the free Avast. Both are better than McAfee. When you do decide to get rid of McAfee you will need to:

Download the McAfee Removal tool
http://download.mcaf...atches/MCPR.exe
(If you think you might want to reinstall McAfee later then follow the instructions here to save your license info:
http://service.mcafe...spx?id=TS100507 )
Uninstall McAfee, run the McAfee uninstall tool, reboot. Install the new Anti-Virus.


We need to clean up System Restore. Follow Jim's procedure here:
http://aumha.net/vie...581099691bf108f


You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

OTL has a cleanup tab so if you run it again and select cleanup it will remove itself and its backup files.

To hide hidden files again (If you do not run OTL cleanup):

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and shutdown My Computer.

You probably do not have the latest Java (Java™ 6 Update 29 or 7 update 1). Get the latest at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it. Note on Java and Firefox. For some reason Java does not remove old consoles from Firefox. Any time you update Java you should do Firefox, Add-ons, Extensions and disable any old Java Consoles

They will look like: Java Console 6.xx. The xx corresponds to the update number. When they switch to 7 update 0 then it will be Java Console 7.

Multiple Java Consoles will slow down the Firefox boot. After any change to Firefox or its extension you should run Speedyfox. (Mentioned later.)



Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. You can right click on the updatechecker icon (looks like a downward green arrowhead) and select Settings and tell it no betas. If you don't use MSN Messenger I would not upgdate it. MS installs a bunch of stuff when you do. You can tell the program to not show you that update.)
If you use Firefox or Chome then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . Click on Speedup my Firefox. When it finishes click on Exit.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP