[JKB6125]

Hi! My computer showed the above issues. Please help!

[Advertisements]

Hi, JKB6125! My nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out.

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.


Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:

• Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
• Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
• If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
• These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
• Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
• Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
• You must reply within four days failure to reply will result in the topic being closed!
• Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
• Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
  Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.

Step 1.

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan



On completion of the scan click save log, save it to your desktop and post in your next reply



If it does not run rename it iexplore.exe and try it again.


Step 2.

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Select Scan All Users
• Select Lop Check and Purity Check
• Under the Custom Scan box paste this in
  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  services.*
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s
  CREATERESTOREPOINT
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Post both logs

Step 3.

Please post:

aswMBR log
OTL.txt
Extras.txt

Give me an update on your computer's issues.

[CompCav]

Hi, JKB6125! My nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out.

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.


Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:

• Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
• Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
• If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
• These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
• Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
• Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
• You must reply within four days failure to reply will result in the topic being closed!
• Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
• Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
  Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.

Step 1.

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan



On completion of the scan click save log, save it to your desktop and post in your next reply



If it does not run rename it iexplore.exe and try it again.


Step 2.

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Select Scan All Users
• Select Lop Check and Purity Check
• Under the Custom Scan box paste this in
  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  services.*
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s
  CREATERESTOREPOINT
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Post both logs

Step 3.

Please post:

aswMBR log
OTL.txt
Extras.txt

Give me an update on your computer's issues.

[JKB6125]

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-21 11:20:27
-----------------------------
11:20:27.171 OS Version: Windows 5.1.2600 Service Pack 3
11:20:27.171 Number of processors: 2 586 0xF0B
11:20:27.171 ComputerName: JERRYSLAPTOP UserName: Jerry
11:20:28.734 Initialize success
11:20:39.406 AVAST engine defs: 12072100
11:20:45.593 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
11:20:45.593 Disk 0 Vendor: FUJITSU_MHW2160BJ_FFS_G2 0085001C Size: 152627MB BusType: 3
11:20:45.640 Disk 0 MBR read successfully
11:20:45.640 Disk 0 MBR scan
11:20:45.656 Disk 0 Windows XP default MBR code
11:20:45.671 Disk 0 Partition 1 00 DE Dell Utility Dell 8.1 47 MB offset 63
11:20:45.703 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 149503 MB offset 96390
11:20:45.718 Disk 0 Partition - 00 0F Extended LBA 3074 MB offset 306279225
11:20:45.750 Disk 0 Partition 3 00 DD MSDOS5.0 3074 MB offset 306279288
11:20:45.750 Disk 0 scanning sectors +312576705
11:20:45.781 Disk 0 malicious Win32:MBRoot code @ sector 312576708 !
11:20:45.796 Disk 0 PE file @ sector 312576730 !
11:20:45.890 Disk 0 scanning C:\WINDOWS\system32\drivers
11:21:04.046 Service scanning
11:21:29.484 Modules scanning
11:21:46.812 Disk 0 trace - called modules:
11:21:46.859 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
11:21:46.859 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a9f1ab8]
11:21:46.859 3 CLASSPNP.SYS[ba118fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8a9dc940]
11:21:47.515 AVAST engine scan C:\WINDOWS
11:21:58.765 AVAST engine scan C:\WINDOWS\system32
11:26:56.437 AVAST engine scan C:\WINDOWS\system32\drivers
11:27:34.203 AVAST engine scan C:\Documents and Settings\Jerry
11:28:22.937 File: C:\Documents and Settings\Jerry\Application Data\qetpbr.dll **INFECTED** Win32:Medfos [Trj]
11:49:16.062 AVAST engine scan C:\Documents and Settings\All Users
12:02:25.484 Scan finished successfully
12:04:20.921 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jerry\Desktop\MBR.dat"
12:04:20.953 The log file has been saved successfully to "C:\Documents and Settings\Jerry\Desktop\aswMBR.txt"


OTL logfile created on: 7/21/2012 12:07:38 PM - Run 2
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\Jerry\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 65.25% Memory free
3.85 Gb Paging File | 3.13 Gb Available in Paging File | 81.26% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.00 Gb Total Space | 109.96 Gb Free Space | 75.32% Space Free | Partition Type: NTFS

Computer Name: JERRYSLAPTOP | User Name: Jerry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/21 12:05:25 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jerry\Desktop\OTL.exe
PRC - [2012/07/13 16:19:16 | 000,646,800 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\saUI.exe
PRC - [2012/05/29 12:46:48 | 001,220,960 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
PRC - [2012/05/29 12:46:46 | 001,528,672 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
PRC - [2012/03/21 21:16:10 | 001,318,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2012/03/20 13:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2012/03/20 13:05:00 | 000,161,632 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2012/03/20 13:04:32 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2011/11/04 15:27:48 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2011/10/03 03:52:43 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2009/12/29 10:08:28 | 001,653,248 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 01:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/22 21:51:32 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012/05/13 22:16:25 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/13 22:16:15 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2007/03/16 19:10:26 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2006/08/08 09:18:18 | 000,056,056 | ---- | M] () -- C:\WINDOWS\system32\DLAAPI_W.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/21 08:12:16 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/29 12:46:46 | 001,528,672 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012/05/29 12:46:46 | 000,029,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2012/04/19 08:21:16 | 000,361,976 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2012/03/20 13:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2012/03/20 13:05:00 | 000,161,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2012/03/20 13:04:32 | 000,166,288 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/11/04 15:27:48 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/10/03 03:52:43 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/06/30 13:25:52 | 001,248,256 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/09/03 00:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/06/24 13:34:52 | 000,091,456 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2010/05/27 11:40:30 | 000,087,336 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Motorola Media Link\NServiceEntry.exe -- (DeviceMonitorService)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/08/09 01:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/08/10 04:11:14 | 000,057,344 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2006/08/10 04:10:50 | 000,294,912 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | Disabled | Stopped] -- system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSFHWAZL.sys -- (HSFHWAZL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSF_DPV.sys -- (HSF_DPV)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\easytthr.sys -- (easytether)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Jerry\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/07/21 09:53:04 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/03/29 16:32:12 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2012/02/22 13:29:46 | 000,464,304 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012/02/22 13:29:46 | 000,340,920 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2012/02/22 13:29:46 | 000,180,848 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2012/02/22 13:29:46 | 000,121,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/02/22 13:29:46 | 000,089,792 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2012/02/22 13:29:46 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2012/02/22 13:29:46 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2012/02/22 13:29:46 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2012/02/22 13:29:46 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2012/02/22 13:29:46 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/10/14 21:47:32 | 000,012,984 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2009/07/10 13:01:06 | 000,025,856 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motoandroid.sys -- (motandroidusb)
DRV - [2009/07/10 13:01:06 | 000,025,856 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motoandroid.sys -- (androidusb)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/10/10 17:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/10/02 05:06:40 | 000,451,968 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2007/08/08 07:17:54 | 002,211,456 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/06/07 17:00:02 | 000,141,376 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Afx.sys -- (OEM02Afx)
DRV - [2007/05/06 17:12:00 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/03/05 10:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2006/11/21 05:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/15 01:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/14 20:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/14 18:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/08/09 04:30:42 | 000,050,688 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2006/08/08 09:18:50 | 000,009,432 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/08 09:18:28 | 000,035,128 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/08 09:18:26 | 000,097,880 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/08 09:18:26 | 000,094,680 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/08 09:18:24 | 000,026,136 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/08 09:18:22 | 000,032,504 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/08 09:18:20 | 000,104,504 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/08 09:18:20 | 000,014,552 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/01 20:06:20 | 000,012,952 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/01 20:06:18 | 000,028,216 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/05/24 19:05:26 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2006/05/24 19:04:04 | 000,851,434 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/05/24 19:00:50 | 000,066,488 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-1060284298-2077806209-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1060284298-2077806209-725345543-1004\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1060284298-2077806209-725345543-1004\..\SearchScopes,DefaultScope = {94CBCD85-0206-41F8-91E5-4EAF9FCCE33D}
IE - HKU\S-1-5-21-1060284298-2077806209-725345543-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1060284298-2077806209-725345543-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ADRA_enUS373
IE - HKU\S-1-5-21-1060284298-2077806209-725345543-1004\..\SearchScopes\{94CBCD85-0206-41F8-91E5-4EAF9FCCE33D}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKU\S-1-5-21-1060284298-2077806209-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1060284298-2077806209-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.51
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.yahoo....h?fr=mcafee&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/07/17 20:23:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/07/21 10:19:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/08 19:49:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/08 22:48:41 | 000,000,000 | ---D | M]

[2010/04/03 18:03:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jerry\Application Data\Mozilla\Extensions
[2012/02/20 21:21:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\s5rcpthh.default\extensions
[2010/11/11 18:33:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\s5rcpthh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/02/05 11:36:51 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\s5rcpthh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/02/05 11:36:53 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\s5rcpthh.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/02/20 21:21:16 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\s5rcpthh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/11/09 21:33:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/09 21:31:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
[2011/07/04 17:14:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011/07/04 17:14:07 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/02/20 21:21:16 | 000,634,964 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\JERRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\S5RCPTHH.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/07/21 10:19:24 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES\COMMON FILES\MCAFEE\SYSTEMCORE
[2012/07/17 20:23:53 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2011/11/09 21:33:50 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2011/10/03 03:53:41 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/09 21:33:47 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/09 21:28:06 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2011/11/09 21:33:47 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.66\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.66\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Documents and Settings\Jerry\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Java Deployment Toolkit 7.0.10.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U1 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.0.60818.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Jerry\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Documents and Settings\Jerry\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\Jerry\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Search = C:\Documents and Settings\Jerry\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: SiteAdvisor = C:\Documents and Settings\Jerry\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\
CHR - Extension: SiteAdvisor = C:\Documents and Settings\Jerry\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\
CHR - Extension: Gmail = C:\Documents and Settings\Jerry\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: Gmail = C:\Documents and Settings\Jerry\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2010/04/03 13:26:30 | 000,001,106 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20120627192752.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKU\S-1-5-21-1060284298-2077806209-725345543-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s File not found
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKU\S-1-5-21-1060284298-2077806209-725345543-1004..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1060284298-2077806209-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1341203260132 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5F8292A-8B3F-46D4-BAF0-1A446A4FCEFB}: DhcpNameServer = 192.168.0.1 205.171.3.25
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\intu-help-qb4 {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jerry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jerry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O27 - HKLM IFEO\analogrec9.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\billmind.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\creator9.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\dellwmgr.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\disccopier9.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\discimageloader9.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\dmx.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\dvdinfo.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\dvdmusicassistant9.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\lctaskassistant9.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\lpandtapeassistant9.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\mediacapture9.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\mediamanager9.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\mml.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\mmlupdate.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\musicdisccreator9.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\mydvd9.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\photosuite9.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\pictureviewer.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\qbw32.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\qbw32pro.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\quickenolbackuplauncher.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\quicktimeplayer.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\qw.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\retrieve9.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\romlauncher.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\roxwizardlauncher9.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\rxbackup9.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\rxlabelcreator9.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\sbewin32.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\softwareupdate.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\soundedit9.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\videowave9.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/27 15:02:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{16f9ed26-1edf-11e1-830e-001d09c1f06f}\Shell - "" = AutoRun
O33 - MountPoints2\{16f9ed26-1edf-11e1-830e-001d09c1f06f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{16f9ed26-1edf-11e1-830e-001d09c1f06f}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{c1087788-39e9-11df-80ab-9020465017cd}\Shell - "" = AutoRun
O33 - MountPoints2\{c1087788-39e9-11df-80ab-9020465017cd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c1087788-39e9-11df-80ab-9020465017cd}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{d48f47f6-3e0c-11df-80cb-001d09c1f06f}\Shell - "" = AutoRun
O33 - MountPoints2\{d48f47f6-3e0c-11df-80cb-001d09c1f06f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d48f47f6-3e0c-11df-80cb-001d09c1f06f}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sharedaccess - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
System Restore Service not available.

========== Files/Folders - Created Within 30 Days ==========

[2012/07/21 12:05:12 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jerry\Desktop\OTL.exe
[2012/07/21 10:52:22 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Jerry\Desktop\aswMBR.exe
[2012/07/21 10:20:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2012/07/21 09:53:04 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/07/21 09:30:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerry\Desktop\RK_Quarantine
[2012/07/21 08:54:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerry\Start Menu\Programs\Live Security Platinum
[2012/07/21 08:52:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\036DFF86004E365406391B3F7B07D329
[2012/07/21 08:51:39 | 000,142,848 | -HS- | C] (DT Soft Ltd) -- C:\Documents and Settings\Jerry\Application Data\wmatsk.dll
[2011/09/27 08:05:12 | 001,393,736 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Jerry\gotomypc_626.exe
[2011/02/21 22:09:55 | 001,062,984 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Jerry\gotomypc_540.exe
[2010/04/18 21:32:34 | 000,726,008 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Jerry\gotomypc_437.exe

========== Files - Modified Within 30 Days ==========

[2012/07/21 12:12:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/21 12:09:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E3FA497D-A117-4C9A-815F-46C72D805233}.job
[2012/07/21 12:05:25 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jerry\Desktop\OTL.exe
[2012/07/21 12:04:20 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Jerry\Desktop\MBR.dat
[2012/07/21 11:37:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/21 10:52:23 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Jerry\Desktop\aswMBR.exe
[2012/07/21 10:20:17 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2012/07/21 10:16:13 | 000,079,491 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2012/07/21 10:16:07 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/21 10:15:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/21 10:10:00 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/07/21 09:53:04 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/07/21 09:20:54 | 001,552,384 | ---- | M] () -- C:\Documents and Settings\Jerry\Desktop\RogueKiller.exe
[2012/07/21 08:59:00 | 000,000,103 | ---- | M] () -- C:\Documents and Settings\Jerry\Application Data\mbam.context.scan
[2012/07/21 08:52:40 | 000,419,328 | ---- | M] () -- C:\Documents and Settings\Jerry\Application Data\qetpbr.dll
[2012/07/21 08:51:25 | 000,142,848 | -HS- | M] (DT Soft Ltd) -- C:\Documents and Settings\Jerry\Application Data\wmatsk.dll
[2012/07/21 07:56:03 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/19 21:25:00 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2012/07/19 20:40:01 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2012/07/15 14:20:48 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite
[2012/07/12 22:34:24 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/07/10 22:10:11 | 000,465,252 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/07/10 22:10:11 | 000,079,458 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/07/04 14:00:00 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2012/07/03 22:23:07 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/01 21:49:36 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Jerry\Desktop\Microsoft Office Outlook.lnk
[2012/06/24 22:31:38 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/06/22 21:38:32 | 000,424,616 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/07/21 12:04:20 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Jerry\Desktop\MBR.dat
[2012/07/21 10:20:48 | 001,552,384 | ---- | C] () -- C:\Documents and Settings\Jerry\Desktop\RogueKiller.exe
[2012/07/21 09:06:35 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Jerry\Local Settings\Application Data\{67e30eeb-d034-4d64-eba4-b9249eaa45f1}\L\00000004.@
[2012/07/21 08:58:47 | 000,000,103 | ---- | C] () -- C:\Documents and Settings\Jerry\Application Data\mbam.context.scan
[2012/07/21 08:52:37 | 000,419,328 | ---- | C] () -- C:\Documents and Settings\Jerry\Application Data\qetpbr.dll
[2012/07/21 08:00:51 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/15 14:20:48 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite
[2012/05/13 22:21:25 | 000,534,520 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/02/16 22:13:00 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/15 21:52:55 | 000,098,356 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/10/14 21:47:32 | 000,012,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2011/05/30 11:50:18 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2010/12/31 13:25:23 | 000,000,482 | ---- | C] () -- C:\WINDOWS\iScreensaver.ini
[2010/04/03 22:13:32 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Jerry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/30 21:29:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jerry\Application Data\wklnhst.dat
[2010/03/30 01:34:12 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Jerry\Local Settings\Application Data\fusioncache.dat
[2004/08/04 04:00:00 | 000,002,048 | ---- | C] () -- C:\WINDOWS\Installer\{67e30eeb-d034-4d64-eba4-b9249eaa45f1}\@
[2004/08/04 04:00:00 | 000,002,048 | ---- | C] () -- C:\Documents and Settings\Jerry\Local Settings\Application Data\{67e30eeb-d034-4d64-eba4-b9249eaa45f1}\@

========== LOP Check ==========

[2012/07/21 08:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\036DFF86004E365406391B3F7B07D329
[2012/06/08 18:45:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2010/07/17 18:30:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2011/07/04 21:11:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2010/08/22 14:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\motorola
[2011/05/30 11:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2010/03/29 21:55:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2011/05/30 12:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2012/06/08 18:47:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2012/06/08 18:45:58 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2010/04/06 21:53:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/05/07 19:19:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerry\Application Data\ActiHealth
[2010/05/23 22:19:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerry\Application Data\Backup MyPC
[2011/01/29 23:40:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerry\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/07/17 18:30:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerry\Application Data\HotSync
[2010/05/29 11:35:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerry\Application Data\iolo
[2010/12/31 13:25:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerry\Application Data\iScreensaver
[2010/07/17 18:46:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerry\Application Data\Leadertech
[2010/08/22 14:31:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerry\Application Data\motorola
[2012/06/08 18:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerry\Application Data\TuneUp Software
[2010/03/29 21:09:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerry\Application Data\WeatherBug
[2010/04/03 11:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerry\Application Data\Windows Desktop Search
[2010/04/03 13:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerry\Application Data\Windows Search
[2011/04/30 15:52:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2012/06/17 08:33:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\TuneUp Software
[2012/07/21 10:10:00 | 000,000,462 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2012/07/19 20:40:01 | 000,000,462 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2012/07/19 21:25:00 | 000,000,462 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2012/07/04 14:00:00 | 000,000,462 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2012/07/21 12:09:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{E3FA497D-A117-4C9A-815F-46C72D805233}.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SERVICES >
[2004/08/04 04:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.CFG >
[2012/04/03 23:53:54 | 000,585,987 | ---- | M] () MD5=7BAB089A4F862C6BC86E0201D5BF1779 -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 13:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.CSS >
[2005/06/29 14:48:58 | 000,014,339 | ---- | M] () MD5=9D415BDEF74ADF7B0CD791E40A911A38 -- C:\Program Files\Intuit\QuickBooks 2008\Components\Services\services.css
[2010/09/22 19:33:44 | 000,000,093 | ---- | M] () MD5=F15FB82C578490B209442B8C1D5076CC -- C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Services\Services.css

< MD5 for: SERVICES.EXE >
[2009/02/06 05:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 18:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 05:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 05:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe

< MD5 for: SERVICES.INI >
[2010/09/22 19:33:44 | 000,000,012 | ---- | M] () MD5=810C4D394B59FF7116A0CD6052286C41 -- C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Services\Services.ini

< MD5 for: SERVICES.LNK >
[2010/05/23 21:07:47 | 000,001,602 | ---- | M] () MD5=48BA88598635BE2FF011EBBA75B4B003 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MSC >
[2004/08/04 04:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SERVICES.TICO >
[2009/09/25 14:00:00 | 000,002,038 | ---- | M] () MD5=D669B1B2EBE288A61680C3C863828D28 -- C:\Program Files\TuneUp Utilities 2012\data\services.tico

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/04/13 18:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 18:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/13 18:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/13 18:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 18:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/13 18:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Jerry\My Documents\WBP, Inc April 07 Commissions.rtf:SummaryInformation
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Jerry\My Documents\updates:Roxio EMC Stream

< End of report >



Thanks!

[CompCav]

Step 1.

• Please reopen on your desktop.
• Copy and Paste the following code into the textbox.
  
  

  :OTL
  FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
  FF - prefs.js..extensions.enabledItems: [email protected]:1.0
  FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
  FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
  FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
  FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
  [2011/11/09 21:31:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
  [2011/10/03 03:53:41 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
  O3 - HKU\S-1-5-21-1060284298-2077806209-725345543-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
  O4 - HKLM..\Run: [] File not found
  O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
  O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
  O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
  O27 - HKLM IFEO\analogrec9.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
  O27 - HKLM IFEO\billmind.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
  O27 - HKLM IFEO\creator9.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
  O27 - HKLM IFEO\dellwmgr.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
  O27 - HKLM IFEO\disccopier9.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
  O27 - HKLM IFEO\discimageloader9.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
  O27 - HKLM IFEO\dmx.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
  O27 - HKLM IFEO\dvdinfo.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
  O27 - HKLM IFEO\dvdmusicassistant9.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
  O27 - HKLM IFEO\lctaskassistant9.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
  O27 - HKLM IFEO\lpandtapeassistant9.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
  O27 - HKLM IFEO\mediacapture9.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
  O27 - HKLM IFEO\mediamanager9.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
  O27 - HKLM IFEO\mml.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
  O27 - HKLM IFEO\mmlupdate.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
  O27 - HKLM IFEO\musicdisccreator9.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
  O27 - HKLM IFEO\mydvd9.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
  O27 - HKLM IFEO\photosuite9.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
  O27 - HKLM IFEO\pictureviewer.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
  O27 - HKLM IFEO\qbw32.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
  O27 - HKLM IFEO\qbw32pro.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
  O27 - HKLM IFEO\quickenolbackuplauncher.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
  O27 - HKLM IFEO\quicktimeplayer.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
  O27 - HKLM IFEO\qw.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
  O27 - HKLM IFEO\retrieve9.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
  O27 - HKLM IFEO\romlauncher.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
  O27 - HKLM IFEO\roxwizardlauncher9.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
  O27 - HKLM IFEO\rxbackup9.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
  O27 - HKLM IFEO\rxlabelcreator9.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
  O27 - HKLM IFEO\sbewin32.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
  O27 - HKLM IFEO\softwareupdate.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
  O27 - HKLM IFEO\soundedit9.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
  O27 - HKLM IFEO\videowave9.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
  O33 - MountPoints2\{16f9ed26-1edf-11e1-830e-001d09c1f06f}\Shell - "" = AutoRun
  O33 - MountPoints2\{16f9ed26-1edf-11e1-830e-001d09c1f06f}\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\{16f9ed26-1edf-11e1-830e-001d09c1f06f}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
  O33 - MountPoints2\{c1087788-39e9-11df-80ab-9020465017cd}\Shell - "" = AutoRun
  O33 - MountPoints2\{c1087788-39e9-11df-80ab-9020465017cd}\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\{c1087788-39e9-11df-80ab-9020465017cd}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
  O33 - MountPoints2\{d48f47f6-3e0c-11df-80cb-001d09c1f06f}\Shell - "" = AutoRun
  O33 - MountPoints2\{d48f47f6-3e0c-11df-80cb-001d09c1f06f}\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\{d48f47f6-3e0c-11df-80cb-001d09c1f06f}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
  O33 - MountPoints2\E\Shell - "" = AutoRun
  O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
  [2012/07/21 08:54:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerry\Start Menu\Programs\Live Security Platinum
  [2012/07/21 08:52:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\036DFF86004E365406391B3F7B07D329
  [2012/07/21 08:51:39 | 000,142,848 | -HS- | C] (DT Soft Ltd) -- C:\Documents and Settings\Jerry\Application Data\wmatsk.dll
  [2012/07/21 08:52:40 | 000,419,328 | ---- | M] () -- C:\Documents and Settings\Jerry\Application Data\qetpbr.dll
  [2012/07/21 08:51:25 | 000,142,848 | -HS- | M] (DT Soft Ltd) -- C:\Documents and Settings\Jerry\Application Data\wmatsk.dll
  
  
  :files
  ipconfig /flushdns /c
  C:\Documents and Settings\Jerry\Local Settings\Application Data\{67e30eeb-d034-4d64-eba4-b9249eaa45f1}
  C:\WINDOWS\Installer\{67e30eeb-d034-4d64-eba4-b9249eaa45f1}
  C:\Documents and Settings\Jerry\Local Settings\Application Data\{67e30eeb-d034-4d64-eba4-b9249eaa45f1}
  C:\WINDOWS\Tasks\At*.job
  
  
  :reg
  
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [createrestorepoint]

• Push
• OTL may ask to reboot the machine. Please do so if asked.
• Click the OK button.
• A report will open. Copy and Paste that report in your next reply.
• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.

Step 2.

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. This infection will require a reboot to correct so make sure these are turned off and will not turn back on at reboot. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
• Accept the disclaimer and allow to update if it asks
  
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  
  
• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  
• Click on Yes, to continue scanning for malware.
  
• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt" for further review.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions


After the run you may have internet problems or access to something problems. Simply reboot the computer.



Step 3.

Please post:

OTL fix log
ComboFix.txt


Also please update me on how your computer is running

[JKB6125]

ComboFix 12-07-21.01 - Jerry 07/21/2012 16:47:58.1.2 - x86
Running from: c:\documents and settings\Jerry\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\036DFF86004E365406391B3F7B07D329
c:\documents and settings\All Users\Application Data\036DFF86004E365406391B3F7B07D329\036DFF86004E365406391B3F7B07D329
c:\documents and settings\All Users\Application Data\036DFF86004E365406391B3F7B07D329\036DFF86004E365406391B3F7B07D329.exe
c:\documents and settings\All Users\Application Data\DragToDiscUserNameD.txt
c:\documents and settings\Jerry\WINDOWS
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000013_.tmp.dll
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\drivers\1028_DELL_XPS_Vostro 1500 .MRK
c:\windows\system32\drivers\DELL_XPS_Vostro 1500 .MRK
.
.
((((((((((((((((((((((((( Files Created from 2012-06-21 to 2012-07-21 )))))))))))))))))))))))))))))))
.
.
2012-07-21 22:22 . 2012-07-21 22:22 -------- d-----w- C:\_OTL
2012-07-21 15:53 . 2012-07-21 15:53 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-06-28 01:27 . 2012-05-25 23:09 29312 ----a-w- c:\program files\Mozilla Firefox\ScriptFF.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-21 14:12 . 2012-04-07 03:31 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-21 14:12 . 2011-05-16 02:24 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-04 23:35 . 2009-08-07 02:23 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 21:19 . 2009-08-07 02:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 21:19 . 2010-03-27 21:00 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 21:19 . 2010-03-27 21:00 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 21:19 . 2010-03-27 21:00 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 21:19 . 2009-08-07 02:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 21:19 . 2010-03-27 21:00 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 21:19 . 2010-03-27 21:00 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 21:19 . 2009-08-07 02:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 21:19 . 2009-08-07 02:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 21:19 . 2004-08-04 10:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 21:19 . 2009-08-07 02:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 21:19 . 2010-03-27 21:00 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 21:19 . 2010-03-27 21:00 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 21:18 . 2010-03-30 03:02 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 21:18 . 2010-03-30 03:02 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-05-31 13:22 . 2004-08-04 10:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-29 18:46 . 2012-06-09 00:47 31584 ----a-w- c:\windows\system32\TURegOpt.exe
2012-05-29 18:46 . 2012-06-09 00:49 29024 ----a-w- c:\windows\system32\uxtuneup.dll
2012-05-16 15:08 . 2006-03-04 03:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2012-01-12 16:53 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42 . 2012-02-17 04:13 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 14:42 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 11:38 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:16 . 2005-03-30 01:21 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2005-03-30 01:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2010-03-27 20:58 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-11-10 03:33 . 2011-07-04 23:14 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 20:01 . 2011-01-16 19:17 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2009-12-29 1653248]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-29 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1318816]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-09-30 2215768]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"NVHotkey"="nvHotkey.dll" [2007-05-12 67584]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1024000]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-17 1392640]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CorelCENTRAL 9.LNK]
backup=c:\windows\pss\CorelCENTRAL 9.LNKCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CorelCENTRAL Alarms.LNK]
backup=c:\windows\pss\CorelCENTRAL Alarms.LNKCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DataViz Inc Messenger.lnk]
backup=c:\windows\pss\DataViz Inc Messenger.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Application Director 9.LNK]
backup=c:\windows\pss\Desktop Application Director 9.LNKCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Intuit Data Protect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk
backup=c:\windows\pss\Intuit Data Protect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
backup=c:\windows\pss\QuickBooks_Standard_21.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-06 07:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 03:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2006-08-14 07:07 102400 ----a-w- c:\program files\Roxio\Media Experience\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-06-10 03:55 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]
2011-09-30 10:17 2215768 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 11:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 21:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-05-12 05:57 8429568 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-11-01 22:39 189736 ------w- c:\program files\Dell\MediaDirect\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 02:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-08-10 18:10 221184 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-05-04 19:59 252136 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Microsoft Office Outlook"=c:\progra~1\MICROS~2\Office12\OUTLOOK.EXE /recycle
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"OEM02Mon.exe"=c:\windows\OEM02Mon.exe
"nwiz"=nwiz.exe /installquiet
"SigmatelSysTrayApp"=stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]
R3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.1.121\McCHSvc.exe [x]
R3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\DRIVERS\mfendisk.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
R4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [x]
R4 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [x]
S1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 mfendiskmp;mfendiskmp;c:\windows\system32\DRIVERS\mfendisk.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 14:12]
.
2012-06-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 23:57]
.
2012-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-29 15:38]
.
2012-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-29 15:38]
.
2012-07-21 c:\windows\Tasks\User_Feed_Synchronization-{E3FA497D-A117-4C9A-815F-46C72D805233}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 10:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
FF - ProfilePath - c:\documents and settings\Jerry\Application Data\Mozilla\Firefox\Profiles\s5rcpthh.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - user.js: general.useragent.extra.brc - BRI/1
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-Wdf01000.sys
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-CTFMON - (no file)
MSConfigStartUp-EasyTether - c:\program files\Mobile Stream\EasyTether\easytthr.exe
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-21 16:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(324)
c:\windows\System32\BCMLogon.dll
.
Completion time: 2012-07-21 16:53:44
ComboFix-quarantined-files.txt 2012-07-21 22:53
.
Pre-Run: 118,584,926,208 bytes free
Post-Run: 118,524,854,272 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 8C09107DB3F34E19297ECCAA30187EBC


All processes killed
========== OTL ==========
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: [email protected]:1.0 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ deleted successfully.
C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-1060284298-2077806209-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\analogrec9.exe\ deleted successfully.
C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\billmind.exe\ deleted successfully.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\creator9.exe\ deleted successfully.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dellwmgr.exe\ deleted successfully.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\disccopier9.exe\ deleted successfully.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\discimageloader9.exe\ deleted successfully.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dmx.exe\ deleted successfully.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvdinfo.exe\ deleted successfully.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvdmusicassistant9.exe\ deleted successfully.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lctaskassistant9.exe\ deleted successfully.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lpandtapeassistant9.exe\ deleted successfully.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mediacapture9.exe\ deleted successfully.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mediamanager9.exe\ deleted successfully.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mml.exe\ deleted successfully.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmlupdate.exe\ deleted successfully.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\musicdisccreator9.exe\ deleted successfully.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mydvd9.exe\ deleted successfully.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photosuite9.exe\ deleted successfully.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pictureviewer.exe\ deleted successfully.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qbw32.exe\ deleted successfully.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qbw32pro.exe\ deleted successfully.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\quickenolbackuplauncher.exe\ deleted successfully.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\quicktimeplayer.exe\ deleted successfully.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qw.exe\ deleted successfully.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\retrieve9.exe\ deleted successfully.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\romlauncher.exe\ deleted successfully.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\roxwizardlauncher9.exe\ deleted successfully.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rxbackup9.exe\ deleted successfully.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rxlabelcreator9.exe\ deleted successfully.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sbewin32.exe\ deleted successfully.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\softwareupdate.exe\ deleted successfully.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\soundedit9.exe\ deleted successfully.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\videowave9.exe\ deleted successfully.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16f9ed26-1edf-11e1-830e-001d09c1f06f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16f9ed26-1edf-11e1-830e-001d09c1f06f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16f9ed26-1edf-11e1-830e-001d09c1f06f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16f9ed26-1edf-11e1-830e-001d09c1f06f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16f9ed26-1edf-11e1-830e-001d09c1f06f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16f9ed26-1edf-11e1-830e-001d09c1f06f}\ not found.
File E:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1087788-39e9-11df-80ab-9020465017cd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1087788-39e9-11df-80ab-9020465017cd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1087788-39e9-11df-80ab-9020465017cd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1087788-39e9-11df-80ab-9020465017cd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1087788-39e9-11df-80ab-9020465017cd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1087788-39e9-11df-80ab-9020465017cd}\ not found.
File E:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d48f47f6-3e0c-11df-80cb-001d09c1f06f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d48f47f6-3e0c-11df-80cb-001d09c1f06f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d48f47f6-3e0c-11df-80cb-001d09c1f06f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d48f47f6-3e0c-11df-80cb-001d09c1f06f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d48f47f6-3e0c-11df-80cb-001d09c1f06f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d48f47f6-3e0c-11df-80cb-001d09c1f06f}\ not found.
File E:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\LaunchU3.exe -a not found.
C:\Documents and Settings\Jerry\Start Menu\Programs\Live Security Platinum folder moved successfully.
Folder C:\Documents and Settings\All Users\Application Data\036DFF86004E365406391B3F7B07D329\ not found.
C:\Documents and Settings\Jerry\Application Data\wmatsk.dll moved successfully.
C:\Documents and Settings\Jerry\Application Data\qetpbr.dll moved successfully.
File C:\Documents and Settings\Jerry\Application Data\wmatsk.dll not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Jerry\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Jerry\Desktop\cmd.txt deleted successfully.
C:\Documents and Settings\Jerry\Local Settings\Application Data\{67e30eeb-d034-4d64-eba4-b9249eaa45f1}\U folder moved successfully.
C:\Documents and Settings\Jerry\Local Settings\Application Data\{67e30eeb-d034-4d64-eba4-b9249eaa45f1}\L folder moved successfully.
C:\Documents and Settings\Jerry\Local Settings\Application Data\{67e30eeb-d034-4d64-eba4-b9249eaa45f1} folder moved successfully.
C:\WINDOWS\Installer\{67e30eeb-d034-4d64-eba4-b9249eaa45f1}\U folder moved successfully.
C:\WINDOWS\Installer\{67e30eeb-d034-4d64-eba4-b9249eaa45f1}\L folder moved successfully.
Folder move failed. C:\WINDOWS\Installer\{67e30eeb-d034-4d64-eba4-b9249eaa45f1} scheduled to be moved on reboot.
File\Folder C:\Documents and Settings\Jerry\Local Settings\Application Data\{67e30eeb-d034-4d64-eba4-b9249eaa45f1} not found.
C:\WINDOWS\Tasks\At1.job moved successfully.
C:\WINDOWS\Tasks\At2.job moved successfully.
C:\WINDOWS\Tasks\At3.job moved successfully.
C:\WINDOWS\Tasks\At4.job moved successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Intel

User: Jerry
->Temp folder emptied: 70450586 bytes
->Temporary Internet Files folder emptied: 28817336 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 10625189 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 955 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 63334 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 144702696 bytes

User: Pam
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 5 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 23272 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 92073671 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 38163978 bytes

Total Files Cleaned = 367.00 mb

System Restore Service not available.

OTL by OldTimer - Version 3.2.54.0 log created on 07212012_162212

Files\Folders moved on Reboot...
Folder move failed. C:\WINDOWS\Installer\{67e30eeb-d034-4d64-eba4-b9249eaa45f1} scheduled to be moved on reboot.
C:\Documents and Settings\Jerry\Local Settings\Temp\~DFED57.tmp moved successfully.
File\Folder C:\Documents and Settings\Jerry\Local Settings\Temp\~DFED66.tmp not found!
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.Word\~WRF{96BD2212-CA72-4922-A4C3-1627B785648B}.tmp moved successfully.
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.Word\~WRS{5A72B91A-63C5-4ABC-B194-882E6B699528}.tmp moved successfully.

PendingFileRenameOperations files...
File C:\WINDOWS\Installer\{67e30eeb-d034-4d64-eba4-b9249eaa45f1} not found!
File C:\Documents and Settings\Jerry\Local Settings\Temp\~DFED57.tmp not found!
File C:\Documents and Settings\Jerry\Local Settings\Temp\~DFED66.tmp not found!
File C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.Word\~WRF{96BD2212-CA72-4922-A4C3-1627B785648B}.tmp not found!
File C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.Word\~WRS{5A72B91A-63C5-4ABC-B194-882E6B699528}.tmp not found!

Registry entries deleted on Reboot...


Thanks!!!

[CompCav]

Download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  
  
  
• Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  
  
  
• Click the Start Scan button.
  
  
  
• If a suspicious object is detected, the default action will be Skip, click on Continue.
  
  
  
• If malicious objects are found, they will show in the Scan results and offer three (3) options.
• Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  
  
  
• Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  
• Get the report by selecting Reports
  
  

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

[JKB6125]

18:25:12.0937 0704 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
18:25:13.0765 0704 ============================================================
18:25:13.0765 0704 Current date / time: 2012/07/21 18:25:13.0765
18:25:13.0765 0704 SystemInfo:
18:25:13.0765 0704
18:25:13.0765 0704 OS Version: 5.1.2600 ServicePack: 3.0
18:25:13.0765 0704 Product type: Workstation
18:25:13.0765 0704 ComputerName: JERRYSLAPTOP
18:25:13.0765 0704 UserName: Jerry
18:25:13.0765 0704 Windows directory: C:\WINDOWS
18:25:13.0765 0704 System windows directory: C:\WINDOWS
18:25:13.0765 0704 Processor architecture: Intel x86
18:25:13.0765 0704 Number of processors: 2
18:25:13.0765 0704 Page size: 0x1000
18:25:13.0765 0704 Boot type: Normal boot
18:25:13.0765 0704 ============================================================
18:25:16.0000 0704 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:25:16.0000 0704 ============================================================
18:25:16.0000 0704 \Device\Harddisk0\DR0:
18:25:16.0000 0704 MBR partitions:
18:25:16.0000 0704 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x123FFAB3
18:25:16.0031 0704 ============================================================
18:25:16.0406 0704 C: <-> \Device\Harddisk0\DR0\Partition0
18:25:16.0406 0704 ============================================================
18:25:16.0406 0704 Initialize success
18:25:16.0406 0704 ============================================================

[JKB6125]

18:20:16.0125 1940 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
18:20:17.0171 1940 ============================================================
18:20:17.0171 1940 Current date / time: 2012/07/21 18:20:17.0171
18:20:17.0171 1940 SystemInfo:
18:20:17.0171 1940
18:20:17.0171 1940 OS Version: 5.1.2600 ServicePack: 3.0
18:20:17.0171 1940 Product type: Workstation
18:20:17.0171 1940 ComputerName: JERRYSLAPTOP
18:20:17.0171 1940 UserName: Jerry
18:20:17.0171 1940 Windows directory: C:\WINDOWS
18:20:17.0171 1940 System windows directory: C:\WINDOWS
18:20:17.0171 1940 Processor architecture: Intel x86
18:20:17.0171 1940 Number of processors: 2
18:20:17.0171 1940 Page size: 0x1000
18:20:17.0171 1940 Boot type: Normal boot
18:20:17.0171 1940 ============================================================
18:20:19.0656 1940 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:20:19.0656 1940 ============================================================
18:20:19.0656 1940 \Device\Harddisk0\DR0:
18:20:19.0656 1940 MBR partitions:
18:20:19.0656 1940 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x123FFAB3
18:20:19.0687 1940 ============================================================
18:20:19.0765 1940 C: <-> \Device\Harddisk0\DR0\Partition0
18:20:19.0765 1940 ============================================================
18:20:19.0765 1940 Initialize success
18:20:19.0765 1940 ============================================================
18:20:46.0250 3152 ============================================================
18:20:46.0250 3152 Scan started
18:20:46.0250 3152 Mode: Manual; SigCheck; TDLFS;
18:20:46.0250 3152 ============================================================
18:20:46.0812 3152 Abiosdsk - ok
18:20:46.0812 3152 abp480n5 - ok
18:20:46.0828 3152 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:20:48.0375 3152 ACPI - ok
18:20:48.0406 3152 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:20:48.0546 3152 ACPIEC - ok
18:20:48.0640 3152 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:20:48.0671 3152 AdobeFlashPlayerUpdateSvc - ok
18:20:48.0671 3152 adpu160m - ok
18:20:48.0718 3152 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:20:48.0828 3152 aec - ok
18:20:48.0875 3152 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:20:48.0953 3152 AFD - ok
18:20:48.0953 3152 Aha154x - ok
18:20:48.0968 3152 aic78u2 - ok
18:20:48.0968 3152 aic78xx - ok
18:20:48.0984 3152 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
18:20:49.0078 3152 Alerter - ok
18:20:49.0109 3152 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
18:20:49.0203 3152 ALG - ok
18:20:49.0203 3152 AliIde - ok
18:20:49.0203 3152 amsint - ok
18:20:49.0218 3152 androidusb - ok
18:20:49.0218 3152 AppMgmt - ok
18:20:49.0250 3152 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:20:49.0328 3152 Arp1394 - ok
18:20:49.0328 3152 asc - ok
18:20:49.0343 3152 asc3350p - ok
18:20:49.0343 3152 asc3550 - ok
18:20:49.0453 3152 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:20:49.0468 3152 aspnet_state - ok
18:20:49.0500 3152 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:20:49.0593 3152 AsyncMac - ok
18:20:49.0640 3152 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:20:49.0734 3152 atapi - ok
18:20:49.0734 3152 Atdisk - ok
18:20:49.0765 3152 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:20:49.0859 3152 Atmarpc - ok
18:20:49.0921 3152 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
18:20:50.0015 3152 AudioSrv - ok
18:20:50.0062 3152 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:20:50.0171 3152 audstub - ok
18:20:50.0218 3152 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
18:20:50.0265 3152 bcm4sbxp - ok
18:20:50.0312 3152 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:20:50.0406 3152 Beep - ok
18:20:50.0484 3152 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
18:20:50.0703 3152 BITS - ok
18:20:50.0859 3152 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
18:20:50.0890 3152 Bonjour Service - ok
18:20:50.0953 3152 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
18:20:51.0046 3152 Browser - ok
18:20:51.0125 3152 BTKRNL (9c3c8b9e2eda516eb44b51dab81dbd68) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
18:20:51.0171 3152 BTKRNL ( UnsignedFile.Multi.Generic ) - warning
18:20:51.0171 3152 BTKRNL - detected UnsignedFile.Multi.Generic (1)
18:20:51.0234 3152 BTSERIAL (089f7526ff41c17b0a43896d0553d5a2) C:\WINDOWS\system32\drivers\btserial.sys
18:20:51.0250 3152 BTSERIAL ( UnsignedFile.Multi.Generic ) - warning
18:20:51.0250 3152 BTSERIAL - detected UnsignedFile.Multi.Generic (1)
18:20:51.0281 3152 btwdins (3a462eba453d84d036046772104cfbcb) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
18:20:51.0312 3152 btwdins ( UnsignedFile.Multi.Generic ) - warning
18:20:51.0312 3152 btwdins - detected UnsignedFile.Multi.Generic (1)
18:20:51.0328 3152 BTWUSB (56c701580f2891952761362ba7594b3d) C:\WINDOWS\system32\Drivers\btwusb.sys
18:20:51.0343 3152 BTWUSB ( UnsignedFile.Multi.Generic ) - warning
18:20:51.0343 3152 BTWUSB - detected UnsignedFile.Multi.Generic (1)
18:20:51.0484 3152 catchme - ok
18:20:51.0593 3152 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:20:51.0703 3152 cbidf2k - ok
18:20:51.0734 3152 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:20:51.0843 3152 CCDECODE - ok
18:20:51.0843 3152 cd20xrnt - ok
18:20:51.0890 3152 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:20:52.0000 3152 Cdaudio - ok
18:20:52.0031 3152 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:20:52.0125 3152 Cdfs - ok
18:20:52.0156 3152 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:20:52.0234 3152 Cdrom - ok
18:20:52.0265 3152 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
18:20:52.0265 3152 cercsr6 ( UnsignedFile.Multi.Generic ) - warning
18:20:52.0265 3152 cercsr6 - detected UnsignedFile.Multi.Generic (1)
18:20:52.0312 3152 cfwids (1c7b1e36f3ced9e4b0b13385e627fe8b) C:\WINDOWS\system32\drivers\cfwids.sys
18:20:52.0375 3152 cfwids - ok
18:20:52.0375 3152 Changer - ok
18:20:52.0390 3152 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
18:20:52.0484 3152 CiSvc - ok
18:20:52.0515 3152 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
18:20:52.0593 3152 ClipSrv - ok
18:20:52.0687 3152 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:20:52.0750 3152 clr_optimization_v2.0.50727_32 - ok
18:20:52.0781 3152 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
18:20:52.0875 3152 CmBatt - ok
18:20:52.0875 3152 CmdIde - ok
18:20:52.0890 3152 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
18:20:52.0984 3152 Compbatt - ok
18:20:53.0000 3152 COMSysApp - ok
18:20:53.0000 3152 Cpqarray - ok
18:20:53.0046 3152 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
18:20:53.0140 3152 CryptSvc - ok
18:20:53.0140 3152 dac2w2k - ok
18:20:53.0156 3152 dac960nt - ok
18:20:53.0218 3152 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
18:20:53.0312 3152 DcomLaunch - ok
18:20:53.0343 3152 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
18:20:53.0437 3152 Dhcp - ok
18:20:53.0468 3152 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:20:53.0578 3152 Disk - ok
18:20:53.0656 3152 DLABMFSM (7a1e8f722479ef934d71798ac3617ed7) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
18:20:53.0671 3152 DLABMFSM - ok
18:20:53.0671 3152 DLABOIOM (2281b5c596c04645426b3771a3bd5657) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
18:20:53.0687 3152 DLABOIOM - ok
18:20:53.0703 3152 DLACDBHM (43749294a1d9f22fe164a62c1a42919d) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
18:20:53.0718 3152 DLACDBHM - ok
18:20:53.0734 3152 DLADResM (54a3f9ebd1ddc975736f8e18a9b8fce9) C:\WINDOWS\system32\DLA\DLADResM.SYS
18:20:53.0734 3152 DLADResM - ok
18:20:53.0750 3152 DLAIFS_M (e0fbaf0146bfceec29f31f07452db4ad) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
18:20:53.0765 3152 DLAIFS_M - ok
18:20:53.0765 3152 DLAOPIOM (d3ce0c76496a5332032399639485774f) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
18:20:53.0781 3152 DLAOPIOM - ok
18:20:53.0781 3152 DLAPoolM (fce1882364d4c324b937a841ef9c58ac) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
18:20:53.0796 3152 DLAPoolM - ok
18:20:53.0812 3152 DLARTL_M (14183a8eff683eb0c1774802578ed0f4) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
18:20:53.0812 3152 DLARTL_M - ok
18:20:53.0828 3152 DLAUDFAM (2ef8c92ab8411589387845f58534c7d9) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
18:20:53.0843 3152 DLAUDFAM - ok
18:20:53.0843 3152 DLAUDF_M (a2096fd7b5037085a3dc580e2891d2c4) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
18:20:53.0859 3152 DLAUDF_M - ok
18:20:53.0859 3152 dmadmin - ok
18:20:54.0031 3152 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:20:54.0171 3152 dmboot - ok
18:20:54.0218 3152 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:20:54.0312 3152 dmio - ok
18:20:54.0343 3152 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:20:54.0437 3152 dmload - ok
18:20:54.0484 3152 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
18:20:54.0578 3152 dmserver - ok
18:20:54.0625 3152 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:20:54.0734 3152 DMusic - ok
18:20:54.0781 3152 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
18:20:54.0859 3152 Dnscache - ok
18:20:54.0890 3152 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
18:20:55.0000 3152 Dot3svc - ok
18:20:55.0000 3152 dpti2o - ok
18:20:55.0046 3152 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:20:55.0125 3152 drmkaud - ok
18:20:55.0187 3152 drvmcdb (1fb11e1eac27668754fd18a079cccfb3) C:\WINDOWS\system32\drivers\drvmcdb.sys
18:20:55.0203 3152 drvmcdb - ok
18:20:55.0203 3152 DRVNDDM (9628dfa16b1a47615c65318f8776f233) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
18:20:55.0218 3152 DRVNDDM - ok
18:20:55.0250 3152 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
18:20:55.0343 3152 EapHost - ok
18:20:55.0343 3152 easytether - ok
18:20:55.0390 3152 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
18:20:55.0468 3152 ERSvc - ok
18:20:55.0531 3152 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:20:55.0578 3152 Eventlog - ok
18:20:55.0656 3152 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
18:20:55.0703 3152 EventSystem - ok
18:20:55.0734 3152 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:20:55.0890 3152 Fastfat - ok
18:20:55.0953 3152 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:20:56.0015 3152 FastUserSwitchingCompatibility - ok
18:20:56.0046 3152 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
18:20:56.0156 3152 Fdc - ok
18:20:56.0203 3152 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:20:56.0296 3152 Fips - ok
18:20:56.0296 3152 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
18:20:56.0390 3152 Flpydisk - ok
18:20:56.0406 3152 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:20:56.0500 3152 FltMgr - ok
18:20:56.0687 3152 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:20:56.0687 3152 FontCache3.0.0.0 - ok
18:20:56.0734 3152 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:20:56.0828 3152 Fs_Rec - ok
18:20:56.0843 3152 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:20:56.0937 3152 Ftdisk - ok
18:20:56.0984 3152 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:20:57.0000 3152 GEARAspiWDM - ok
18:20:57.0062 3152 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:20:57.0156 3152 Gpc - ok
18:20:57.0250 3152 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
18:20:57.0265 3152 gupdate - ok
18:20:57.0265 3152 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
18:20:57.0281 3152 gupdatem - ok
18:20:57.0312 3152 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:20:57.0328 3152 gusvc - ok
18:20:57.0343 3152 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:20:57.0437 3152 HDAudBus - ok
18:20:57.0562 3152 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:20:57.0656 3152 helpsvc - ok
18:20:57.0687 3152 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
18:20:57.0796 3152 HidServ - ok
18:20:57.0843 3152 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:20:57.0937 3152 hidusb - ok
18:20:57.0968 3152 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
18:20:58.0078 3152 hkmsvc - ok
18:20:58.0093 3152 hpn - ok
18:20:58.0093 3152 HSFHWAZL - ok
18:20:58.0093 3152 HSF_DPV - ok
18:20:58.0171 3152 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:20:58.0218 3152 HTTP - ok
18:20:58.0250 3152 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
18:20:58.0343 3152 HTTPFilter - ok
18:20:58.0343 3152 i2omgmt - ok
18:20:58.0343 3152 i2omp - ok
18:20:58.0390 3152 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:20:58.0484 3152 i8042prt - ok
18:20:58.0656 3152 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
18:20:58.0687 3152 IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:20:58.0687 3152 IDriverT - detected UnsignedFile.Multi.Generic (1)
18:20:58.0781 3152 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:20:58.0843 3152 idsvc - ok
18:20:58.0875 3152 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:20:58.0968 3152 Imapi - ok
18:20:59.0015 3152 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
18:20:59.0125 3152 ImapiService - ok
18:20:59.0156 3152 ini910u - ok
18:20:59.0156 3152 IntelIde - ok
18:20:59.0218 3152 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:20:59.0296 3152 intelppm - ok
18:20:59.0328 3152 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:20:59.0437 3152 Ip6Fw - ok
18:20:59.0484 3152 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:20:59.0562 3152 IpFilterDriver - ok
18:20:59.0578 3152 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:20:59.0687 3152 IpInIp - ok
18:20:59.0718 3152 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:20:59.0812 3152 IpNat - ok
18:20:59.0937 3152 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
18:21:00.0000 3152 iPod Service - ok
18:21:00.0031 3152 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:21:00.0125 3152 IPSec - ok
18:21:00.0156 3152 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:21:00.0265 3152 IRENUM - ok
18:21:00.0281 3152 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:21:00.0375 3152 isapnp - ok
18:21:00.0437 3152 JavaQuickStarterService (92e16f5d034e7864da308ba6309a98b7) C:\Program Files\Java\jre7\bin\jqs.exe
18:21:00.0453 3152 JavaQuickStarterService - ok
18:21:00.0515 3152 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:21:00.0609 3152 Kbdclass - ok
18:21:00.0640 3152 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:21:00.0718 3152 kbdhid - ok
18:21:00.0765 3152 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:21:00.0875 3152 kmixer - ok
18:21:00.0906 3152 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:21:01.0000 3152 KSecDD - ok
18:21:01.0046 3152 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
18:21:01.0078 3152 lanmanserver - ok
18:21:01.0125 3152 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
18:21:01.0171 3152 lanmanworkstation - ok
18:21:01.0171 3152 lbrtfdc - ok
18:21:01.0218 3152 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
18:21:01.0312 3152 LmHosts - ok
18:21:01.0343 3152 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
18:21:01.0359 3152 MBAMSwissArmy - ok
18:21:01.0468 3152 McAfee SiteAdvisor Service (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
18:21:01.0484 3152 McAfee SiteAdvisor Service - ok
18:21:01.0562 3152 McComponentHostService (fd3ad5e1ecdaa94a89d6697f5c5465d6) C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe
18:21:01.0578 3152 McComponentHostService - ok
18:21:01.0578 3152 McMPFSvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
18:21:01.0593 3152 McMPFSvc - ok
18:21:01.0609 3152 mcmscsvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
18:21:01.0625 3152 mcmscsvc - ok
18:21:01.0625 3152 McNaiAnn (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
18:21:01.0640 3152 McNaiAnn - ok
18:21:01.0640 3152 McNASvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
18:21:01.0656 3152 McNASvc - ok
18:21:01.0781 3152 McODS (135aa9e9e7047b7dc1f753205d421a26) C:\Program Files\McAfee\VirusScan\mcods.exe
18:21:01.0812 3152 McODS - ok
18:21:01.0812 3152 McOobeSv (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
18:21:01.0828 3152 McOobeSv - ok
18:21:01.0828 3152 McProxy (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
18:21:01.0843 3152 McProxy - ok
18:21:01.0890 3152 McShield (593fa4c378818ece76ba64a11ad56cf2) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
18:21:01.0906 3152 McShield - ok
18:21:01.0921 3152 mdmxsdk - ok
18:21:01.0953 3152 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
18:21:02.0046 3152 Messenger - ok
18:21:02.0093 3152 mfeapfk (43c31bdf404a6d7a7ac1bfd5ead2a566) C:\WINDOWS\system32\drivers\mfeapfk.sys
18:21:02.0109 3152 mfeapfk - ok
18:21:02.0125 3152 mfeavfk (c1dc5f42d3367f33b6451be78b38bd46) C:\WINDOWS\system32\drivers\mfeavfk.sys
18:21:02.0140 3152 mfeavfk - ok
18:21:02.0140 3152 mfeavfk01 - ok
18:21:02.0140 3152 mfebopk (0435c43f4c2be01b84868ad2a906397b) C:\WINDOWS\system32\drivers\mfebopk.sys
18:21:02.0156 3152 mfebopk - ok
18:21:02.0171 3152 mfefire (7e1f8b1bdc8240f08bd358b3a466c005) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
18:21:02.0187 3152 mfefire - ok
18:21:02.0218 3152 mfefirek (4ea6ff90015424517843e931448e00f1) C:\WINDOWS\system32\drivers\mfefirek.sys
18:21:02.0234 3152 mfefirek - ok
18:21:02.0281 3152 mfehidk (d1e998748ba24a731106611d535c6bbf) C:\WINDOWS\system32\drivers\mfehidk.sys
18:21:02.0312 3152 mfehidk - ok
18:21:02.0343 3152 mfendisk (26c76d10ed650e6492800d6f081ecfba) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
18:21:02.0359 3152 mfendisk - ok
18:21:02.0359 3152 mfendiskmp (26c76d10ed650e6492800d6f081ecfba) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
18:21:02.0375 3152 mfendiskmp - ok
18:21:02.0406 3152 mferkdet (f454a13377f0a006d20a8c14a753c432) C:\WINDOWS\system32\drivers\mferkdet.sys
18:21:02.0437 3152 mferkdet - ok
18:21:02.0453 3152 mfetdi2k (070d3faf2eac417c59d8674a8752f7a6) C:\WINDOWS\system32\drivers\mfetdi2k.sys
18:21:02.0468 3152 mfetdi2k - ok
18:21:02.0515 3152 mfevtp (b10c4efd40810c08f4b44df2efcb54f7) C:\WINDOWS\system32\mfevtps.exe
18:21:02.0531 3152 mfevtp - ok
18:21:02.0593 3152 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:21:02.0687 3152 mnmdd - ok
18:21:02.0703 3152 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
18:21:02.0781 3152 mnmsrvc - ok
18:21:02.0828 3152 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:21:02.0906 3152 Modem - ok
18:21:02.0921 3152 motandroidusb - ok
18:21:02.0937 3152 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:21:03.0062 3152 Mouclass - ok
18:21:03.0109 3152 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:21:03.0234 3152 mouhid - ok
18:21:03.0250 3152 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:21:03.0328 3152 MountMgr - ok
18:21:03.0328 3152 mraid35x - ok
18:21:03.0359 3152 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:21:03.0437 3152 MRxDAV - ok
18:21:03.0531 3152 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:21:03.0640 3152 MRxSmb - ok
18:21:03.0703 3152 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
18:21:03.0796 3152 MSDTC - ok
18:21:03.0828 3152 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:21:03.0937 3152 Msfs - ok
18:21:03.0937 3152 MSIServer - ok
18:21:04.0062 3152 MSK80Service (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
18:21:04.0078 3152 MSK80Service - ok
18:21:04.0109 3152 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:21:04.0187 3152 MSKSSRV - ok
18:21:04.0218 3152 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:21:04.0328 3152 MSPCLOCK - ok
18:21:04.0359 3152 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:21:04.0453 3152 MSPQM - ok
18:21:04.0468 3152 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:21:04.0562 3152 mssmbios - ok
18:21:04.0593 3152 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
18:21:04.0687 3152 MSTEE - ok
18:21:04.0734 3152 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:21:04.0812 3152 Mup - ok
18:21:04.0828 3152 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:21:04.0953 3152 NABTSFEC - ok
18:21:04.0984 3152 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
18:21:05.0093 3152 napagent - ok
18:21:05.0125 3152 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:21:05.0218 3152 NDIS - ok
18:21:05.0250 3152 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:21:05.0390 3152 NdisIP - ok
18:21:05.0437 3152 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:21:05.0500 3152 NdisTapi - ok
18:21:05.0531 3152 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:21:05.0640 3152 Ndisuio - ok
18:21:05.0656 3152 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:21:05.0781 3152 NdisWan - ok
18:21:05.0843 3152 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:21:05.0921 3152 NDProxy - ok
18:21:05.0968 3152 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:21:06.0078 3152 NetBIOS - ok
18:21:06.0125 3152 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:21:06.0218 3152 NetBT - ok
18:21:06.0281 3152 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:21:06.0375 3152 NetDDE - ok
18:21:06.0375 3152 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:21:06.0453 3152 NetDDEdsdm - ok
18:21:06.0500 3152 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:21:06.0593 3152 Netlogon - ok
18:21:06.0687 3152 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
18:21:06.0781 3152 Netman - ok
18:21:06.0968 3152 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:21:07.0015 3152 NetTcpPortSharing - ok
18:21:07.0234 3152 NETw4x32 (b5ab1108b377b5f3d37409fabda01453) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
18:21:07.0468 3152 NETw4x32 - ok
18:21:07.0656 3152 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:21:07.0750 3152 NIC1394 - ok
18:21:07.0796 3152 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
18:21:07.0828 3152 Nla - ok
18:21:07.0843 3152 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:21:07.0953 3152 Npfs - ok
18:21:08.0031 3152 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:21:08.0187 3152 Ntfs - ok
18:21:08.0265 3152 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:21:08.0343 3152 NtLmSsp - ok
18:21:08.0390 3152 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
18:21:08.0546 3152 NtmsSvc - ok
18:21:08.0593 3152 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:21:08.0703 3152 Null - ok
18:21:09.0078 3152 nv (e531eaa795a273fc70c9de3f195069c8) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:21:09.0484 3152 nv - ok
18:21:09.0718 3152 NVSvc (0ac27b53a34dc9e76f61da7a74f546c6) C:\WINDOWS\system32\nvsvc32.exe
18:21:09.0781 3152 NVSvc - ok
18:21:09.0828 3152 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:21:10.0046 3152 NwlnkFlt - ok
18:21:10.0062 3152 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:21:10.0171 3152 NwlnkFwd - ok
18:21:10.0375 3152 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:21:10.0406 3152 odserv - ok
18:21:10.0468 3152 OEM02Afx (58f478fd0115012ceec75fb73628901c) C:\WINDOWS\system32\Drivers\OEM02Afx.sys
18:21:10.0546 3152 OEM02Afx - ok
18:21:10.0593 3152 OEM02Dev (19cac780b858822055f46c58a111723c) C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys
18:21:10.0609 3152 OEM02Dev - ok
18:21:10.0640 3152 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys
18:21:10.0671 3152 OEM02Vfx - ok
18:21:10.0734 3152 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:21:10.0843 3152 ohci1394 - ok
18:21:10.0875 3152 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:21:10.0890 3152 ose - ok
18:21:10.0906 3152 PalmUSBD - ok
18:21:10.0937 3152 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
18:21:11.0031 3152 Parport - ok
18:21:11.0031 3152 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:21:11.0140 3152 PartMgr - ok
18:21:11.0187 3152 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:21:11.0281 3152 ParVdm - ok
18:21:11.0296 3152 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:21:11.0375 3152 PCI - ok
18:21:11.0375 3152 PCIDump - ok
18:21:11.0406 3152 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:21:11.0484 3152 PCIIde - ok
18:21:11.0500 3152 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:21:11.0609 3152 Pcmcia - ok
18:21:11.0609 3152 PDCOMP - ok
18:21:11.0609 3152 PDFRAME - ok
18:21:11.0609 3152 PDRELI - ok
18:21:11.0609 3152 PDRFRAME - ok
18:21:11.0625 3152 perc2 - ok
18:21:11.0625 3152 perc2hib - ok
18:21:11.0687 3152 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:21:11.0718 3152 PlugPlay - ok
18:21:11.0765 3152 Pml Driver HPZ12 (2d091a99624fb9e7eef0a86d872ec0c3) C:\WINDOWS\system32\HPZipm12.exe
18:21:11.0781 3152 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
18:21:11.0781 3152 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
18:21:11.0812 3152 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:21:11.0890 3152 PolicyAgent - ok
18:21:11.0937 3152 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:21:12.0031 3152 PptpMiniport - ok
18:21:12.0031 3152 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:21:12.0109 3152 ProtectedStorage - ok
18:21:12.0125 3152 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:21:12.0203 3152 PSched - ok
18:21:12.0250 3152 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:21:12.0343 3152 Ptilink - ok
18:21:12.0375 3152 PuranDefrag (d9495810ec4efd4ca906c1ccd494b895) C:\WINDOWS\system32\PuranDefragS.exe
18:21:12.0406 3152 PuranDefrag ( UnsignedFile.Multi.Generic ) - warning
18:21:12.0406 3152 PuranDefrag - detected UnsignedFile.Multi.Generic (1)
18:21:12.0468 3152 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:21:12.0484 3152 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
18:21:12.0484 3152 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
18:21:12.0593 3152 QBCFMonitorService (91195091f449699b176fe1305dad40da) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
18:21:12.0609 3152 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - warning
18:21:12.0609 3152 QBCFMonitorService - detected UnsignedFile.Multi.Generic (1)
18:21:12.0671 3152 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
18:21:12.0671 3152 QBFCService ( UnsignedFile.Multi.Generic ) - warning
18:21:12.0671 3152 QBFCService - detected UnsignedFile.Multi.Generic (1)
18:21:12.0812 3152 QBVSS (78afb70dbe365bd6140e6740792ac3ea) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
18:21:12.0984 3152 QBVSS ( UnsignedFile.Multi.Generic ) - warning
18:21:12.0984 3152 QBVSS - detected UnsignedFile.Multi.Generic (1)
18:21:13.0125 3152 ql1080 - ok
18:21:13.0140 3152 Ql10wnt - ok
18:21:13.0140 3152 ql12160 - ok
18:21:13.0156 3152 ql1240 - ok
18:21:13.0156 3152 ql1280 - ok
18:21:13.0171 3152 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:21:13.0343 3152 RasAcd - ok
18:21:13.0375 3152 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
18:21:13.0484 3152 RasAuto - ok
18:21:13.0531 3152 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:21:13.0625 3152 Rasl2tp - ok
18:21:13.0687 3152 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
18:21:13.0781 3152 RasMan - ok
18:21:13.0781 3152 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:21:13.0875 3152 RasPppoe - ok
18:21:13.0890 3152 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:21:14.0000 3152 Raspti - ok
18:21:14.0031 3152 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:21:14.0125 3152 Rdbss - ok
18:21:14.0125 3152 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:21:14.0218 3152 RDPCDD - ok
18:21:14.0281 3152 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
18:21:14.0359 3152 RDPWD - ok
18:21:14.0406 3152 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
18:21:14.0484 3152 RDSessMgr - ok
18:21:14.0515 3152 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:21:14.0593 3152 redbook - ok
18:21:14.0656 3152 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
18:21:14.0750 3152 RemoteAccess - ok
18:21:14.0796 3152 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
18:21:14.0859 3152 rimmptsk - ok
18:21:14.0859 3152 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
18:21:14.0921 3152 rimsptsk - ok
18:21:14.0921 3152 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
18:21:15.0000 3152 rismxdp - ok
18:21:15.0109 3152 Roxio UPnP Renderer 9 (a189a928896f240fe5247be60623fc07) C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
18:21:15.0140 3152 Roxio UPnP Renderer 9 ( UnsignedFile.Multi.Generic ) - warning
18:21:15.0140 3152 Roxio UPnP Renderer 9 - detected UnsignedFile.Multi.Generic (1)
18:21:15.0171 3152 Roxio Upnp Server 9 (fdd632f943f2650ee7928ff6841cb6b2) C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
18:21:15.0203 3152 Roxio Upnp Server 9 ( UnsignedFile.Multi.Generic ) - warning
18:21:15.0203 3152 Roxio Upnp Server 9 - detected UnsignedFile.Multi.Generic (1)
18:21:15.0312 3152 RoxLiveShare9 (a6a0c81e275ae2eba46dde1216a9e557) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
18:21:15.0343 3152 RoxLiveShare9 ( UnsignedFile.Multi.Generic ) - warning
18:21:15.0343 3152 RoxLiveShare9 - detected UnsignedFile.Multi.Generic (1)
18:21:15.0453 3152 RoxMediaDB9 (b3868bb4948d1f6579fa1906c038424e) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
18:21:15.0750 3152 RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - warning
18:21:15.0750 3152 RoxMediaDB9 - detected UnsignedFile.Multi.Generic (1)
18:21:15.0812 3152 RoxWatch9 (3c2449d45aede29b06050557efa2f5e1) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
18:21:15.0843 3152 RoxWatch9 ( UnsignedFile.Multi.Generic ) - warning
18:21:15.0843 3152 RoxWatch9 - detected UnsignedFile.Multi.Generic (1)
18:21:16.0015 3152 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
18:21:16.0125 3152 RpcLocator - ok
18:21:16.0250 3152 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
18:21:16.0312 3152 RpcSs - ok
18:21:16.0375 3152 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
18:21:16.0468 3152 RSVP - ok
18:21:16.0578 3152 RT73 (4f153709d0691c6de8c9a4c5e813907c) C:\WINDOWS\system32\DRIVERS\rt73.sys
18:21:16.0671 3152 RT73 ( UnsignedFile.Multi.Generic ) - warning
18:21:16.0671 3152 RT73 - detected UnsignedFile.Multi.Generic (1)
18:21:16.0734 3152 RxFilter (78f204f3a885de987d41b12f9bb8dffb) C:\WINDOWS\system32\DRIVERS\RxFilter.sys
18:21:16.0781 3152 RxFilter ( UnsignedFile.Multi.Generic ) - warning
18:21:16.0781 3152 RxFilter - detected UnsignedFile.Multi.Generic (1)
18:21:16.0828 3152 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:21:16.0906 3152 SamSs - ok
18:21:17.0000 3152 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
18:21:17.0156 3152 SCardSvr - ok
18:21:17.0203 3152 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
18:21:17.0343 3152 Schedule - ok
18:21:17.0390 3152 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
18:21:17.0500 3152 sdbus - ok
18:21:17.0515 3152 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:21:17.0593 3152 Secdrv - ok
18:21:17.0640 3152 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
18:21:17.0734 3152 seclogon - ok
18:21:17.0765 3152 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
18:21:17.0843 3152 SENS - ok
18:21:17.0859 3152 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
18:21:17.0953 3152 Serial - ok
18:21:17.0984 3152 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
18:21:18.0093 3152 sffdisk - ok
18:21:18.0093 3152 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
18:21:18.0171 3152 sffp_sd - ok
18:21:18.0203 3152 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:21:18.0296 3152 Sfloppy - ok
18:21:18.0359 3152 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
18:21:18.0484 3152 SharedAccess - ok
18:21:18.0546 3152 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:21:18.0578 3152 ShellHWDetection - ok
18:21:18.0578 3152 Simbad - ok
18:21:18.0656 3152 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:21:18.0765 3152 SLIP - ok
18:21:18.0765 3152 Sparrow - ok
18:21:18.0812 3152 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:21:18.0906 3152 splitter - ok
18:21:18.0968 3152 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
18:21:19.0031 3152 Spooler - ok
18:21:19.0078 3152 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:21:19.0187 3152 sr - ok
18:21:19.0234 3152 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
18:21:19.0328 3152 srservice - ok
18:21:19.0390 3152 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:21:19.0515 3152 Srv - ok
18:21:19.0546 3152 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
18:21:19.0703 3152 SSDPSRV - ok
18:21:19.0843 3152 STHDA (58f855684e163466a5c565adf0865536) C:\WINDOWS\system32\drivers\sthda.sys
18:21:20.0000 3152 STHDA - ok
18:21:20.0062 3152 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
18:21:20.0218 3152 StillCam - ok
18:21:20.0359 3152 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
18:21:20.0468 3152 stisvc - ok
18:21:20.0625 3152 stllssvr (51778fd315c9882f1cbd932743e62a72) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
18:21:20.0687 3152 stllssvr ( UnsignedFile.Multi.Generic ) - warning
18:21:20.0687 3152 stllssvr - detected UnsignedFile.Multi.Generic (1)
18:21:20.0750 3152 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:21:20.0843 3152 streamip - ok
18:21:20.0890 3152 SWDUMon (ab7f6435b3dc381919c3e2cb4d94c7fb) C:\WINDOWS\system32\DRIVERS\SWDUMon.sys
18:21:20.0906 3152 SWDUMon - ok
18:21:20.0921 3152 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:21:21.0015 3152 swenum - ok
18:21:21.0078 3152 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:21:21.0171 3152 swmidi - ok
18:21:21.0187 3152 SwPrv - ok
18:21:21.0187 3152 symc810 - ok
18:21:21.0187 3152 symc8xx - ok
18:21:21.0187 3152 sym_hi - ok
18:21:21.0187 3152 sym_u3 - ok
18:21:21.0296 3152 SynTP (dc1e7ee0a6494cd79d624bd8d5da8bfb) C:\WINDOWS\system32\DRIVERS\SynTP.sys
18:21:21.0390 3152 SynTP - ok
18:21:21.0468 3152 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:21:21.0562 3152 sysaudio - ok
18:21:21.0593 3152 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
18:21:21.0734 3152 SysmonLog - ok
18:21:21.0921 3152 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
18:21:22.0031 3152 TapiSrv - ok
18:21:22.0109 3152 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:21:22.0156 3152 Tcpip - ok
18:21:22.0187 3152 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:21:22.0296 3152 TDPIPE - ok
18:21:22.0328 3152 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:21:22.0421 3152 TDTCP - ok
18:21:22.0453 3152 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:21:22.0546 3152 TermDD - ok
18:21:22.0671 3152 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
18:21:22.0781 3152 TermService - ok
18:21:22.0843 3152 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:21:22.0859 3152 Themes - ok
18:21:22.0859 3152 TosIde - ok
18:21:22.0890 3152 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
18:21:22.0984 3152 TrkWks - ok
18:21:23.0250 3152 TuneUp.UtilitiesSvc (67f888f5379cffca30878c8a57adf156) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
18:21:23.0328 3152 TuneUp.UtilitiesSvc - ok
18:21:23.0359 3152 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys
18:21:23.0375 3152 TuneUpUtilitiesDrv - ok
18:21:23.0515 3152 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:21:23.0609 3152 Udfs - ok
18:21:23.0625 3152 ultra - ok
18:21:23.0671 3152 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:21:23.0781 3152 Update - ok
18:21:23.0812 3152 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
18:21:23.0921 3152 upnphost - ok
18:21:23.0937 3152 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
18:21:24.0046 3152 UPS - ok
18:21:24.0078 3152 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:21:24.0171 3152 usbccgp - ok
18:21:24.0187 3152 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:21:24.0281 3152 usbehci - ok
18:21:24.0296 3152 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:21:24.0375 3152 usbhub - ok
18:21:24.0421 3152 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:21:24.0531 3152 usbprint - ok
18:21:24.0593 3152 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:21:24.0687 3152 USBSTOR - ok
18:21:24.0718 3152 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:21:24.0796 3152 usbuhci - ok
18:21:24.0843 3152 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
18:21:24.0921 3152 usbvideo - ok
18:21:24.0968 3152 UxTuneUp (9d63197622b667e3c898b89adfc8fbec) C:\WINDOWS\System32\uxtuneup.dll
18:21:24.0984 3152 UxTuneUp - ok
18:21:25.0000 3152 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:21:25.0093 3152 VgaSave - ok
18:21:25.0093 3152 ViaIde - ok
18:21:25.0109 3152 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:21:25.0203 3152 VolSnap - ok
18:21:25.0265 3152 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
18:21:25.0359 3152 VSS - ok
18:21:25.0406 3152 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
18:21:25.0500 3152 W32Time - ok
18:21:25.0562 3152 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:21:25.0656 3152 Wanarp - ok
18:21:25.0687 3152 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
18:21:25.0718 3152 WDC_SAM - ok
18:21:25.0796 3152 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
18:21:25.0828 3152 Wdf01000 - ok
18:21:25.0828 3152 WDICA - ok
18:21:25.0875 3152 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:21:25.0968 3152 wdmaud - ok
18:21:26.0015 3152 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
18:21:26.0093 3152 WebClient - ok
18:21:26.0109 3152 winachsf - ok
18:21:26.0218 3152 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
18:21:26.0312 3152 winmgmt - ok
18:21:26.0562 3152 wlidsvc (d9250b31b353ee3322c1cad411997e38) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:21:26.0687 3152 wlidsvc - ok
18:21:26.0812 3152 wltrysvc - ok
18:21:26.0859 3152 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
18:21:26.0890 3152 WmdmPmSN - ok
18:21:26.0953 3152 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
18:21:27.0046 3152 WmiAcpi - ok
18:21:27.0078 3152 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:21:27.0187 3152 WmiApSrv - ok
18:21:27.0375 3152 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
18:21:27.0515 3152 WMPNetworkSvc - ok
18:21:27.0562 3152 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:21:27.0640 3152 WS2IFSL - ok
18:21:27.0703 3152 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
18:21:27.0812 3152 wscsvc - ok
18:21:27.0812 3152 WSearch - ok
18:21:27.0843 3152 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:21:27.0953 3152 WSTCODEC - ok
18:21:27.0984 3152 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
18:21:28.0078 3152 wuauserv - ok
18:21:28.0109 3152 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:21:28.0171 3152 WudfPf - ok
18:21:28.0203 3152 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:21:28.0234 3152 WudfRd - ok
18:21:28.0265 3152 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
18:21:28.0312 3152 WudfSvc - ok
18:21:28.0390 3152 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
18:21:28.0531 3152 WZCSVC - ok
18:21:28.0546 3152 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
18:21:28.0671 3152 xmlprov - ok
18:21:28.0703 3152 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:21:28.0734 3152 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected
18:21:28.0734 3152 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)
18:21:28.0875 3152 Boot (0x1200) (6921abe33b957f04f0c5e1ecd8b18e6d) \Device\Harddisk0\DR0\Partition0
18:21:28.0875 3152 \Device\Harddisk0\DR0\Partition0 - ok
18:21:28.0875 3152 ============================================================
18:21:28.0875 3152 Scan finished
18:21:28.0875 3152 ============================================================
18:21:28.0984 2452 Detected object count: 21
18:21:28.0984 2452 Actual detected object count: 21
18:22:45.0812 2452 BTKRNL ( UnsignedFile.Multi.Generic ) - skipped by user
18:22:45.0812 2452 BTKRNL ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:22:45.0812 2452 BTSERIAL ( UnsignedFile.Multi.Generic ) - skipped by user
18:22:45.0812 2452 BTSERIAL ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:22:45.0812 2452 btwdins ( UnsignedFile.Multi.Generic ) - skipped by user
18:22:45.0812 2452 btwdins ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:22:45.0812 2452 BTWUSB ( UnsignedFile.Multi.Generic ) - skipped by user
18:22:45.0812 2452 BTWUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:22:45.0812 2452 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user
18:22:45.0812 2452 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:22:45.0812 2452 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
18:22:45.0812 2452 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:22:45.0812 2452 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
18:22:45.0812 2452 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:22:45.0828 2452 PuranDefrag ( UnsignedFile.Multi.Generic ) - skipped by user
18:22:45.0828 2452 PuranDefrag ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:22:45.0828 2452 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
18:22:45.0828 2452 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:22:45.0828 2452 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - skipped by user
18:22:45.0828 2452 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:22:45.0828 2452 QBFCService ( UnsignedFile.Multi.Generic ) - skipped by user
18:22:45.0828 2452 QBFCService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:22:45.0828 2452 QBVSS ( UnsignedFile.Multi.Generic ) - skipped by user
18:22:45.0828 2452 QBVSS ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:22:45.0828 2452 Roxio UPnP Renderer 9 ( UnsignedFile.Multi.Generic ) - skipped by user
18:22:45.0828 2452 Roxio UPnP Renderer 9 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:22:45.0828 2452 Roxio Upnp Server 9 ( UnsignedFile.Multi.Generic ) - skipped by user
18:22:45.0828 2452 Roxio Upnp Server 9 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:22:45.0843 2452 RoxLiveShare9 ( UnsignedFile.Multi.Generic ) - skipped by user
18:22:45.0843 2452 RoxLiveShare9 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:22:45.0843 2452 RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - skipped by user
18:22:45.0843 2452 RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:22:45.0843 2452 RoxWatch9 ( UnsignedFile.Multi.Generic ) - skipped by user
18:22:45.0843 2452 RoxWatch9 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:22:45.0843 2452 RT73 ( UnsignedFile.Multi.Generic ) - skipped by user
18:22:45.0843 2452 RT73 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:22:45.0843 2452 RxFilter ( UnsignedFile.Multi.Generic ) - skipped by user
18:22:45.0843 2452 RxFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:22:45.0843 2452 stllssvr ( UnsignedFile.Multi.Generic ) - skipped by user
18:22:45.0843 2452 stllssvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:22:46.0734 2452 \Device\Harddisk0\DR0\# - copied to quarantine
18:22:46.0750 2452 \Device\Harddisk0\DR0 - copied to quarantine
18:22:46.0765 2452 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - will be cured on reboot
18:22:46.0828 2452 \Device\Harddisk0\DR0 - ok
18:22:46.0828 2452 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Cure
18:22:55.0250 2424 Deinitialize success

[JKB6125]

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.21.12

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Jerry :: JERRYSLAPTOP [administrator]

7/21/2012 6:49:02 PM
mbam-log-2012-07-21 (18-49-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 238048
Time elapsed: 5 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\WINDOWS\Installer\{67e30eeb-d034-4d64-eba4-b9249eaa45f1}\n (Trojan.Agent.BVXGen) -> Quarantined and deleted successfully.

(end)

[CompCav]

Step 1.

Run ESET Online Scan

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on:

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the following instructions work with either Internet Explorer or Mozilla FireFox.

• Select the option YES, I accept the Terms of Use then click on:
• When prompted allow Add-On/Active X to install.
• Make sure that the option Scan archives is checked.
• Now click on Advanced Settings and select the following:
  
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Now click on:
• The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically. The scan may take several hours.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• When completed select Uninstall application on close, make sure you copy the logfile first!
• Now click on:
• Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
• Copy and paste that log as a reply to this topic.

Step 2.

Security Check
Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Step 3.

Please post:


eset log
security check log

Please give me an update on how your computer is doing!

[JKB6125]

Results of screen317's Security Check version 0.99.43
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
McAfee Total Protection
McAfee Security Scan Plus
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
TuneUp Utilities 2012
TuneUp Utilities Language Pack (en-US)
CCleaner
Java™ 7 Update 1
Java version out of Date!
Adobe Flash Player 11.3.300.265
Adobe Reader X (10.1.3)
Mozilla Firefox 8.0 Firefox out of Date!
Google Chrome 20.0.1132.47
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 1%
````````````````````End of Log``````````````````````

[CompCav]

Step 1.

Clear the Java Cache by following the instructions here




Step 2.

Update Java

Please download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

[JKB6125]

Hi:

Malwarebytes foud 4 viruses and deleted them. Here is the log file in case you want to review it. Thanks!

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.22.11

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Jerry :: JERRYSLAPTOP [administrator]

7/22/2012 8:00:56 PM
mbam-log-2012-07-22 (20-00-56).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 320686
Time elapsed: 1 hour(s), 24 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
c:\documents and settings\jerry\desktop\rk_quarantine\036dff86004e365406391b3f7b07d329.exe.vir (Trojan.LameShield) -> Quarantined and deleted successfully.
c:\qoobox\quarantine\c\documents and settings\all users\application data\036dff86004e365406391b3f7b07d329\036dff86004e365406391b3f7b07d329.exe.vir (Trojan.LameShield) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8f8a4fa4-ba9a-47ae-ba9e-29366a4d9355}\rp433\a0123057.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\07212012_162212\C_Documents and Settings\Jerry\Local Settings\Application Data\{67e30eeb-d034-4d64-eba4-b9249eaa45f1}\n (Trojan.Agent.BVXGen) -> Quarantined and deleted successfully.

(end)

[CompCav]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.