Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Still Quirky after removing XP Antivirus 2012 [Closed]

Started by idrawstuff , Dec 29 2011 10:21 AM

  • This topic is locked This topic is locked

#1
idrawstuff
Posted 29 December 2011 - 10:21 AM

idrawstuff

    Member

  • Member
  • PipPip
  • 72 posts
Good Morning,

Last night I got hit with the XP Antivirus 2012 bug. I had to run FixNCR to be able to use .exe files, then I ran rKill to stop the processes. I ran TDSS Killer, which didn't find anything. Then I downloaded, updated and ran two full scans with MBAM - one in regular mode (which cleaned 6 files) and again in Safe Mode (which found nothing).

Just hoping someone could double check my OTL log and tell me if it looks clean. I can't help but notice that my computer is still running slow, and that a fan in my laptop stays on constantly now. I ran this in Safe Mode, where the quirks are also appearing:

OTL logfile created on: 12/29/2011 8:11:21 AM - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\mike.DTB\Desktop\New Folder (3)
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.56 Gb Available Physical Memory | 85.49% Memory free
4.84 Gb Paging File | 4.66 Gb Available in Paging File | 96.19% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 223.29 Gb Total Space | 118.09 Gb Free Space | 52.89% Space Free | Partition Type: NTFS
Drive E: | 9.59 Gb Total Space | 9.33 Gb Free Space | 97.33% Space Free | Partition Type: NTFS
Drive P: | 224.57 Gb Total Space | 98.62 Gb Free Space | 43.92% Space Free | Partition Type: NTFS
Drive R: | 224.57 Gb Total Space | 98.62 Gb Free Space | 43.92% Space Free | Partition Type: NTFS
Drive S: | 224.57 Gb Total Space | 98.62 Gb Free Space | 43.92% Space Free | Partition Type: NTFS
Drive Z: | 931.51 Gb Total Space | 931.15 Gb Free Space | 99.96% Space Free | Partition Type: NTFS

Computer Name: MIKE-LT | User Name: mike | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/29 08:09:45 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mike.DTB\Desktop\New Folder (3)\OTL.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (FirebirdServerDefaultInstance)
SRV - [2011/04/22 04:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2008/10/24 06:16:13 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/02/12 19:43:55 | 000,155,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\imapihp.exe -- (ImapiService)
SRV - [2007/11/06 12:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2007/10/23 20:00:54 | 000,065,536 | ---- | M] (Sage Software, Inc.) [Auto | Stopped] -- C:\Program Files\ACT\Act for Windows\Act.Scheduler.exe -- (ACT! Scheduler)
SRV - [2007/06/08 09:06:42 | 000,172,131 | R--- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\WINDOWS\system32\flcdlock.exe -- (FLCDLOCK)
SRV - [2007/04/12 10:56:14 | 000,178,752 | ---- | M] (Protexis Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\Protexis\License Service\PSIService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/11/30 07:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2006/11/30 07:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2006/11/17 12:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/10/05 05:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - [2011/03/14 16:30:51 | 000,021,376 | ---- | M] (Dev47Apps) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\droidcam.sys -- (DroidCam)
DRV - [2010/05/10 10:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 10:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/03/20 18:03:36 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2008/07/07 11:23:56 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2008/06/02 15:28:50 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2008/05/09 10:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2008/05/09 10:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2008/05/09 10:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2008/05/08 06:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/13 23:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 23:09:46 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2008/02/29 03:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/02/29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/11/06 12:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/07/21 13:02:46 | 002,363,904 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/06/28 06:11:36 | 002,208,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/06/18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/06/08 08:49:46 | 000,030,008 | R--- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DAMDrv.sys -- (DAMDrv)
DRV - [2007/02/14 06:21:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007/02/14 06:21:00 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2007/02/14 06:20:58 | 000,868,298 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/02/14 06:20:58 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007/02/14 06:20:58 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/02/14 06:20:56 | 000,530,861 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/11/30 07:50:00 | 000,168,776 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2006/11/30 07:50:00 | 000,072,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2006/11/30 07:50:00 | 000,064,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2006/11/30 07:50:00 | 000,052,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2006/11/30 07:50:00 | 000,034,152 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2006/11/30 07:50:00 | 000,031,944 | ---- | M] (McAfee, Inc.) [Kernel | System | Stopped] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - [2006/11/28 08:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 06:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/06/28 09:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2001/08/17 12:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...-1&q=&sa=Search
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.c...?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co...en&source=mpes"
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://www.google.co...com/search?&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\mike\Application Data\Move Networks\plugins\npqmp071505000011.dll File not found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\mike\Application Data\Move Networks\plugins\npqmp071505000011.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\mike.DTB\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\mike.DTB\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\mike.DTB\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\mike.DTB\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.7.1: C:\Documents and Settings\mike\Local Settings\Application Data\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/22 08:35:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/28 20:23:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\mike\Application Data\Move Networks

[2009/01/20 19:05:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mike.DTB\Application Data\Mozilla\Extensions
[2009/01/20 19:05:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mike.DTB\Application Data\Mozilla\Extensions\[email protected]
[2011/12/22 09:23:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mike.DTB\Application Data\Mozilla\Firefox\Profiles\6g126bdx.default\extensions
[2010/09/10 07:12:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\mike.DTB\Application Data\Mozilla\Firefox\Profiles\6g126bdx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/22 09:23:20 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\mike.DTB\Application Data\Mozilla\Firefox\Profiles\6g126bdx.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2009/03/15 21:09:10 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Application Data\Mozilla\Firefox\Profiles\6g126bdx.default\searchplugins\live-search.xml
[2011/11/22 08:35:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/18 18:08:10 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/11/22 08:35:41 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/09/29 19:14:32 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll
[2008/09/15 11:52:06 | 000,376,832 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
[2011/08/22 13:37:23 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/22 08:35:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Pando Web Installer (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Snapfish Plugin for Firefox (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Documents and Settings\mike.DTB\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: TinEye Reverse Image Search = C:\Documents and Settings\mike.DTB\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl\1.1.1_0\
CHR - Extension: Poppit = C:\Documents and Settings\mike.DTB\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2011/05/24 21:42:41 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Act! Preloader] C:\Program Files\ACT\Act for Windows\ActSage.exe (Sage Software, Inc.)
O4 - HKLM..\Run: [Act.Outlook.Service] C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe (Sage Software, Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Fishbowl Client.lnk = C:\Program Files\Fishbowl\client\bin\Fishbowl Client.exe (Fishbowl Inventory)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} http://h50203.www5.h...SWebManager.CAB (Hewlett-Packard Printer Diagnostics)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgre...eensActivia.cab (Snapfish Activia)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {526A6151-EC5A-4989-9E67-17AC82882E33} http://weatherguard...._downloader.cab (WEATHER GUARD Vehicle Solutions Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1229627490044 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} http://longsdrugs.di...ploadClient.cab (FujifilmUploader Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://www.cvsphoto....veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} https://evalue.inter...nloads/Acgm.cab (ActiveCGM Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.16
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = DTB.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E84A911A-1C88-44AE-AA3A-510F6527B2DE}: DhcpNameServer = 192.168.0.16
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\SYSTEM32\Userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\WINDOWS\System32\DeviceNP.dll (Hewlett-Packard Limited)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\mike.DTB\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\mike.DTB\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/28 18:32:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mike.DTB\Desktop\New Folder (3)
[2011/12/27 17:02:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mike.DTB\Desktop\Oxy Compressor Parts
[2011/12/24 16:47:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mike.DTB\Local Settings\Application Data\Spotify
[2011/12/24 16:47:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mike.DTB\Application Data\Spotify
[2011/12/24 13:02:48 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2011/12/24 13:01:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mike.DTB\Application Data\uTorrent
[2011/12/21 12:43:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mike.DTB\Desktop\New Folder (2)
[2011/12/20 11:31:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mike.DTB\Desktop\New Folder
[2011/12/01 13:53:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iReport
[2011/12/01 13:52:22 | 000,000,000 | ---D | C] -- C:\Program Files\iReport
[2011/12/01 13:49:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Fishbowl

========== Files - Modified Within 30 Days ==========

[2011/12/28 21:04:36 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/28 21:03:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/28 20:40:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3893164400-1400575853-3742060346-1135UA.job
[2011/12/28 20:33:34 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/12/28 20:30:48 | 000,000,952 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2011/12/28 20:30:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/28 20:28:05 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/28 18:23:50 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/28 18:18:12 | 000,015,856 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1cjay38nrdh78d7o0fwcaug537503p070l07ly
[2011/12/28 18:18:11 | 000,015,856 | -HS- | M] () -- C:\Documents and Settings\mike.DTB\Local Settings\Application Data\1cjay38nrdh78d7o0fwcaug537503p070l07ly
[2011/12/28 12:02:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/12/25 15:08:49 | 000,092,672 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/22 12:48:29 | 000,112,777 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Desktop\WELD_17944 Layout1 (2) (1).pdf
[2011/12/22 08:23:35 | 000,028,174 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Desktop\Domain Names, Web Hosting and Online Marketing Services _ Network Solutions.pdf
[2011/12/20 15:38:10 | 013,503,743 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Desktop\2008Catalog.pdf
[2011/12/20 11:02:52 | 000,535,530 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Desktop\GCUSTOM_HAWAII.pdf
[2011/12/20 10:55:45 | 000,271,042 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Desktop\GCUSTOM_HAWAII Layout2 (2) (1).pdf
[2011/12/20 10:39:59 | 000,271,640 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Desktop\GCUSTOM_HAWAII Layout2 (1).pdf
[2011/12/19 14:18:05 | 000,049,251 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Desktop\WAX1.JPG
[2011/12/19 13:21:10 | 002,820,048 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Desktop\FED-STD-297E.PDF
[2011/12/19 13:14:25 | 006,913,121 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Desktop\od_tb43_0213_rustproofing.pdf
[2011/12/19 13:10:29 | 000,545,768 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Desktop\MIL-T-83808.pdf
[2011/12/16 18:43:21 | 000,030,174 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Desktop\GCUSTOM_HAWAII Model (1).pdf
[2011/12/16 15:53:21 | 000,503,140 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/16 15:53:21 | 000,093,662 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/15 11:29:23 | 000,000,663 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Desktop\Shortcut to Hawaii.lnk
[2011/12/12 21:40:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3893164400-1400575853-3742060346-1135Core.job
[2011/12/12 19:00:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/01 13:49:17 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Fishbowl Client.lnk
[2011/12/01 13:49:17 | 000,001,786 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Fishbowl Client.lnk

========== Files Created - No Company Name ==========

[2011/12/28 20:33:34 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/12/28 18:23:50 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/28 17:30:37 | 000,015,856 | -HS- | C] () -- C:\Documents and Settings\mike.DTB\Local Settings\Application Data\1cjay38nrdh78d7o0fwcaug537503p070l07ly
[2011/12/28 17:30:37 | 000,015,856 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1cjay38nrdh78d7o0fwcaug537503p070l07ly
[2011/12/24 16:47:40 | 000,001,885 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Start Menu\Programs\Spotify.lnk
[2011/12/22 12:48:29 | 000,112,777 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\WELD_17944 Layout1 (2) (1).pdf
[2011/12/22 08:23:35 | 000,028,174 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\Domain Names, Web Hosting and Online Marketing Services _ Network Solutions.pdf
[2011/12/20 15:37:49 | 013,503,743 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\2008Catalog.pdf
[2011/12/20 10:55:55 | 000,535,530 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\GCUSTOM_HAWAII.pdf
[2011/12/20 10:39:59 | 000,271,640 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\GCUSTOM_HAWAII Layout2 (1).pdf
[2011/12/20 10:39:55 | 000,271,042 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\GCUSTOM_HAWAII Layout2 (2) (1).pdf
[2011/12/19 14:18:04 | 000,049,251 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\WAX1.JPG
[2011/12/19 13:21:10 | 002,820,048 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\FED-STD-297E.PDF
[2011/12/19 13:14:04 | 006,913,121 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\od_tb43_0213_rustproofing.pdf
[2011/12/19 13:10:26 | 000,545,768 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\MIL-T-83808.pdf
[2011/12/16 18:43:21 | 000,030,174 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\GCUSTOM_HAWAII Model (1).pdf
[2011/12/15 11:29:23 | 000,000,663 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\Shortcut to Hawaii.lnk
[2011/12/01 13:49:17 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Fishbowl Client.lnk
[2011/12/01 13:49:17 | 000,001,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Fishbowl Client.lnk
[2011/11/01 15:59:35 | 000,371,256 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/03/14 16:46:16 | 000,000,027 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\droidcam-settings
[2011/03/03 16:30:40 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/06/16 00:13:37 | 000,000,075 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/03/19 06:32:51 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/09/20 17:55:39 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/09/20 17:55:39 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/01 07:03:24 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Application Data\setup_ldm.iss
[2009/01/25 14:07:31 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Static Library
[2009/01/25 14:07:31 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\mike.DTB\Application Data\Sports
[2009/01/25 14:07:30 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2008/11/25 13:36:26 | 000,092,672 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/21 17:31:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/10/17 12:50:44 | 000,000,952 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2008/10/17 12:50:44 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\4D0C8ED9CB.sys
[2008/10/16 14:52:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/10/16 12:17:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mtstack.INI
[2008/10/16 12:07:47 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\MTSTACK.EXE
[2008/10/15 10:05:25 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2008/10/15 00:01:00 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/10/15 00:01:00 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/10/15 00:01:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/10/15 00:01:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/10/15 00:01:00 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/10/15 00:01:00 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/02/12 19:19:33 | 000,028,510 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/02/12 19:19:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2008/01/14 16:55:22 | 000,571,320 | ---- | C] () -- C:\WINDOWS\HPISExe.dat
[2008/01/14 16:54:04 | 000,099,712 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
[2007/11/06 12:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/07/21 12:33:32 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2007/07/21 12:33:32 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2007/07/21 12:33:32 | 000,972,072 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2007/06/12 04:30:04 | 000,151,367 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2007/06/08 09:05:38 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\flcdlmsg.dll
[2007/02/06 14:20:00 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/02/06 13:55:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2004/08/07 05:19:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/07 05:19:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 05:14:52 | 000,503,140 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/07 05:14:52 | 000,093,662 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/07 05:12:40 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 05:07:40 | 000,468,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/07 05:02:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/07 04:59:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 00:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 00:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 00:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 00:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 00:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 00:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 00:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 00:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/28 00:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 00:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/11/14 11:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2008/10/17 12:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACT
[2010/06/24 07:29:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2011/09/20 07:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2008/11/12 08:11:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/01/25 14:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2009/04/30 09:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009/01/25 14:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2009/09/29 19:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/01/25 14:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\System Image Utility
[2010/07/30 11:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/01/20 19:06:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/01/25 14:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2009/10/18 19:22:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\winLAME
[2010/04/03 14:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/06/20 16:17:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/10/17 12:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\ACT
[2011/04/05 13:16:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\Add-in Express
[2011/09/20 07:27:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\Autodesk
[2011/08/10 16:13:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\CompanionLink
[2010/03/03 18:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\EuroTalk
[2011/05/11 20:26:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\gtk-2.0
[2009/06/14 08:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\InterVideo
[2008/10/17 12:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\IsolatedStorage
[2009/04/08 21:19:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\Mp3tag
[2009/01/25 16:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\Nikon
[2008/02/12 19:31:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\SampleView
[2008/12/24 19:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\Snapfish
[2011/12/27 08:17:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\Spotify
[2009/01/20 19:04:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\TomTom
[2011/12/24 18:41:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\uTorrent

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E7393FC
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C895616B

< End of report >

Thanks!

======================================================================

EDIT: It looks like I'm having intermittent problems restarting as well - the computer will hang on the "Saving your Settings" portion of the shut down. Running XP Pro, btw.

Edited by idrawstuff, 29 December 2011 - 03:36 PM.

  • 0

Advertisements

#2
maliprog
Posted 04 January 2012 - 12:49 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello idrawstuff and welcome to my office here at G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/12/28 18:18:12 | 000,015,856 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1cjay38nrdh78d7o0fwcaug537503p070l07ly
    [2011/12/28 18:18:11 | 000,015,856 | -HS- | M] () -- C:\Documents and Settings\mike.DTB\Local Settings\Application Data\1cjay38nrdh78d7o0fwcaug537503p070l07ly

    :Files
    C:\Documents and Settings\All Users\Application Data\1cjay38nrdh78d7o0fwcaug537503p070l07ly
    C:\Documents and Settings\mike.DTB\Local Settings\Application Data\1cjay38nrdh78d7o0fwcaug537503p070l07ly
    ipconfig /flushdns /c

    :Commands
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Step 3

Please don't forget to include these items in your reply:

  • OTL fix log
  • GMER log
It would be helpful if you could post each log in separate post
  • 0

#3
idrawstuff
Posted 04 January 2012 - 01:55 PM

idrawstuff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Here's the OTL Log - I'm running GMER next.

========== OTL ==========
C:\Documents and Settings\All Users\Application Data\1cjay38nrdh78d7o0fwcaug537503p070l07ly moved successfully.
C:\Documents and Settings\mike.DTB\Local Settings\Application Data\1cjay38nrdh78d7o0fwcaug537503p070l07ly moved successfully.
========== FILES ==========
File\Folder C:\Documents and Settings\All Users\Application Data\1cjay38nrdh78d7o0fwcaug537503p070l07ly not found.
File\Folder C:\Documents and Settings\mike.DTB\Local Settings\Application Data\1cjay38nrdh78d7o0fwcaug537503p070l07ly not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\mike.DTB\Desktop\2011-12 Virus\cmd.bat deleted successfully.
C:\Documents and Settings\mike.DTB\Desktop\2011-12 Virus\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.31.0 log created on 01042012_114612





EDIT: The GMER scan took longer than expected, and I had to get back to work. I'll run the GMER scan overnight and post the results in the morning.

Edited by idrawstuff, 04 January 2012 - 04:56 PM.

  • 0

#4
idrawstuff
Posted 06 January 2012 - 10:24 AM

idrawstuff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Sorry, I accidentally hit "Okay" instead of "Copy" yesterday morning and GMER closed down :-P Ran it again last night - here's the GMER log; I couldn't run it in safe mode (it would hang) so I ran it in regular mode and disabled my spyware and virus scanner:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-06 08:00:36
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.BBFO
Running: md022u3r.exe; Driver: C:\DOCUME~1\mike.DTB\LOCALS~1\Temp\kwldypow.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xB5C902DB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xB5C902EF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB5C9031B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xB5C902C7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xB5C90305]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xB5C90331]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB5C90347]

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwTerminateProcess 805D29E2 5 Bytes JMP B5C9034B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 80622662 7 Bytes JMP B5C90335 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 80623B12 7 Bytes JMP B5C90309 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 806240F0 5 Bytes JMP B5C902DF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 8062458C 7 Bytes JMP B5C902F3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 8062475C 7 Bytes JMP B5C9031F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 806254CE 5 Bytes JMP B5C902CB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs bihomimo.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1

---- EOF - GMER 1.0.15 ----

Edited by idrawstuff, 06 January 2012 - 10:33 AM.

  • 0

#5
maliprog
Posted 06 January 2012 - 03:02 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Good job. Let's continue.

Step 1

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post aswMBR.txt in your next reply
  • Also, ZIP MBR.dat it creates and attach it to your next reply
Step 2


Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" should be Cure
    • (If suspicious file is detected please click on it and change it to Skip).
  • Click Continue button
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

Step 3

Please don't forget to include these items in your reply:

  • aswMBR log
  • TDSSKiller log
It would be helpful if you could post each log in separate post
  • 0

#6
idrawstuff
Posted 06 January 2012 - 03:04 PM

idrawstuff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Quick question: should I be doing this in safe mode, or is standard mode okay? And do I need to disconnect from the internet or re-disable my virus scanners while I'm doing this?
  • 0

#7
maliprog
Posted 06 January 2012 - 03:19 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
You can do this in standard mode and you don't need to disable antivirus software for this.
  • 0

#8
idrawstuff
Posted 06 January 2012 - 04:00 PM

idrawstuff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-06 13:24:28
-----------------------------
13:24:28.125 OS Version: Windows 5.1.2600 Service Pack 3
13:24:28.125 Number of processors: 2 586 0xF0D
13:24:28.125 ComputerName: MIKE-LT UserName: mike
13:24:28.718 Initialze error 0
13:29:44.578 AVAST engine defs: 12010601
13:52:46.171 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
13:52:46.171 Disk 0 Vendor: Hitachi_ BBFO Size: 238475MB BusType: 3
13:52:46.203 Disk 0 MBR read successfully
13:52:46.218 Disk 0 MBR scan
13:52:46.296 Disk 0 unknown MBR code
13:52:46.296 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 228651 MB offset 63
13:52:46.359 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 9820 MB offset 468278685
13:52:46.390 Disk 0 scanning sectors +488392065
13:52:46.421 Disk 0 scanning C:\WINDOWS\system32\drivers
13:52:46.437 Service scanning
13:52:47.234 Modules scanning
13:52:48.937 Disk 0 trace - called modules:
13:52:48.953 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
13:52:48.968 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8acdfab8]
13:52:48.984 3 CLASSPNP.SYS[f74e7fd7] -> nt!IofCallDriver -> \Device\0000009c[0x8adbaa00]
13:52:49.000 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8acda030]
13:52:49.062 AVAST engine scan C:\WINDOWS
13:52:49.125 AVAST engine scan C:\WINDOWS\system32
13:52:49.203 AVAST engine scan C:\WINDOWS\system32\drivers
13:52:49.265 AVAST engine scan C:\Documents and Settings\mike.DTB
13:52:49.328 AVAST engine scan C:\Documents and Settings\All Users
13:52:49.343 Scan finished successfully
13:52:54.718 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\mike.DTB\Desktop\2011-12 Virus\MBR.dat"
13:52:54.750 The log file has been saved successfully to "C:\Documents and Settings\mike.DTB\Desktop\2011-12 Virus\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   575bytes   88 downloads

  • 0

#9
idrawstuff
Posted 06 January 2012 - 04:02 PM

idrawstuff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
13:55:24.0218 5328 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
13:55:24.0750 5328 ============================================================
13:55:24.0750 5328 Current date / time: 2012/01/06 13:55:24.0750
13:55:24.0750 5328 SystemInfo:
13:55:24.0750 5328
13:55:24.0750 5328 OS Version: 5.1.2600 ServicePack: 3.0
13:55:24.0750 5328 Product type: Workstation
13:55:24.0750 5328 ComputerName: MIKE-LT
13:55:24.0750 5328 UserName: mike
13:55:24.0750 5328 Windows directory: C:\WINDOWS
13:55:24.0750 5328 System windows directory: C:\WINDOWS
13:55:24.0750 5328 Processor architecture: Intel x86
13:55:24.0750 5328 Number of processors: 2
13:55:24.0750 5328 Page size: 0x1000
13:55:24.0750 5328 Boot type: Normal boot
13:55:24.0750 5328 ============================================================
13:55:25.0343 5328 Initialize success
13:55:47.0953 5968 ============================================================
13:55:47.0953 5968 Scan started
13:55:47.0953 5968 Mode: Manual;
13:55:47.0953 5968 ============================================================
13:55:48.0781 5968 Abiosdsk - ok
13:55:48.0796 5968 abp480n5 - ok
13:55:48.0843 5968 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:55:48.0843 5968 ACPI - ok
13:55:48.0859 5968 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
13:55:48.0859 5968 ACPIEC - ok
13:55:48.0921 5968 ADIHdAudAddService (7356eff52ad50b8946d346002118ce62) C:\WINDOWS\system32\drivers\ADIHdAud.sys
13:55:48.0921 5968 ADIHdAudAddService - ok
13:55:48.0937 5968 adpu160m - ok
13:55:48.0937 5968 AEAudio (fff87a9b1ab36ee4b7bec98a4cb01b79) C:\WINDOWS\system32\drivers\AEAudio.sys
13:55:48.0953 5968 AEAudio - ok
13:55:48.0984 5968 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:55:48.0984 5968 aec - ok
13:55:49.0031 5968 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
13:55:49.0031 5968 AFD - ok
13:55:49.0218 5968 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
13:55:49.0234 5968 AgereSoftModem - ok
13:55:49.0343 5968 Aha154x - ok
13:55:49.0359 5968 aic78u2 - ok
13:55:49.0359 5968 aic78xx - ok
13:55:49.0406 5968 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
13:55:49.0406 5968 AliIde - ok
13:55:49.0421 5968 amsint - ok
13:55:49.0484 5968 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:55:49.0484 5968 Arp1394 - ok
13:55:49.0500 5968 asc - ok
13:55:49.0500 5968 asc3350p - ok
13:55:49.0515 5968 asc3550 - ok
13:55:49.0562 5968 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:55:49.0562 5968 AsyncMac - ok
13:55:49.0578 5968 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:55:49.0578 5968 atapi - ok
13:55:49.0593 5968 Atdisk - ok
13:55:49.0718 5968 ati2mtag (b11e7e282eeb8d144b2f429fa0383c0a) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
13:55:49.0734 5968 ati2mtag - ok
13:55:49.0875 5968 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:55:49.0875 5968 Atmarpc - ok
13:55:49.0937 5968 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:55:49.0937 5968 audstub - ok
13:55:49.0953 5968 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:55:49.0953 5968 Beep - ok
13:55:50.0046 5968 btaudio (3aa4bf555c00c5b87fd48dd7bdbd4e97) C:\WINDOWS\system32\drivers\btaudio.sys
13:55:50.0046 5968 btaudio - ok
13:55:50.0171 5968 BTDriver (07f0a66cfa550b13ad0674ae09e3cba0) C:\WINDOWS\system32\DRIVERS\btport.sys
13:55:50.0171 5968 BTDriver - ok
13:55:50.0250 5968 BTKRNL (ba57f31eab93dc597d772f6f5b9ed54f) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
13:55:50.0250 5968 BTKRNL - ok
13:55:50.0406 5968 BTWDNDIS (b1d350f3f13cf340fce93912d2ba1ebf) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
13:55:50.0500 5968 BTWDNDIS - ok
13:55:50.0546 5968 btwmodem (e206ec370646e42dc862fd995869d31d) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
13:55:50.0593 5968 btwmodem - ok
13:55:50.0671 5968 BTWUSB (57e91e9925976bbc98984eebaaf1d84c) C:\WINDOWS\system32\Drivers\btwusb.sys
13:55:50.0734 5968 BTWUSB - ok
13:55:50.0875 5968 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:55:50.0875 5968 cbidf2k - ok
13:55:50.0906 5968 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:55:50.0921 5968 CCDECODE - ok
13:55:50.0921 5968 cd20xrnt - ok
13:55:50.0953 5968 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:55:50.0953 5968 Cdaudio - ok
13:55:51.0015 5968 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:55:51.0015 5968 Cdfs - ok
13:55:51.0156 5968 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:55:51.0156 5968 Cdrom - ok
13:55:51.0171 5968 Changer - ok
13:55:51.0203 5968 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
13:55:51.0203 5968 CmBatt - ok
13:55:51.0218 5968 CmdIde - ok
13:55:51.0234 5968 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
13:55:51.0234 5968 Compbatt - ok
13:55:51.0250 5968 Cpqarray - ok
13:55:51.0265 5968 dac2w2k - ok
13:55:51.0265 5968 dac960nt - ok
13:55:51.0328 5968 DAMDrv (5d5984255a4bfaa4262fb750df7cd537) C:\WINDOWS\system32\DRIVERS\DAMDrv.sys
13:55:51.0390 5968 DAMDrv - ok
13:55:51.0515 5968 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:55:51.0531 5968 Disk - ok
13:55:51.0609 5968 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:55:51.0625 5968 dmboot - ok
13:55:51.0765 5968 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:55:51.0781 5968 dmio - ok
13:55:51.0828 5968 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:55:51.0828 5968 dmload - ok
13:55:51.0875 5968 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:55:51.0875 5968 DMusic - ok
13:55:51.0890 5968 dpti2o - ok
13:55:52.0062 5968 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:55:52.0062 5968 drmkaud - ok
13:55:52.0171 5968 DroidCam (6b2217af067d2f4d04fa2ae0ffa7a3aa) C:\WINDOWS\system32\drivers\droidcam.sys
13:55:52.0265 5968 DroidCam - ok
13:55:52.0437 5968 e1express (ed91f1042071a36f54e7c430e130e4cd) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
13:55:52.0593 5968 e1express - ok
13:55:52.0687 5968 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:55:52.0703 5968 Fastfat - ok
13:55:52.0843 5968 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:55:52.0843 5968 Fdc - ok
13:55:52.0875 5968 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:55:52.0890 5968 Fips - ok
13:55:52.0937 5968 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:55:52.0937 5968 Flpydisk - ok
13:55:52.0984 5968 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:55:52.0984 5968 FltMgr - ok
13:55:53.0062 5968 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:55:53.0062 5968 Fs_Rec - ok
13:55:53.0187 5968 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:55:53.0187 5968 Ftdisk - ok
13:55:53.0218 5968 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
13:55:53.0281 5968 GEARAspiWDM - ok
13:55:53.0328 5968 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:55:53.0343 5968 Gpc - ok
13:55:53.0484 5968 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
13:55:53.0562 5968 HBtnKey - ok
13:55:53.0593 5968 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:55:53.0593 5968 HDAudBus - ok
13:55:53.0656 5968 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:55:53.0671 5968 HidUsb - ok
13:55:53.0781 5968 hpn - ok
13:55:53.0812 5968 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys
13:55:53.0875 5968 HpqKbFiltr - ok
13:55:53.0937 5968 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:55:53.0937 5968 HTTP - ok
13:55:54.0046 5968 i2omgmt - ok
13:55:54.0062 5968 i2omp - ok
13:55:54.0109 5968 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:55:54.0109 5968 i8042prt - ok
13:55:54.0187 5968 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\WINDOWS\system32\drivers\iaStor.sys
13:55:54.0187 5968 iaStor - ok
13:55:54.0218 5968 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:55:54.0218 5968 Imapi - ok
13:55:54.0343 5968 ini910u - ok
13:55:54.0359 5968 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
13:55:54.0375 5968 IntelIde - ok
13:55:54.0406 5968 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:55:54.0406 5968 intelppm - ok
13:55:54.0437 5968 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:55:54.0437 5968 Ip6Fw - ok
13:55:54.0468 5968 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:55:54.0468 5968 IpFilterDriver - ok
13:55:54.0500 5968 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:55:54.0500 5968 IpInIp - ok
13:55:54.0640 5968 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:55:54.0640 5968 IpNat - ok
13:55:54.0671 5968 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:55:54.0671 5968 IPSec - ok
13:55:54.0703 5968 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:55:54.0703 5968 IRENUM - ok
13:55:54.0734 5968 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:55:54.0734 5968 isapnp - ok
13:55:54.0765 5968 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:55:54.0781 5968 Kbdclass - ok
13:55:54.0906 5968 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:55:54.0921 5968 kbdhid - ok
13:55:54.0937 5968 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:55:54.0953 5968 kmixer - ok
13:55:55.0015 5968 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:55:55.0015 5968 KSecDD - ok
13:55:55.0031 5968 lbrtfdc - ok
13:55:55.0078 5968 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
13:55:55.0125 5968 LHidFilt - ok
13:55:55.0234 5968 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
13:55:55.0296 5968 LMouFilt - ok
13:55:55.0343 5968 LUsbFilt (144011d14bd35f4e36136ae057b1aadd) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
13:55:55.0406 5968 LUsbFilt - ok
13:55:55.0421 5968 MBAMSwissArmy - ok
13:55:55.0468 5968 mfeapfk (1f334eb2a13816df45671ebb98896da7) C:\WINDOWS\system32\drivers\mfeapfk.sys
13:55:55.0468 5968 mfeapfk - ok
13:55:55.0625 5968 mfeavfk (8a1dedbbdad33587f6fad780ce4b34b5) C:\WINDOWS\system32\drivers\mfeavfk.sys
13:55:55.0625 5968 mfeavfk - ok
13:55:55.0656 5968 mfebopk (d800e31a019a6979698eef0507baa746) C:\WINDOWS\system32\drivers\mfebopk.sys
13:55:55.0671 5968 mfebopk - ok
13:55:55.0687 5968 mfehidk (0ae14fab8e25c258c6ebf3827c649273) C:\WINDOWS\system32\drivers\mfehidk.sys
13:55:55.0703 5968 mfehidk - ok
13:55:55.0796 5968 mferkdk (e72afc5056f6804c616e7dc32a38945f) C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys
13:55:55.0859 5968 mferkdk - ok
13:55:55.0984 5968 mfetdik (a47f0f63e92730de15d41624ab998c5c) C:\WINDOWS\system32\drivers\mfetdik.sys
13:55:56.0000 5968 mfetdik - ok
13:55:56.0062 5968 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:55:56.0062 5968 mnmdd - ok
13:55:56.0093 5968 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:55:56.0093 5968 Modem - ok
13:55:56.0125 5968 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:55:56.0125 5968 Mouclass - ok
13:55:56.0156 5968 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:55:56.0156 5968 mouhid - ok
13:55:56.0296 5968 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:55:56.0296 5968 MountMgr - ok
13:55:56.0359 5968 MQAC (70c14f5cca5cf73f8a645c73a01d8726) C:\WINDOWS\system32\drivers\mqac.sys
13:55:56.0359 5968 MQAC - ok
13:55:56.0375 5968 mraid35x - ok
13:55:56.0406 5968 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:55:56.0406 5968 MRxDAV - ok
13:55:56.0468 5968 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:55:56.0609 5968 MRxSmb - ok
13:55:56.0734 5968 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:55:56.0734 5968 Msfs - ok
13:55:56.0765 5968 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:55:56.0781 5968 MSKSSRV - ok
13:55:56.0796 5968 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:55:56.0796 5968 MSPCLOCK - ok
13:55:56.0812 5968 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:55:56.0828 5968 MSPQM - ok
13:55:56.0843 5968 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:55:56.0843 5968 mssmbios - ok
13:55:56.0890 5968 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
13:55:56.0890 5968 MSTEE - ok
13:55:57.0015 5968 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
13:55:57.0015 5968 Mup - ok
13:55:57.0062 5968 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:55:57.0062 5968 NABTSFEC - ok
13:55:57.0125 5968 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:55:57.0125 5968 NDIS - ok
13:55:57.0156 5968 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:55:57.0171 5968 NdisIP - ok
13:55:57.0296 5968 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:55:57.0296 5968 NdisTapi - ok
13:55:57.0312 5968 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:55:57.0328 5968 Ndisuio - ok
13:55:57.0328 5968 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:55:57.0343 5968 NdisWan - ok
13:55:57.0390 5968 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:55:57.0453 5968 NDProxy - ok
13:55:57.0484 5968 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:55:57.0484 5968 NetBIOS - ok
13:55:57.0625 5968 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:55:57.0625 5968 NetBT - ok
13:55:57.0765 5968 NETw4x32 (a9574f52e2fd5c1c1b4807a326e0488f) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
13:55:57.0828 5968 NETw4x32 - ok
13:55:57.0968 5968 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
13:55:57.0968 5968 NIC1394 - ok
13:55:58.0000 5968 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
13:55:58.0000 5968 nm - ok
13:55:58.0046 5968 NPF (6623e51595c0076755c29c00846c4eb2) C:\WINDOWS\system32\drivers\npf.sys
13:55:58.0093 5968 NPF - ok
13:55:58.0140 5968 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:55:58.0140 5968 Npfs - ok
13:55:58.0296 5968 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:55:58.0312 5968 Ntfs - ok
13:55:58.0406 5968 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:55:58.0406 5968 Null - ok
13:55:58.0484 5968 NWADI (0973c0c696780161f4526586d5eac422) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
13:55:58.0484 5968 NWADI - ok
13:55:58.0578 5968 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:55:58.0593 5968 NwlnkFlt - ok
13:55:58.0593 5968 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:55:58.0609 5968 NwlnkFwd - ok
13:55:58.0640 5968 NWUSBCDFIL (1fde5b2d61d97d803594df4b3bc28c4b) C:\WINDOWS\system32\DRIVERS\NwUsbCdFil.sys
13:55:58.0703 5968 NWUSBCDFIL - ok
13:55:58.0796 5968 NWUSBModem (65b471bb7e57c416a1e685ec07d4abfa) C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys
13:55:58.0859 5968 NWUSBModem - ok
13:55:58.0968 5968 NWUSBPort (65b471bb7e57c416a1e685ec07d4abfa) C:\WINDOWS\system32\DRIVERS\nwusbser.sys
13:55:59.0015 5968 NWUSBPort - ok
13:55:59.0046 5968 NWUSBPort2 (65b471bb7e57c416a1e685ec07d4abfa) C:\WINDOWS\system32\DRIVERS\nwusbser2.sys
13:55:59.0093 5968 NWUSBPort2 - ok
13:55:59.0140 5968 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:55:59.0140 5968 ohci1394 - ok
13:55:59.0218 5968 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
13:55:59.0234 5968 Parport - ok
13:55:59.0312 5968 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:55:59.0312 5968 PartMgr - ok
13:55:59.0343 5968 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:55:59.0343 5968 ParVdm - ok
13:55:59.0359 5968 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:55:59.0359 5968 PCI - ok
13:55:59.0375 5968 PCIDump - ok
13:55:59.0390 5968 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:55:59.0390 5968 PCIIde - ok
13:55:59.0406 5968 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
13:55:59.0406 5968 Pcmcia - ok
13:55:59.0421 5968 PDCOMP - ok
13:55:59.0421 5968 PDFRAME - ok
13:55:59.0437 5968 PDRELI - ok
13:55:59.0453 5968 PDRFRAME - ok
13:55:59.0453 5968 perc2 - ok
13:55:59.0468 5968 perc2hib - ok
13:55:59.0515 5968 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:55:59.0515 5968 PptpMiniport - ok
13:55:59.0546 5968 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:55:59.0546 5968 PSched - ok
13:55:59.0593 5968 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:55:59.0593 5968 Ptilink - ok
13:55:59.0640 5968 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:55:59.0640 5968 PxHelp20 - ok
13:55:59.0734 5968 ql1080 - ok
13:55:59.0734 5968 Ql10wnt - ok
13:55:59.0750 5968 ql12160 - ok
13:55:59.0765 5968 ql1240 - ok
13:55:59.0765 5968 ql1280 - ok
13:55:59.0812 5968 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:55:59.0812 5968 RasAcd - ok
13:55:59.0843 5968 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
13:55:59.0859 5968 Rasirda - ok
13:55:59.0937 5968 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:55:59.0937 5968 Rasl2tp - ok
13:55:59.0953 5968 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:55:59.0968 5968 RasPppoe - ok
13:55:59.0968 5968 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:55:59.0968 5968 Raspti - ok
13:56:00.0078 5968 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:56:00.0093 5968 Rdbss - ok
13:56:00.0140 5968 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:56:00.0156 5968 RDPCDD - ok
13:56:00.0250 5968 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:56:00.0250 5968 rdpdr - ok
13:56:00.0375 5968 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
13:56:00.0375 5968 RDPWD - ok
13:56:00.0406 5968 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:56:00.0406 5968 redbook - ok
13:56:00.0515 5968 RMCAST (96f7a9a7bf0c9c0440a967440065d33c) C:\WINDOWS\system32\drivers\RMCast.sys
13:56:00.0515 5968 RMCAST - ok
13:56:00.0609 5968 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
13:56:00.0671 5968 SASDIFSV - ok
13:56:00.0671 5968 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
13:56:00.0718 5968 SASKUTIL - ok
13:56:00.0812 5968 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:56:00.0828 5968 Secdrv - ok
13:56:00.0906 5968 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:56:00.0906 5968 serenum - ok
13:56:00.0937 5968 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
13:56:00.0937 5968 Serial - ok
13:56:00.0968 5968 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:56:00.0968 5968 Sfloppy - ok
13:56:00.0984 5968 Simbad - ok
13:56:01.0031 5968 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:56:01.0031 5968 SLIP - ok
13:56:01.0140 5968 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys
13:56:01.0203 5968 SMCIRDA - ok
13:56:01.0296 5968 SMSIVZAM5 (1e715247efffdda938c085913045d599) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS
13:56:01.0390 5968 SMSIVZAM5 - ok
13:56:01.0500 5968 Sparrow - ok
13:56:01.0546 5968 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:56:01.0546 5968 splitter - ok
13:56:01.0578 5968 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:56:01.0578 5968 sr - ok
13:56:01.0609 5968 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:56:01.0687 5968 Srv - ok
13:56:01.0812 5968 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:56:01.0828 5968 streamip - ok
13:56:01.0859 5968 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:56:01.0859 5968 swenum - ok
13:56:01.0890 5968 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:56:01.0890 5968 swmidi - ok
13:56:01.0906 5968 symc810 - ok
13:56:01.0921 5968 symc8xx - ok
13:56:01.0921 5968 sym_hi - ok
13:56:01.0937 5968 sym_u3 - ok
13:56:02.0000 5968 SynTP (6f9cff60129569ec39efc490f4bcde0e) C:\WINDOWS\system32\DRIVERS\SynTP.sys
13:56:02.0078 5968 SynTP - ok
13:56:02.0218 5968 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:56:02.0218 5968 sysaudio - ok
13:56:02.0296 5968 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:56:02.0296 5968 Tcpip - ok
13:56:02.0343 5968 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:56:02.0343 5968 TDPIPE - ok
13:56:02.0375 5968 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:56:02.0375 5968 TDTCP - ok
13:56:02.0515 5968 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:56:02.0515 5968 TermDD - ok
13:56:02.0531 5968 TosIde - ok
13:56:02.0578 5968 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:56:02.0578 5968 Udfs - ok
13:56:02.0593 5968 ultra - ok
13:56:02.0609 5968 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:56:02.0609 5968 Update - ok
13:56:02.0656 5968 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys
13:56:02.0765 5968 USBAAPL - ok
13:56:02.0890 5968 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
13:56:02.0890 5968 usbaudio - ok
13:56:02.0937 5968 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:56:02.0937 5968 usbccgp - ok
13:56:03.0000 5968 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:56:03.0000 5968 usbehci - ok
13:56:03.0156 5968 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:56:03.0171 5968 usbhub - ok
13:56:03.0234 5968 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:56:03.0234 5968 usbprint - ok
13:56:03.0281 5968 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:56:03.0296 5968 usbscan - ok
13:56:03.0328 5968 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:56:03.0328 5968 USBSTOR - ok
13:56:03.0343 5968 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:56:03.0343 5968 usbuhci - ok
13:56:03.0468 5968 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
13:56:03.0468 5968 usbvideo - ok
13:56:03.0500 5968 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
13:56:03.0500 5968 usb_rndisx - ok
13:56:03.0562 5968 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:56:03.0562 5968 VgaSave - ok
13:56:03.0578 5968 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
13:56:03.0578 5968 ViaIde - ok
13:56:03.0593 5968 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:56:03.0609 5968 VolSnap - ok
13:56:03.0625 5968 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:56:03.0640 5968 Wanarp - ok
13:56:03.0796 5968 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
13:56:03.0937 5968 Wdf01000 - ok
13:56:03.0937 5968 WDICA - ok
13:56:03.0984 5968 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:56:04.0000 5968 wdmaud - ok
13:56:04.0171 5968 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
13:56:04.0250 5968 WinUSB - ok
13:56:04.0281 5968 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
13:56:04.0281 5968 WmiAcpi - ok
13:56:04.0328 5968 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
13:56:04.0343 5968 WpdUsb - ok
13:56:04.0468 5968 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:56:04.0468 5968 WSTCODEC - ok
13:56:04.0515 5968 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:56:04.0531 5968 WudfPf - ok
13:56:04.0546 5968 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:56:04.0562 5968 WudfRd - ok
13:56:04.0593 5968 MBR (0x1B8) (4f02a8d4048a138c450ed7f867eb0144) \Device\Harddisk0\DR0
13:56:04.0796 5968 \Device\Harddisk0\DR0 - ok
13:56:04.0796 5968 Boot (0x1200) (9c9f5348095a91472102a23e7a3536d5) \Device\Harddisk0\DR0\Partition0
13:56:04.0796 5968 \Device\Harddisk0\DR0\Partition0 - ok
13:56:04.0812 5968 Boot (0x1200) (8264b8d865a9818d0d7f436c4a56d5e7) \Device\Harddisk0\DR0\Partition1
13:56:04.0812 5968 \Device\Harddisk0\DR0\Partition1 - ok
13:56:04.0812 5968 ============================================================
13:56:04.0812 5968 Scan finished
13:56:04.0812 5968 ============================================================
13:56:04.0812 0620 Detected object count: 0
13:56:04.0812 0620 Actual detected object count: 0
14:01:09.0343 1224 Deinitialize success
  • 0

#10
maliprog
Posted 07 January 2012 - 03:29 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Logs looking good. How is your system now? Any problems.
  • 0

#11
idrawstuff
Posted 10 January 2012 - 12:40 PM

idrawstuff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
It still seems kind of sluggish, and the fan still seems to come on a lot more often than it used to, but I am using a more resource intensive accounting program for work now (installed just a week before I got the virus), and that could have something to do with it.
  • 0

#12
maliprog
Posted 10 January 2012 - 12:49 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi idrawstuff,

Let's try to speed things a little bit. Let me know how is your system after these steps.

Step 1

Startuplite is a tool to help you stop some programs not needed when you start your computer from loading. They will begin automatically only when needed.

Run the tool and it will disable all unnecessary sturtup entries.
Click on Continue button to save changes.

Step 2

Download and run Puran Disc Defragmenter
Click on Boot Time Defrag button and choose Restart-Defrag-Restart

Posted Image
  • 0

#13
maliprog
Posted 15 January 2012 - 10:02 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP