1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Iexplorer.exe virus slowly destroying computer

Discussion in 'Malware and Virus Removal Archive' started by Buddie, 2010/12/14.

  1. 2010/12/14
    Buddie

    Buddie Inactive Thread Starter

    Joined:
    2010/12/13
    Messages:
    10
    Likes Received:
    0
    [Resolved] Iexplorer.exe virus slowly destroying computer

    This virus was first noticed as an iexplorer.exe process running on one user that consumed most of the processor all the time, even though Internet Explorer was uninstalled from the system. As I went through the required posting, things kept getting worse until the computer was practically unusable.

    1. Tried to turn on Windows Firewall, but it would not work. Error says that the service is not running.
    2. Ran a full scan with McAfee Enterprise Edition. No results.
    3. Ran the TFC. It worked fine.

    1. Ran Malwarebytes, but couldn't update it because internet has been disconnected by the virus (posting from another computer). No internet connections are shown and the network service will not start. Malwarebytes removed 2 things. Log posted below.

    2. Ran GMER. Took like 7 hours and stuck in one file forever (C:\windows\system32\sbcmtc\....\default). Left running overnight and when I looked in the morning, the mouse was frozen up so I couldn't save a log. I have switched to a ps2 mouse but I had to restart to get it to work.

    3. Ran MBRCheck.exe. Log posted below.

    4. Ran DDS. Logs posted below.

    Please help as my computer is getting worse.

    MBRCheck log:
    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000001c

    Kernel Drivers (total 118):
    0x804D7000 \WINDOWS\system32\ntoskrnl.exe
    0x806EE000 \WINDOWS\system32\hal.dll
    0xF7D65000 \WINDOWS\system32\KDCOM.DLL
    0xF7C75000 \WINDOWS\system32\BOOTVID.dll
    0xF7816000 ACPI.sys
    0xF7D67000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF7805000 pci.sys
    0xF7865000 isapnp.sys
    0xF7E2D000 pciide.sys
    0xF7AE5000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF7D69000 intelide.sys
    0xF7875000 MountMgr.sys
    0xF77E6000 ftdisk.sys
    0xF7D6B000 dmload.sys
    0xF77C0000 dmio.sys
    0xF7AED000 PartMgr.sys
    0xF7885000 VolSnap.sys
    0xF77A8000 atapi.sys
    0xF7895000 disk.sys
    0xF78A5000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF7788000 fltmgr.sys
    0xF78B5000 PxHelp20.sys
    0xF7771000 KSecDD.sys
    0xF775E000 WudfPf.sys
    0xF76D1000 Ntfs.sys
    0xF76A4000 NDIS.sys
    0xF7645000 timntr.sys
    0xF762A000 snapman.sys
    0xF7610000 Mup.sys
    0xF75BE000 mfehidk.sys
    0xF7575000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0xF7A15000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xF6EEB000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
    0xF6ED7000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xF7BB5000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xF6EB3000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF7BBD000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xF6D76000 \SystemRoot\system32\drivers\P16X.sys
    0xF6D53000 \SystemRoot\system32\drivers\ks.sys
    0xF6D2F000 \SystemRoot\system32\drivers\portcls.sys
    0xF7A25000 \SystemRoot\system32\drivers\drmk.sys
    0xF756D000 \SystemRoot\system32\DRIVERS\gameenum.sys
    0xF6CFD000 \SystemRoot\system32\DRIVERS\b57xp32.sys
    0xF7BC5000 \SystemRoot\system32\DRIVERS\fdc.sys
    0xF7A35000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xF7BCD000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xF7BD5000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF7A45000 \SystemRoot\system32\DRIVERS\serial.sys
    0xF7569000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xF6CE9000 \SystemRoot\system32\DRIVERS\parport.sys
    0xF7A55000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xF7A65000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xF7A75000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xF6CA9000 \SystemRoot\system32\drivers\smwdm.sys
    0xF6BF6000 \SystemRoot\system32\drivers\senfilt.sys
    0xF7D89000 \SystemRoot\system32\DRIVERS\serscan.sys
    0xF7F12000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xF7A85000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF755D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xF6B90000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xF7A95000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xF7AA5000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF7BDD000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xF6B7F000 \SystemRoot\system32\DRIVERS\psched.sys
    0xF7AB5000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF7BE5000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF7BED000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xF641F000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xF78D5000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF7D8B000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xF6321000 \SystemRoot\system32\DRIVERS\update.sys
    0xF7541000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xF78E5000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xF7905000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xF7D8F000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xF6FBD000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xF7935000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xF7C0D000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xF7D91000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF7E79000 \SystemRoot\System32\Drivers\Null.SYS
    0xF7D93000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF7C1D000 \SystemRoot\System32\drivers\vga.sys
    0xF7D95000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF7D97000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF7C25000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF7C2D000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xF6FB1000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xEE21E000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xEE1C5000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xF7945000 \SystemRoot\system32\drivers\mfetdik.sys
    0xEE19F000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xEE177000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xEE13F000 \SystemRoot\system32\DRIVERS\tcpip6.sys
    0xEE11D000 \SystemRoot\System32\drivers\afd.sys
    0xF7955000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xEE0F2000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xEE082000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xF7965000 \SystemRoot\System32\Drivers\Fips.SYS
    0xF7975000 \SystemRoot\system32\drivers\ip6fw.sys
    0xF7C45000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
    0xF7985000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
    0xEDF3F000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
    0xF7581000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xF7995000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xF7A05000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xEDF27000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xF7E09000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xEE066000 \SystemRoot\System32\drivers\Dxapi.sys
    0xF7B1D000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF7EAF000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF020000 \SystemRoot\System32\ialmdnt5.dll
    0xBF012000 \SystemRoot\System32\ialmrnt5.dll
    0xBF03F000 \SystemRoot\System32\ialmdev5.DLL
    0xBF06B000 \SystemRoot\System32\ialmdd5.DLL
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 22):
    0 System Idle Process
    4 System
    792 C:\WINDOWS\system32\smss.exe
    868 csrss.exe
    892 C:\WINDOWS\system32\winlogon.exe
    936 C:\WINDOWS\system32\services.exe
    948 C:\WINDOWS\system32\lsass.exe
    1100 C:\WINDOWS\system32\svchost.exe
    1164 svchost.exe
    1216 C:\WINDOWS\system32\svchost.exe
    1244 C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
    1672 C:\WINDOWS\explorer.exe
    1780 wmiprvse.exe
    1856 C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    1864 C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
    1884 C:\Program Files\QuickTime\QTTask.exe
    1948 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    1956 C:\WINDOWS\system32\ctfmon.exe
    1996 C:\Program Files\InterAct\Gaming Devices\JoyAct.exe
    2004 C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    168 C:\Documents and Settings\Ryan\Desktop\MBRCheck.exe
    220 C:\Program Files\McAfee\Common Framework\McTray.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: WDCWD5000AAKB-00H8A0, Rev: 05.04E05

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!
     
  2. 2010/12/14
    Buddie

    Buddie Inactive Thread Starter

    Joined:
    2010/12/13
    Messages:
    10
    Likes Received:
    0
    Malwarebytes Log:

    Malwarebytes' Anti-Malware 1.50
    www.malwarebytes.org

    Database version: 5214

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 6.0.2900.5512

    12/13/2010 11:05:26 AM
    mbam-log-2010-12-13 (11-05-26).txt

    Scan type: Quick scan
    Objects scanned: 192502
    Time elapsed: 3 minute(s), 41 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 3
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\documents and settings\Cheryl\local settings\application data\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
     

  3. to hide this advert.

  4. 2010/12/14
    Buddie

    Buddie Inactive Thread Starter

    Joined:
    2010/12/13
    Messages:
    10
    Likes Received:
    0
    DDR Logs:



    DDS (Ver_10-12-12.02) - NTFSx86 MINIMAL
    Run by Ryan at 9:55:53.18 on Tue 12/14/2010
    Internet Explorer: 6.0.2900.5512
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.781 [GMT -5:00]

    AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\McAfee\Common Framework\udaterui.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\InterAct\Gaming Devices\JoyAct.exe
    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\Program Files\McAfee\Common Framework\McTray.exe
    C:\Documents and Settings\Ryan\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uStart Page = hxxp://www.gty.org/
    uWindow Title = Microsoft Internet Explorer
    mDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = <local>
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
    BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
    uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe "
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
    mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
    mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    StartupFolder: c:\docume~1\ryan\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\joyact.lnk - c:\program files\interact\gaming devices\JoyAct.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} - hxxp://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    Notify: igfxcui - igfxsrvc.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    LSA: Authentication Packages = msv1_0 relog_ap
    Hosts: 127.0.0.1 www.spywareinfo.com

    ============= SERVICES / DRIVERS ===============

    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-2-4 340592]
    R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2008-9-29 19456]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-8 135664]
    S2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-3-14 103744]
    S2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2008-9-29 143088]
    S2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2008-9-29 62800]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-2-4 67904]
    S2 svcboot_cvgmj;svcboot_cvgmj;c:\windows\system32\svchost.exe -k svcboot_cvgmj [2004-8-4 14336]
    S3 IAI3300FilterService;IAI3300 Filter Service;c:\windows\system32\drivers\IAI3300.sys [2009-10-30 12124]
    S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-2-4 90360]
    S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-2-4 42424]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-2-4 64432]

    =============== Created Last 30 ================

    2010-12-13 15:49:40 -------- d-----w- c:\docume~1\ryan\applic~1\Malwarebytes
    2010-12-13 15:49:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-13 15:49:26 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-12-13 15:49:24 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-13 15:49:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-03 23:25:28 -------- d-----w- c:\docume~1\ryan\locals~1\applic~1\Help
    2010-12-03 23:15:57 -------- d-----w- c:\program files\Bitmap2LCD BASIC V1_8

    ==================== Find3M ====================

    2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll

    ============= FINISH: 9:59:36.34 ===============




    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2/4/2009 5:21:07 AM
    System Uptime: 12/14/2010 9:51:02 AM (0 hours ago)

    Motherboard: Dell Computer Corp. | | 0C2425
    Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2790/533mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 466 GiB total, 293.002 GiB free.
    D: is CDROM ()
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Broadcom 440x 10/100 Integrated Controller
    Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01\4&3B1CAF2B&0&48F0
    Manufacturer: Broadcom
    Name: Broadcom 440x 10/100 Integrated Controller
    PNP Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01\4&3B1CAF2B&0&48F0
    Service: bcm4sbxp

    ==== System Restore Points ===================

    No restore point in system.

    ==== Installed Programs ======================

    Acronis†True†Image†Workstation
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.3
    Adobe Shockwave Player 11.5
    Apple Application Support
    Apple Software Update
    BASIC Stamp Editor v2.4.2
    Bitmap2LCD BASIC Edition V1.8
    Broadcom 440x 10/100 Integrated Controller
    Canon IJ Network Scan Utility
    Canon IJ Network Tool
    Canon MP Navigator EX 1.0
    Canon MX700 series
    Canon MX700 series User Registration
    Chinese Traditional Fonts Support For Adobe Reader 9
    Compatibility Pack for the 2007 Office system
    Critical Update for Windows Media Player 11 (KB959772)
    CyberLink PhotoNow
    CyberLink PowerDirector
    Dell Photo Printer 720
    DiskeeperWorkstation
    Gaming Devices
    Garmin USB Drivers
    Garmin WebUpdater
    GolfLogix Course Manager 3.7
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Intel(R) Extreme Graphics Driver
    Java(TM) 6 Update 7
    Malwarebytes' Anti-Malware
    McAfee Agent
    McAfee VirusScan Enterprise
    MeterBasic
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Flight Simulator X
    Microsoft Flight Simulator X Service Pack 1
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Professional Edition 2003
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    MPLAB Tools v8.20
    MPLAB Tools v8.36
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    NoteWorthy Composer 2 Viewer
    PICkit 2 v2.61
    PicLoops v2.2
    PL-2303 USB-to-Serial
    PowerDVD
    Propeller Tool v1.2.5
    QuickTime
    Safari
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    SmartSound Quicktracks Plugin
    Sony Picture Utility
    Sony USB Driver
    Sound Blaster Live!
    SoundMAX
    Spybot - Search & Destroy
    Student Management System
    SX-Key Editor v3.2.92h BETA
    System Requirements Lab
    The Rosetta Stone
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    WebFldrs XP
    Windows Driver Package - FTDI CDM Driver Package (03/13/2008 2.04.06)
    Windows Driver Package - FTDI CDM Driver Package (06/27/2007 2.02.04)
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    WinZip

    ==== Event Viewer Messages From Past Week ========

    12/13/2010 5:44:36 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    12/13/2010 5:44:25 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    12/13/2010 11:08:20 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
    12/13/2010 11:07:12 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    12/13/2010 11:07:02 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    12/13/2010 11:05:25 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service gusvc with arguments " " in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
    12/13/2010 10:50:51 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service COMSysApp with arguments " " in order to run the server: {182C40F0-32E4-11D0-818B-00A0C9231C29}
    12/13/2010 10:45:35 AM, error: Service Control Manager [7034] - The McAfee Engine Service service terminated unexpectedly. It has done this 1 time(s).
    12/13/2010 10:12:36 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments " " in order to run the server: {000C101C-0000-0000-C000-000000000046}
    12/12/2010 6:44:19 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec mfehidk mfetdik MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip Tcpip6
    12/12/2010 6:44:19 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    12/12/2010 6:44:19 PM, error: Service Control Manager [7001] - The Simple TCP/IP Services service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    12/12/2010 6:44:19 PM, error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
    12/12/2010 6:44:19 PM, error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
    12/12/2010 6:44:19 PM, error: Service Control Manager [7001] - The IPv6 Helper Service service depends on the Microsoft IPv6 Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    12/12/2010 6:44:19 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    12/12/2010 6:44:19 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    12/12/2010 6:44:19 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    12/11/2010 5:34:29 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    12/11/2010 11:51:27 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm mfehidk
    12/11/2010 10:42:50 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
    12/11/2010 10:42:50 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

    ==== End Of File ===========================
     
  5. 2010/12/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Welcome aboard :)

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===============================================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  6. 2010/12/15
    Buddie

    Buddie Inactive Thread Starter

    Joined:
    2010/12/13
    Messages:
    10
    Likes Received:
    0
    Thank you for helping me.

    I ran the .exe, but it didn't find anything. The log is posted below.

    P.S. I have been running these scans on a different user than the virus was originally noticed on, because that user has disappeared! Also, that user was a limited account.


    2010/12/15 08:51:55.0187 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40
    2010/12/15 08:51:55.0187 ================================================================================
    2010/12/15 08:51:55.0187 SystemInfo:
    2010/12/15 08:51:55.0187
    2010/12/15 08:51:55.0187 OS Version: 5.1.2600 ServicePack: 3.0
    2010/12/15 08:51:55.0187 Product type: Workstation
    2010/12/15 08:51:55.0187 ComputerName: SCHOOLROOM
    2010/12/15 08:51:55.0187 UserName: Ryan
    2010/12/15 08:51:55.0187 Windows directory: C:\WINDOWS
    2010/12/15 08:51:55.0187 System windows directory: C:\WINDOWS
    2010/12/15 08:51:55.0187 Processor architecture: Intel x86
    2010/12/15 08:51:55.0187 Number of processors: 1
    2010/12/15 08:51:55.0187 Page size: 0x1000
    2010/12/15 08:51:55.0187 Boot type: Normal boot
    2010/12/15 08:51:55.0187 ================================================================================
    2010/12/15 08:51:55.0390 Initialize success
    2010/12/15 08:52:29.0625 ================================================================================
    2010/12/15 08:52:29.0625 Scan started
    2010/12/15 08:52:29.0625 Mode: Manual;
    2010/12/15 08:52:29.0625 ================================================================================
    2010/12/15 08:52:30.0812 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2010/12/15 08:52:30.0875 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2010/12/15 08:52:30.0984 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2010/12/15 08:52:31.0046 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2010/12/15 08:52:31.0484 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2010/12/15 08:52:31.0515 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2010/12/15 08:52:31.0609 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2010/12/15 08:52:31.0687 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2010/12/15 08:52:31.0750 b57w2k (ea377a8e8e1000877210259750cbbf5f) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
    2010/12/15 08:52:31.0828 bcm4sbxp (b60f57b4d9cdbc663cc03eb8af7ec34e) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
    2010/12/15 08:52:31.0906 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2010/12/15 08:52:31.0968 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2010/12/15 08:52:32.0031 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    2010/12/15 08:52:32.0125 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2010/12/15 08:52:32.0187 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2010/12/15 08:52:32.0250 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2010/12/15 08:52:32.0593 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2010/12/15 08:52:32.0671 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2010/12/15 08:52:32.0781 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2010/12/15 08:52:32.0843 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2010/12/15 08:52:32.0906 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2010/12/15 08:52:33.0015 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2010/12/15 08:52:33.0109 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2010/12/15 08:52:33.0187 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2010/12/15 08:52:33.0234 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2010/12/15 08:52:33.0296 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    2010/12/15 08:52:33.0359 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2010/12/15 08:52:33.0437 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2010/12/15 08:52:33.0500 FTDIBUS (47b9cf937ac479046da289bd5a769ce9) C:\WINDOWS\system32\drivers\ftdibus.sys
    2010/12/15 08:52:33.0562 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2010/12/15 08:52:33.0640 FTSER2K (216b9a2191676034999785c7f94fa5d6) C:\WINDOWS\system32\drivers\ftser2k.sys
    2010/12/15 08:52:33.0703 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
    2010/12/15 08:52:33.0765 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2010/12/15 08:52:33.0859 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2010/12/15 08:52:33.0984 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2010/12/15 08:52:34.0140 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2010/12/15 08:52:34.0203 IAI3300FilterService (a80ebb0d91730b179c8da43d4b9962cd) C:\WINDOWS\system32\DRIVERS\IAI3300.sys
    2010/12/15 08:52:34.0281 ialm (44b7d5a4f2bd9fe21aea0bb0bace38c4) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    2010/12/15 08:52:34.0390 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2010/12/15 08:52:34.0515 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    2010/12/15 08:52:34.0562 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2010/12/15 08:52:34.0625 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2010/12/15 08:52:34.0687 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2010/12/15 08:52:34.0734 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2010/12/15 08:52:34.0796 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2010/12/15 08:52:34.0859 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2010/12/15 08:52:34.0937 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2010/12/15 08:52:35.0000 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2010/12/15 08:52:35.0062 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2010/12/15 08:52:35.0125 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2010/12/15 08:52:35.0187 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2010/12/15 08:52:35.0265 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2010/12/15 08:52:35.0437 mfeapfk (d0813cf480e3d38a265f3be86522bf3b) C:\WINDOWS\system32\drivers\mfeapfk.sys
    2010/12/15 08:52:35.0484 mfeavfk (04440cc0f5f89933babd585cc5f2f70e) C:\WINDOWS\system32\drivers\mfeavfk.sys
    2010/12/15 08:52:35.0531 mfebopk (f6e257c31e0c354a2ed22bf5026c2466) C:\WINDOWS\system32\drivers\mfebopk.sys
    2010/12/15 08:52:35.0609 mfehidk (79fae8ce9a478f79b74873a810c8227e) C:\WINDOWS\system32\drivers\mfehidk.sys
    2010/12/15 08:52:35.0687 mferkdet (f21bf10a3784e52eec925bb5f7d3fffa) C:\WINDOWS\system32\drivers\mferkdet.sys
    2010/12/15 08:52:35.0734 mfetdik (f2d4d0f8e230257a0be36df803b549d1) C:\WINDOWS\system32\drivers\mfetdik.sys
    2010/12/15 08:52:35.0796 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2010/12/15 08:52:35.0859 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2010/12/15 08:52:35.0906 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2010/12/15 08:52:35.0953 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2010/12/15 08:52:36.0000 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2010/12/15 08:52:36.0062 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
    2010/12/15 08:52:36.0156 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2010/12/15 08:52:36.0250 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2010/12/15 08:52:36.0328 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2010/12/15 08:52:36.0406 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2010/12/15 08:52:36.0468 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2010/12/15 08:52:36.0515 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2010/12/15 08:52:36.0578 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2010/12/15 08:52:36.0640 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    2010/12/15 08:52:36.0687 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2010/12/15 08:52:36.0765 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    2010/12/15 08:52:36.0843 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2010/12/15 08:52:36.0906 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    2010/12/15 08:52:36.0968 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2010/12/15 08:52:37.0031 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2010/12/15 08:52:37.0093 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2010/12/15 08:52:37.0156 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
    2010/12/15 08:52:37.0203 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2010/12/15 08:52:37.0265 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2010/12/15 08:52:37.0359 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
    2010/12/15 08:52:37.0421 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2010/12/15 08:52:37.0484 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2010/12/15 08:52:37.0578 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
    2010/12/15 08:52:37.0640 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2010/12/15 08:52:37.0703 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2010/12/15 08:52:37.0750 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2010/12/15 08:52:37.0859 P16X (13026e137486d916a0677d276144ea7f) C:\WINDOWS\system32\drivers\P16X.sys
    2010/12/15 08:52:37.0984 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2010/12/15 08:52:38.0046 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2010/12/15 08:52:38.0093 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2010/12/15 08:52:38.0156 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2010/12/15 08:52:38.0265 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2010/12/15 08:52:38.0312 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2010/12/15 08:52:38.0671 PfModNT (2f5532f9b0f903b26847da674b4f55b2) C:\WINDOWS\system32\PfModNT.sys
    2010/12/15 08:52:38.0796 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2010/12/15 08:52:38.0843 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2010/12/15 08:52:38.0906 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2010/12/15 08:52:38.0984 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2010/12/15 08:52:39.0234 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2010/12/15 08:52:39.0296 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2010/12/15 08:52:39.0359 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2010/12/15 08:52:39.0390 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2010/12/15 08:52:39.0468 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2010/12/15 08:52:39.0515 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2010/12/15 08:52:39.0578 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2010/12/15 08:52:39.0671 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2010/12/15 08:52:39.0750 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2010/12/15 08:52:39.0906 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2010/12/15 08:52:39.0984 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
    2010/12/15 08:52:40.0078 Ser2pl (b490ad520257dda26c1d587a71e527b5) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
    2010/12/15 08:52:40.0140 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2010/12/15 08:52:40.0187 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2010/12/15 08:52:40.0265 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2010/12/15 08:52:40.0390 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    2010/12/15 08:52:40.0468 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
    2010/12/15 08:52:40.0546 snapman (e78c98378a071ce4d48a7c514fa98fa1) C:\WINDOWS\system32\DRIVERS\snapman.sys
    2010/12/15 08:52:40.0609 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
    2010/12/15 08:52:40.0718 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2010/12/15 08:52:40.0796 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2010/12/15 08:52:40.0875 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
    2010/12/15 08:52:40.0953 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
    2010/12/15 08:52:41.0031 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    2010/12/15 08:52:41.0109 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2010/12/15 08:52:41.0171 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2010/12/15 08:52:41.0390 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2010/12/15 08:52:41.0500 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2010/12/15 08:52:41.0578 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
    2010/12/15 08:52:41.0656 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2010/12/15 08:52:41.0703 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2010/12/15 08:52:41.0765 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2010/12/15 08:52:41.0843 tifsfilter (1ad143f1779f87996b20979cf4b48714) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
    2010/12/15 08:52:41.0890 timounter (64694b2a5c772e1c61feac300ed90ca6) C:\WINDOWS\system32\DRIVERS\timntr.sys
    2010/12/15 08:52:42.0031 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
    2010/12/15 08:52:42.0078 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2010/12/15 08:52:42.0187 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2010/12/15 08:52:42.0312 USB28xxBGA (9be2c659ca510d905cbe2b9f1f84e728) C:\WINDOWS\system32\DRIVERS\emBDA.sys
    2010/12/15 08:52:42.0375 USB28xxOEM (3f90a05fbbc1649f33889b5ddbdea167) C:\WINDOWS\system32\DRIVERS\emOEM.sys
    2010/12/15 08:52:42.0437 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2010/12/15 08:52:42.0500 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2010/12/15 08:52:42.0562 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2010/12/15 08:52:42.0640 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2010/12/15 08:52:42.0703 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2010/12/15 08:52:42.0765 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2010/12/15 08:52:42.0843 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2010/12/15 08:52:42.0890 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2010/12/15 08:52:43.0000 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2010/12/15 08:52:43.0078 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2010/12/15 08:52:43.0156 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
    2010/12/15 08:52:43.0312 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2010/12/15 08:52:43.0484 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    2010/12/15 08:52:43.0562 Wpsnuio (6b579993e3c456b1d1043e58b5069663) C:\WINDOWS\system32\DRIVERS\wpsnuio.sys
    2010/12/15 08:52:43.0640 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    2010/12/15 08:52:43.0718 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2010/12/15 08:52:43.0781 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2010/12/15 08:52:44.0187 ================================================================================
    2010/12/15 08:52:44.0187 Scan finished
    2010/12/15 08:52:44.0187 ================================================================================
    2010/12/15 08:54:01.0296 ================================================================================
    2010/12/15 08:54:01.0296 Scan started
    2010/12/15 08:54:01.0296 Mode: Manual;
    2010/12/15 08:54:01.0296 ================================================================================
    2010/12/15 08:54:02.0203 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2010/12/15 08:54:02.0265 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2010/12/15 08:54:02.0359 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2010/12/15 08:54:02.0421 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2010/12/15 08:54:02.0843 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2010/12/15 08:54:02.0906 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2010/12/15 08:54:02.0984 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2010/12/15 08:54:03.0062 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2010/12/15 08:54:03.0125 b57w2k (ea377a8e8e1000877210259750cbbf5f) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
    2010/12/15 08:54:03.0203 bcm4sbxp (b60f57b4d9cdbc663cc03eb8af7ec34e) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
    2010/12/15 08:54:03.0250 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2010/12/15 08:54:03.0328 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2010/12/15 08:54:03.0390 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    2010/12/15 08:54:03.0468 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2010/12/15 08:54:03.0531 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2010/12/15 08:54:03.0593 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2010/12/15 08:54:03.0906 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2010/12/15 08:54:04.0000 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2010/12/15 08:54:04.0093 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2010/12/15 08:54:04.0140 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2010/12/15 08:54:04.0203 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2010/12/15 08:54:04.0312 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2010/12/15 08:54:04.0406 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2010/12/15 08:54:04.0468 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2010/12/15 08:54:04.0515 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2010/12/15 08:54:04.0578 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    2010/12/15 08:54:04.0640 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2010/12/15 08:54:04.0687 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2010/12/15 08:54:04.0750 FTDIBUS (47b9cf937ac479046da289bd5a769ce9) C:\WINDOWS\system32\drivers\ftdibus.sys
    2010/12/15 08:54:04.0796 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2010/12/15 08:54:04.0859 FTSER2K (216b9a2191676034999785c7f94fa5d6) C:\WINDOWS\system32\drivers\ftser2k.sys
    2010/12/15 08:54:04.0921 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
    2010/12/15 08:54:04.0984 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2010/12/15 08:54:05.0078 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2010/12/15 08:54:05.0203 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2010/12/15 08:54:05.0359 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2010/12/15 08:54:05.0421 IAI3300FilterService (a80ebb0d91730b179c8da43d4b9962cd) C:\WINDOWS\system32\DRIVERS\IAI3300.sys
    2010/12/15 08:54:05.0484 ialm (44b7d5a4f2bd9fe21aea0bb0bace38c4) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    2010/12/15 08:54:05.0578 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2010/12/15 08:54:05.0718 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    2010/12/15 08:54:05.0765 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2010/12/15 08:54:05.0828 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2010/12/15 08:54:05.0890 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2010/12/15 08:54:05.0937 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2010/12/15 08:54:06.0000 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2010/12/15 08:54:06.0062 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2010/12/15 08:54:06.0125 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2010/12/15 08:54:06.0203 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2010/12/15 08:54:06.0265 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2010/12/15 08:54:06.0343 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2010/12/15 08:54:06.0390 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2010/12/15 08:54:06.0453 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2010/12/15 08:54:06.0640 mfeapfk (d0813cf480e3d38a265f3be86522bf3b) C:\WINDOWS\system32\drivers\mfeapfk.sys
    2010/12/15 08:54:06.0687 mfeavfk (04440cc0f5f89933babd585cc5f2f70e) C:\WINDOWS\system32\drivers\mfeavfk.sys
    2010/12/15 08:54:06.0734 mfebopk (f6e257c31e0c354a2ed22bf5026c2466) C:\WINDOWS\system32\drivers\mfebopk.sys
    2010/12/15 08:54:06.0796 mfehidk (79fae8ce9a478f79b74873a810c8227e) C:\WINDOWS\system32\drivers\mfehidk.sys
    2010/12/15 08:54:06.0859 mferkdet (f21bf10a3784e52eec925bb5f7d3fffa) C:\WINDOWS\system32\drivers\mferkdet.sys
    2010/12/15 08:54:06.0906 mfetdik (f2d4d0f8e230257a0be36df803b549d1) C:\WINDOWS\system32\drivers\mfetdik.sys
    2010/12/15 08:54:06.0968 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2010/12/15 08:54:07.0046 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2010/12/15 08:54:07.0093 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2010/12/15 08:54:07.0140 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2010/12/15 08:54:07.0187 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2010/12/15 08:54:07.0250 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
    2010/12/15 08:54:07.0343 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2010/12/15 08:54:07.0437 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2010/12/15 08:54:07.0500 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2010/12/15 08:54:07.0578 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2010/12/15 08:54:07.0656 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2010/12/15 08:54:07.0703 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2010/12/15 08:54:07.0765 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2010/12/15 08:54:07.0859 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    2010/12/15 08:54:07.0906 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2010/12/15 08:54:07.0953 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    2010/12/15 08:54:08.0000 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2010/12/15 08:54:08.0046 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    2010/12/15 08:54:08.0109 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2010/12/15 08:54:08.0171 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2010/12/15 08:54:08.0218 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2010/12/15 08:54:08.0281 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
    2010/12/15 08:54:08.0312 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2010/12/15 08:54:08.0390 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2010/12/15 08:54:08.0484 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
    2010/12/15 08:54:08.0531 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2010/12/15 08:54:08.0578 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2010/12/15 08:54:08.0656 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
    2010/12/15 08:54:08.0718 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2010/12/15 08:54:08.0781 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2010/12/15 08:54:08.0843 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2010/12/15 08:54:08.0937 P16X (13026e137486d916a0677d276144ea7f) C:\WINDOWS\system32\drivers\P16X.sys
    2010/12/15 08:54:09.0031 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2010/12/15 08:54:09.0093 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2010/12/15 08:54:09.0125 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2010/12/15 08:54:09.0187 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2010/12/15 08:54:09.0281 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2010/12/15 08:54:09.0359 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2010/12/15 08:54:09.0687 PfModNT (2f5532f9b0f903b26847da674b4f55b2) C:\WINDOWS\system32\PfModNT.sys
    2010/12/15 08:54:09.0781 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2010/12/15 08:54:09.0843 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2010/12/15 08:54:09.0906 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2010/12/15 08:54:09.0968 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2010/12/15 08:54:10.0203 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2010/12/15 08:54:10.0265 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2010/12/15 08:54:10.0328 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2010/12/15 08:54:10.0375 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2010/12/15 08:54:10.0437 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2010/12/15 08:54:10.0500 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2010/12/15 08:54:10.0562 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2010/12/15 08:54:10.0640 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2010/12/15 08:54:10.0718 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2010/12/15 08:54:10.0859 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2010/12/15 08:54:10.0921 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
    2010/12/15 08:54:11.0000 Ser2pl (b490ad520257dda26c1d587a71e527b5) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
    2010/12/15 08:54:11.0046 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2010/12/15 08:54:11.0093 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2010/12/15 08:54:11.0187 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2010/12/15 08:54:11.0312 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    2010/12/15 08:54:11.0390 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
    2010/12/15 08:54:11.0453 snapman (e78c98378a071ce4d48a7c514fa98fa1) C:\WINDOWS\system32\DRIVERS\snapman.sys
    2010/12/15 08:54:11.0515 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
    2010/12/15 08:54:11.0625 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2010/12/15 08:54:11.0703 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2010/12/15 08:54:11.0781 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
    2010/12/15 08:54:11.0859 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
    2010/12/15 08:54:11.0921 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    2010/12/15 08:54:12.0000 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2010/12/15 08:54:12.0062 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2010/12/15 08:54:12.0281 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2010/12/15 08:54:12.0375 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2010/12/15 08:54:12.0437 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
    2010/12/15 08:54:12.0515 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2010/12/15 08:54:12.0562 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2010/12/15 08:54:12.0625 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2010/12/15 08:54:12.0703 tifsfilter (1ad143f1779f87996b20979cf4b48714) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
    2010/12/15 08:54:12.0765 timounter (64694b2a5c772e1c61feac300ed90ca6) C:\WINDOWS\system32\DRIVERS\timntr.sys
    2010/12/15 08:54:12.0875 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
    2010/12/15 08:54:12.0937 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2010/12/15 08:54:13.0031 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2010/12/15 08:54:13.0125 USB28xxBGA (9be2c659ca510d905cbe2b9f1f84e728) C:\WINDOWS\system32\DRIVERS\emBDA.sys
    2010/12/15 08:54:13.0171 USB28xxOEM (3f90a05fbbc1649f33889b5ddbdea167) C:\WINDOWS\system32\DRIVERS\emOEM.sys
    2010/12/15 08:54:13.0234 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2010/12/15 08:54:13.0296 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2010/12/15 08:54:13.0359 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2010/12/15 08:54:13.0421 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2010/12/15 08:54:13.0500 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2010/12/15 08:54:13.0562 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2010/12/15 08:54:13.0625 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2010/12/15 08:54:13.0687 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2010/12/15 08:54:13.0781 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2010/12/15 08:54:13.0875 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2010/12/15 08:54:13.0953 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
    2010/12/15 08:54:14.0046 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2010/12/15 08:54:14.0203 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    2010/12/15 08:54:14.0265 Wpsnuio (6b579993e3c456b1d1043e58b5069663) C:\WINDOWS\system32\DRIVERS\wpsnuio.sys
    2010/12/15 08:54:14.0359 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    2010/12/15 08:54:14.0437 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2010/12/15 08:54:14.0484 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2010/12/15 08:54:14.0859 ================================================================================
    2010/12/15 08:54:14.0859 Scan finished
    2010/12/15 08:54:14.0859 ================================================================================
     
  7. 2010/12/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AVG Remover to uninstall it: http://www.avg.com/us-en/download-tools
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.pif
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  8. 2010/12/15
    Buddie

    Buddie Inactive Thread Starter

    Joined:
    2010/12/13
    Messages:
    10
    Likes Received:
    0
    I ran combofix. It wanted to install the recovery console but could not because the virus had deleted my internet connection. The log is posted below. My computer seems much better now. The desktop is back to the normal look, the missing users have reappeared, the virus scanner works now, the firewall works, and the internet works.


    ComboFix 10-12-15.04 - Ryan 12/15/2010 20:43:05.1.1 - x86 MINIMAL
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.784 [GMT -5:00]
    Running from: c:\documents and settings\Ryan\Desktop\ComboFix.exe
    AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\1244108.dll
    c:\windows\system32\Data
    c:\windows\system32\zlibwapi.dll

    .
    ((((((((((((((((((((((((( Files Created from 2010-11-16 to 2010-12-16 )))))))))))))))))))))))))))))))
    .

    2010-12-13 15:49 . 2010-12-13 15:49 -------- d-----w- c:\documents and settings\Ryan\Application Data\Malwarebytes
    2010-12-13 15:49 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-13 15:49 . 2010-12-13 15:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-12-13 15:49 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-13 15:49 . 2010-12-13 15:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-04 15:46 . 2010-12-04 15:46 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
    2010-12-03 23:25 . 2010-12-03 23:25 -------- d-----w- c:\documents and settings\Ryan\Local Settings\Application Data\Help
    2010-12-03 23:15 . 2010-12-03 23:16 -------- d-----w- c:\program files\Bitmap2LCD BASIC V1_8

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-06 15:34 . 2009-11-04 01:22 13696 ----a-w- c:\windows\system32\drivers\wpsnuio.sys
    2010-09-18 16:23 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53 . 2004-08-04 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53 . 2004-08-04 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-06 39408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ShStatEXE "= "c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240]
    "IJNetworkScanUtility "= "c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]
    "QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]

    c:\documents and settings\Ryan\Start Menu\Programs\Startup\
    Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2009-5-4 344064]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    JoyAct.lnk - c:\program files\InterAct\Gaming Devices\JoyAct.exe [2009-10-30 299008]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
    @= "Service "

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "McAfeeUpdaterUI "= "c:\program files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)
    "DisableNotifications "= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe "=
    "c:\\Program Files\\Acronis\\TrueImageWorkstation\\TrueImage.exe "=
    "c:\\Program Files\\GolfLogix\\CourseManager\\CourseManager.exe "=
    "c:\\WINDOWS\\system32\\dpnsvr.exe "=
    "c:\\WINDOWS\\system32\\dxdiag.exe "=
    "c:\\Program Files\\Microsoft Games\\Microsoft Flight Simulator X\\fsx.exe "=
    "c:\\WINDOWS\\system32\\dpvsetup.exe "=
    "c:\\WINDOWS\\system32\\mmc.exe "=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "8080:TCP "= 8080:TCP:Spanish
    "3587:TCP "= 3587:TCP:Windows Peer-to-Peer Grouping
    "3540:UDP "= 3540:UDP:peer Name Resolution Protocol (PNRP)
    "3389:TCP "= 3389:TCP:mad:xpsp2res.dll,-22009

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest "= 1 (0x1)

    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 135664]
    R3 IAI3300FilterService;IAI3300 Filter Service;c:\windows\system32\DRIVERS\IAI3300.sys [2001-01-12 12124]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2008-09-29 64432]
    S2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [2008-09-29 19456]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2008-09-29 67904]
    S2 svcboot_cvgmj;svcboot_cvgmj;c:\windows\system32\svchost.exe [2008-04-14 14336]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
    svcboot_cvgmj REG_MULTI_SZ svcboot_cvgmj
    .
    Contents of the 'Scheduled Tasks' folder

    2010-12-10 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

    2010-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 18:11]

    2010-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 18:11]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearch Page = hxxp://www.google.com
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uStart Page = hxxp://www.gty.org/
    uSearch Bar = hxxp://www.google.com/ie
    mDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = <local>
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-12-15 20:54
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(876)
    c:\windows\system32\NETUI2.dll
    c:\windows\system32\igfxsrvc.dll
    c:\windows\system32\hccutils.DLL

    - - - - - - - > 'explorer.exe'(3496)
    c:\windows\system32\sbcmtc\shim_ksobgi.dll
    c:\windows\system32\sbcmtc\mcapp_zeqgvt.dll
    c:\windows\system32\sbcmtc\mcsc_uqbpfh.dll
    c:\windows\system32\sbcmtc\mcie_sociha.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
    c:\program files\Executive Software\DiskeeperWorkstation\DKService.exe
    c:\program files\McAfee\Common Framework\FrameworkService.exe
    c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\McAfee\Common Framework\naPrdMgr.exe
    c:\program files\CyberLink\Shared Files\RichVideo.exe
    c:\windows\system32\tcpsvcs.exe
    c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
    c:\program files\McAfee\VirusScan Enterprise\mfeann.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\system32\logonui.exe
    .
    **************************************************************************
    .
    Completion time: 2010-12-15 21:08:16 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-12-16 02:08

    Pre-Run: 314,535,337,984 bytes free
    Post-Run: 314,441,625,600 bytes free

    - - End Of File - - 248FADA17DAFCD110DCE920E4561400F
     
  9. 2010/12/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Good news :)

    Combofix log looks good now :)

    Please, re-run Combofix, allow recovery console installation and post fresh log.
     
  10. 2010/12/16
    Buddie

    Buddie Inactive Thread Starter

    Joined:
    2010/12/13
    Messages:
    10
    Likes Received:
    0
    Combofix ran successfully. Log posted below.


    ComboFix 10-12-15.07 - Ryan 12/16/2010 10:09:00.2.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.479 [GMT -5:00]
    Running from: c:\documents and settings\Ryan\Desktop\ComboFix.exe
    AV: McAfee VirusScan Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\sbcmtc\ccp_dgddyd.dll
    c:\windows\system32\sbcmtc\dprx_ekvdcc.dll
    c:\windows\system32\sbcmtc\mca_lrvzlo.dll
    c:\windows\system32\sbcmtc\mcapp_zeqgvt.dll
    c:\windows\system32\sbcmtc\mcff_qfkebs.dll
    c:\windows\system32\sbcmtc\mclmd_ugeefg.dll
    c:\windows\system32\sbcmtc\mcmsg_bjvslh.dll
    c:\windows\system32\sbcmtc\mcoexp_gedeh.dll
    c:\windows\system32\sbcmtc\mcy_vwpqoc.dll
    c:\windows\system32\sbcmtc\Proxy.dll
    c:\windows\system32\sbcmtc\shim_ksobgi.dll
    c:\windows\system32\sbcmtc\svcboot_cvgmj.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_svcboot_cvgmj
    -------\Service_svcboot_cvgmj


    ((((((((((((((((((((((((( Files Created from 2010-11-16 to 2010-12-16 )))))))))))))))))))))))))))))))
    .

    2010-12-13 15:49 . 2010-12-13 15:49 -------- d-----w- c:\documents and settings\Ryan\Application Data\Malwarebytes
    2010-12-13 15:49 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-13 15:49 . 2010-12-13 15:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-12-13 15:49 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-13 15:49 . 2010-12-13 15:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-04 15:46 . 2010-12-04 15:46 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
    2010-12-03 23:25 . 2010-12-03 23:25 -------- d-----w- c:\documents and settings\Ryan\Local Settings\Application Data\Help
    2010-12-03 23:15 . 2010-12-03 23:16 -------- d-----w- c:\program files\Bitmap2LCD BASIC V1_8

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-06 15:34 . 2009-11-04 01:22 13696 ----a-w- c:\windows\system32\drivers\wpsnuio.sys
    2010-09-18 16:23 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53 . 2004-08-04 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53 . 2004-08-04 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-06 39408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ShStatEXE "= "c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240]
    "IJNetworkScanUtility "= "c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]
    "QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
    "McAfeeUpdaterUI "= "c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512]

    c:\documents and settings\Ryan\Start Menu\Programs\Startup\
    Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2009-5-4 344064]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    JoyAct.lnk - c:\program files\InterAct\Gaming Devices\JoyAct.exe [2009-10-30 299008]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
    @= "Service "

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)
    "DisableNotifications "= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe "=
    "c:\\Program Files\\Acronis\\TrueImageWorkstation\\TrueImage.exe "=
    "c:\\Program Files\\GolfLogix\\CourseManager\\CourseManager.exe "=
    "c:\\WINDOWS\\system32\\dpnsvr.exe "=
    "c:\\WINDOWS\\system32\\dxdiag.exe "=
    "c:\\Program Files\\Microsoft Games\\Microsoft Flight Simulator X\\fsx.exe "=
    "c:\\WINDOWS\\system32\\dpvsetup.exe "=
    "c:\\WINDOWS\\system32\\mmc.exe "=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "8080:TCP "= 8080:TCP:Spanish
    "3587:TCP "= 3587:TCP:Windows Peer-to-Peer Grouping
    "3540:UDP "= 3540:UDP:peer Name Resolution Protocol (PNRP)
    "3389:TCP "= 3389:TCP:mad:xpsp2res.dll,-22009

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest "= 1 (0x1)

    R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [9/29/2008 8:07 AM 19456]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2/4/2009 3:05 PM 67904]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/8/2010 1:11 PM 135664]
    S3 IAI3300FilterService;IAI3300 Filter Service;c:\windows\system32\drivers\IAI3300.sys [10/30/2009 5:14 PM 12124]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2/4/2009 3:05 PM 64432]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
    svcboot_cvgmj REG_MULTI_SZ svcboot_cvgmj
    .
    Contents of the 'Scheduled Tasks' folder

    2010-12-10 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

    2010-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 18:11]

    2010-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 18:11]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearch Page = hxxp://www.google.com
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uStart Page = hxxp://www.gty.org/
    uSearch Bar = hxxp://www.google.com/ie
    mDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = <local>
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-12-16 10:35
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(2036)
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
    c:\program files\Executive Software\DiskeeperWorkstation\DKService.exe
    c:\program files\McAfee\Common Framework\FrameworkService.exe
    c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\McAfee\Common Framework\naPrdMgr.exe
    c:\program files\CyberLink\Shared Files\RichVideo.exe
    c:\windows\system32\tcpsvcs.exe
    c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
    c:\program files\McAfee\VirusScan Enterprise\mfeann.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\McAfee\Common Framework\McTray.exe
    c:\windows\system32\logonui.exe
    .
    **************************************************************************
    .
    Completion time: 2010-12-16 10:43:34 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-12-16 15:43
    ComboFix2.txt 2010-12-16 02:08

    Pre-Run: 314,497,912,832 bytes free
    Post-Run: 314,414,141,440 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug= "do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    - - End Of File - - D5A7676B4DF26B2AD0F764E918AA2F50
     
  11. 2010/12/16
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Good :)

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  12. 2010/12/16
    Buddie

    Buddie Inactive Thread Starter

    Joined:
    2010/12/13
    Messages:
    10
    Likes Received:
    0
    I ran the OTL. Here are the logs.

    OTL:


    OTL logfile created on: 12/16/2010 9:47:35 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Ryan\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,022.00 Mb Total Physical Memory | 441.00 Mb Available Physical Memory | 43.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 89.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 465.76 Gb Total Space | 292.80 Gb Free Space | 62.87% Space Free | Partition Type: NTFS

    Computer Name: SCHOOLROOM | User Name: Ryan | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/11/05 16:31:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ryan\Desktop\OTL.exe
    PRC - [2009/02/05 21:27:21 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    PRC - [2008/09/29 08:07:00 | 000,143,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    PRC - [2008/09/29 08:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
    PRC - [2008/09/29 08:07:00 | 000,067,904 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
    PRC - [2008/09/29 08:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    PRC - [2008/09/29 08:07:00 | 000,026,672 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
    PRC - [2008/09/29 08:07:00 | 000,019,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
    PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008/03/14 04:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
    PRC - [2008/03/14 04:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    PRC - [2008/03/14 04:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    PRC - [2008/03/14 04:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
    PRC - [2007/05/21 03:37:35 | 000,124,512 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
    PRC - [2007/01/31 13:01:32 | 000,407,072 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    PRC - [2007/01/15 12:23:48 | 000,344,064 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    PRC - [2001/08/31 15:23:12 | 000,253,952 | ---- | M] (Executive Software International, Inc.) -- C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
    PRC - [2001/02/26 11:32:20 | 000,299,008 | ---- | M] (InterAct Accessories Incorporation) -- C:\Program Files\InterAct\Gaming Devices\JoyAct.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/11/05 16:31:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ryan\Desktop\OTL.exe
    MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2008/09/29 08:07:00 | 000,143,088 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
    SRV - [2008/09/29 08:07:00 | 000,067,904 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
    SRV - [2008/09/29 08:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
    SRV - [2008/09/29 08:07:00 | 000,019,456 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)
    SRV - [2008/04/14 05:42:04 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
    SRV - [2008/03/14 04:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
    SRV - [2007/01/31 13:01:32 | 000,407,072 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
    SRV - [2001/08/31 15:23:12 | 000,253,952 | ---- | M] (Executive Software International, Inc.) [Auto | Running] -- C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe -- (Diskeeper)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - [2010/11/06 10:34:18 | 000,013,696 | ---- | M] (Skyhook Wireless) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wpsnuio.sys -- (Wpsnuio)
    DRV - [2010/02/11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
    DRV - [2009/02/04 20:12:32 | 000,395,744 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
    DRV - [2009/02/04 20:12:32 | 000,039,712 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
    DRV - [2009/02/04 20:12:28 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
    DRV - [2008/12/10 13:56:18 | 000,187,392 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2008/09/29 08:07:00 | 000,340,592 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2008/09/29 08:07:00 | 000,090,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2008/09/29 08:07:00 | 000,074,648 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
    DRV - [2008/09/29 08:07:00 | 000,064,432 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
    DRV - [2008/09/29 08:07:00 | 000,062,704 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
    DRV - [2008/09/29 08:07:00 | 000,042,424 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2008/04/14 00:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
    DRV - [2008/04/14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
    DRV - [2008/04/14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
    DRV - [2008/03/13 08:51:52 | 000,057,536 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
    DRV - [2008/03/13 08:50:02 | 000,072,000 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
    DRV - [2007/01/15 12:20:32 | 000,006,784 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM)
    DRV - [2006/09/20 15:57:26 | 000,337,408 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA)
    DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
    DRV - [2003/08/14 10:58:12 | 001,296,384 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P16X.sys -- (P16X) Creative SB Live! Series (WDM)
    DRV - [2003/07/16 14:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
    DRV - [2003/06/30 18:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
    DRV - [2001/01/12 13:49:38 | 000,012,124 | ---- | M] (InterAct Accessories Incorporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IAI3300.sys -- (IAI3300FilterService)
    DRV - [1999/12/17 01:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\PFMODNT.SYS -- (PfModNT)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gty.org/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>



    O1 HOSTS File: ([2010/12/16 10:34:57 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
    O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
    O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\JoyAct.lnk = C:\Program Files\InterAct\Gaming Devices\JoyAct.exe (InterAct Accessories Incorporation)
    O4 - Startup: C:\Documents and Settings\Ryan\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} http://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab (System Requirements Lab Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Ryan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ryan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/02/04 05:18:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/12/16 21:44:16 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ryan\Desktop\OTL.exe
    [2010/12/16 10:13:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2010/12/16 10:05:40 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/12/15 20:39:44 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/12/15 20:39:44 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/12/15 20:39:44 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/12/15 20:39:44 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/12/15 20:39:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/12/15 20:30:35 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/12/15 08:51:52 | 001,344,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Ryan\Desktop\TDSSKiller.exe
    [2010/12/13 10:49:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Application Data\Malwarebytes
    [2010/12/13 10:49:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/12/13 10:49:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/12/13 10:49:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/12/13 10:49:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/12/13 10:44:54 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ryan\Desktop\TFC.exe
    [2010/12/13 10:44:53 | 007,622,112 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Ryan\Desktop\mbam-setup-1.50.0.0.exe
    [2010/12/11 13:32:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\backups
    [2010/12/11 12:13:38 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\All Users\Documents\HijackThis.exe
    [2010/12/11 12:09:56 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Ryan\My Documents\HijackThis.exe
    [2010/12/03 18:16:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\My Documents\Bitmap2LCD inits
    [2010/12/03 18:15:57 | 000,000,000 | ---D | C] -- C:\Program Files\Bitmap2LCD BASIC V1_8
    [2009/02/06 11:07:57 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
    [10 C:\Documents and Settings\Ryan\My Documents\*.tmp files -> C:\Documents and Settings\Ryan\My Documents\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/12/16 21:41:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/12/16 21:33:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/12/16 10:34:57 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/12/16 10:34:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/12/16 10:34:44 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/12/16 10:15:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/12/16 10:05:45 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2010/12/16 10:02:29 | 003,992,805 | R--- | M] () -- C:\Documents and Settings\Ryan\Desktop\ComboFix.exe
    [2010/12/15 21:11:52 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Ryan\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
    [2010/12/15 14:51:00 | 000,001,284 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\Shortcut to DSC00595.JPG.lnk
    [2010/12/15 14:51:00 | 000,001,284 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\Shortcut to DSC00594.JPG.lnk
    [2010/12/15 14:51:00 | 000,001,284 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\Shortcut to DSC00593.JPG.lnk
    [2010/12/13 10:49:27 | 000,000,789 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/12/13 10:44:44 | 000,000,262 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\Shortcut to TFC.exe.lnk
    [2010/12/13 10:38:30 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\i80kdbwh.exe
    [2010/12/12 07:47:26 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\dds.scr
    [2010/12/11 17:38:59 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Ryan\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
    [2010/12/11 15:52:07 | 000,001,943 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/12/11 12:09:58 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Ryan\My Documents\HijackThis.exe
    [2010/12/11 12:09:58 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\All Users\Documents\HijackThis.exe
    [2010/12/11 12:09:16 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/12/11 11:51:29 | 000,000,230 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
    [2010/12/11 10:53:33 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/12/11 10:53:33 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/12/10 14:31:17 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
    [2010/12/09 16:45:36 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\All Users\Documents\~$ prepare fajitas.doc
    [2010/12/09 16:04:11 | 000,007,811 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Play_DVD.asm
    [2010/12/09 16:04:11 | 000,000,504 | ---- | M] () -- C:\Documents and Settings\Ryan\My Documents\Play_DVD.doc
    [2010/12/09 15:57:17 | 000,009,270 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Play_DVD.bmp
    [2010/12/09 15:10:14 | 000,000,347 | ---- | M] () -- C:\Documents and Settings\Ryan\My Documents\Welcome_Screen.TSC
    [2010/12/09 15:06:52 | 000,009,270 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Main_Menu.bmp
    [2010/12/09 15:06:23 | 000,009,270 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Main_Menu(1).bmp
    [2010/12/09 14:52:19 | 000,007,811 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Welcome_Screen.asm
    [2010/12/09 14:52:19 | 000,000,516 | ---- | M] () -- C:\Documents and Settings\Ryan\My Documents\Welcome_Screen.doc
    [2010/12/09 14:48:59 | 000,009,270 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Welcome_Screen.bmp
    [2010/12/09 14:43:40 | 000,001,716 | -H-- | M] () -- C:\Documents and Settings\Ryan\My Documents\Default.rdp
    [2010/12/08 14:48:08 | 001,344,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Ryan\Desktop\TDSSKiller.exe
    [2010/12/08 07:16:06 | 007,622,112 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Ryan\Desktop\mbam-setup-1.50.0.0.exe
    [2010/12/07 15:05:17 | 000,024,580 | -H-- | M] () -- C:\Documents and Settings\All Users\Documents\.DS_Store
    [2010/12/06 18:04:45 | 000,007,803 | ---- | M] () -- C:\Documents and Settings\Ryan\My Documents\NewBitmap.asm
    [2010/12/06 18:04:45 | 000,000,505 | ---- | M] () -- C:\Documents and Settings\Ryan\My Documents\NewBitmap.doc
    [2010/12/06 18:03:40 | 000,001,086 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\Remote.bmp
    [2010/12/03 18:36:45 | 000,001,086 | ---- | M] () -- C:\Documents and Settings\Ryan\My Documents\NewBitmap.bmp
    [2010/12/03 18:34:16 | 000,004,286 | ---- | M] () -- C:\Documents and Settings\Ryan\My Documents\untitled1.ICO
    [2010/12/03 18:33:14 | 001,108,414 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\untitled1.bmp
    [2010/12/03 18:30:22 | 000,030,094 | ---- | M] () -- C:\Documents and Settings\Ryan\My Documents\NewBitmap.h
    [2010/12/03 18:14:00 | 000,004,096 | -H-- | M] () -- C:\Documents and Settings\All Users\Documents\._setup_bitmap2lcd_basic_v1_8d.exe
    [2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [10 C:\Documents and Settings\Ryan\My Documents\*.tmp files -> C:\Documents and Settings\Ryan\My Documents\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/12/16 10:05:45 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2010/12/16 10:05:42 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2010/12/15 20:39:44 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/12/15 20:39:44 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/12/15 20:39:44 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/12/15 20:39:44 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/12/15 20:39:44 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/12/15 20:30:02 | 003,992,805 | R--- | C] () -- C:\Documents and Settings\Ryan\Desktop\ComboFix.exe
    [2010/12/15 14:51:00 | 000,001,284 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\Shortcut to DSC00595.JPG.lnk
    [2010/12/15 14:51:00 | 000,001,284 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\Shortcut to DSC00594.JPG.lnk
    [2010/12/15 14:51:00 | 000,001,284 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\Shortcut to DSC00593.JPG.lnk
    [2010/12/13 10:49:27 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/12/13 10:44:54 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\dds.scr
    [2010/12/13 10:44:54 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\i80kdbwh.exe
    [2010/12/13 10:44:54 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\MBRCheck.exe
    [2010/12/13 10:44:44 | 000,000,262 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\Shortcut to TFC.exe.lnk
    [2010/12/11 11:51:29 | 000,000,230 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
    [2010/12/09 16:04:11 | 000,007,811 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Play_DVD.asm
    [2010/12/09 16:04:11 | 000,000,504 | ---- | C] () -- C:\Documents and Settings\Ryan\My Documents\Play_DVD.doc
    [2010/12/09 15:52:57 | 000,009,270 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Play_DVD.bmp
    [2010/12/09 15:10:14 | 000,000,347 | ---- | C] () -- C:\Documents and Settings\Ryan\My Documents\Welcome_Screen.TSC
    [2010/12/09 15:06:22 | 000,009,270 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Main_Menu(1).bmp
    [2010/12/09 15:03:10 | 000,009,270 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Main_Menu.bmp
    [2010/12/09 14:47:23 | 000,000,516 | ---- | C] () -- C:\Documents and Settings\Ryan\My Documents\Welcome_Screen.doc
    [2010/12/09 14:47:21 | 000,007,811 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Welcome_Screen.asm
    [2010/12/09 14:41:34 | 000,009,270 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Welcome_Screen.bmp
    [2010/12/06 17:56:14 | 000,001,086 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\Remote.bmp
    [2010/12/04 09:13:42 | 000,007,803 | ---- | C] () -- C:\Documents and Settings\Ryan\My Documents\NewBitmap.asm
    [2010/12/03 18:36:45 | 000,001,086 | ---- | C] () -- C:\Documents and Settings\Ryan\My Documents\NewBitmap.bmp
    [2010/12/03 18:34:16 | 000,004,286 | ---- | C] () -- C:\Documents and Settings\Ryan\My Documents\untitled1.ICO
    [2010/12/03 18:33:14 | 001,108,414 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\untitled1.bmp
    [2010/12/03 18:30:04 | 000,030,094 | ---- | C] () -- C:\Documents and Settings\Ryan\My Documents\NewBitmap.h
    [2010/12/03 18:30:04 | 000,000,505 | ---- | C] () -- C:\Documents and Settings\Ryan\My Documents\NewBitmap.doc
    [2010/12/03 18:13:58 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\All Users\Documents\._setup_bitmap2lcd_basic_v1_8d.exe
    [2010/03/23 12:57:30 | 000,014,254 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\Mh3jm32txN
    [2009/10/30 17:18:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\JoyAct.INI
    [2009/09/20 15:11:22 | 000,000,292 | ---- | C] () -- C:\WINDOWS\dellstat.ini
    [2009/09/02 10:06:59 | 000,000,001 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MPBootLdrport.txt
    [2009/08/10 05:38:02 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\MPMapTrace.dll
    [2009/08/10 05:02:44 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\mpPathan.dll
    [2009/05/04 07:51:59 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
    [2009/03/30 13:36:01 | 000,038,466 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\Comma Separated Values (Windows).ADR
    [2009/03/30 13:24:57 | 000,038,462 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\Comma Separated Values (DOS).ADR
    [2009/03/02 16:19:11 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS56.DLL
    [2009/02/23 11:43:57 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2009/02/06 11:08:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
    [2009/02/06 11:08:45 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
    [2009/02/06 11:07:57 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini
    [2009/02/06 11:07:57 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
    [2009/02/06 11:07:55 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
    [2009/02/06 11:07:49 | 000,002,572 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
    [2009/02/06 11:07:46 | 000,000,064 | ---- | C] () -- C:\WINDOWS\P16x.ini
    [2009/02/05 21:39:23 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
    [2009/02/04 14:58:49 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2009/02/04 00:09:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

    ========== LOP Check ==========

    [2009/02/05 03:24:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
    [2009/02/05 13:47:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
    [2009/09/30 11:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
    [2009/05/13 09:22:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
    [2010/07/07 10:12:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
    [2009/02/05 20:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
    [2009/12/12 16:29:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Canon
    [2010/09/11 15:40:09 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Ryan\Application Data\Microchip

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < \*.* %systemroot%\winn32\*.* %systemroot%\Java\*.* %systemroot%\system32\test\*.* %systemroot%\system32\Rundll32\*.* %systemroot%\AppPatch\Custom\*.* %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x %PROGRAMFILES%\PC-Doctor\Downloads\*.* %PROGRAMFILES%\Internet Explorer\*.tmp %PROGRAMFILES%\Internet Explorer\*.dat %USERPROFILE%\My Documents\*.exe %USERPROFILE%\*.exe %systemroot%\ADDINS\*.* %systemroot%\assembly\*.bak2 %systemroot%\Config\*.* %systemroot%\REPAIR\*.bak2 %systemroot%\SECURITY\Database\*.sdb /x %systemroot%\SYSTEM\*.bak2 %systemroot%\Web\*.bak2 %systemroot%\Driver Cache\*.* %PROGRAMFILES%\Mozilla Firefox\0*.exe %ProgramFiles%\Microsoft Common\*.* %ProgramFiles%\TinyProxy. %USERPROFILE%\Favorites\*.url /x %systemroot%\system32\*.bk %systemroot%\*.te %systemroot%\system32\system32\*.* %ALLUSERSPROFILE%\*.dat /x %systemroot%\system32\drivers\*.rmv dir /b "%systemroot%\system32\*.exe" | find /i " " /c dir /b "%systemroot%\*.exe" | find /i " " /c %PROGRAMFILES%\Microsoft\*.* %systemroot%\System32\W >

    < bem\proquota.exe %PROGRAMFILES%\Mozilla Firefox\*.dat %USERPROFILE%\Cookies\*.txt /x %SystemRoot%\system32\fonts\*.* %systemroot%\system32\winlog\*.* %systemroot%\system32\Language\*.* %systemroot%\system32\Settings\*.* %systemroot%\system32\*.quo %SYSTEMROOT%\AppPatch\*.exe %SYSTEMROOT%\inf\*.exe %SYSTEMROOT%\Installer\*.exe %systemroot%\system32\config\*.bak2 %systemroot%\system32\Computers\*.* %SystemRoot%\system32\Sound\*.* %SystemRoot%\system32\SpecialImg\*.* %SystemRoot%\system32\code\*.* %SystemRoot%\system32\draft\*.* %SystemRoot%\system32\MSSSys\*.* %ProgramFiles%\Javascript\*.* %systemroot%\pchealth\helpctr\System\*.exe /s %systemroot%\Web\*.exe %systemroot%\system32\msn\*.* %systemroot%\system32\*.tro %AppData%\Microsoft\Installer\msupdates\*.* %ProgramFiles%\Messenger\*.* %systemroot%\system32\systhem32\*.* %systemroot%\system\*.exe HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results >


    < End of report >


    Extras:


    OTL Extras logfile created on: 12/16/2010 9:47:35 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Ryan\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,022.00 Mb Total Physical Memory | 441.00 Mb Available Physical Memory | 43.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 89.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 465.76 Gb Total Space | 292.80 Gb Free Space | 62.87% Space Free | Partition Type: NTFS

    Computer Name: SCHOOLROOM | User Name: Ryan | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
    "3540:UDP" = 3540:UDP:*:Enabled:peer Name Resolution Protocol (PNRP)
    "3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "8080:TCP" = 8080:TCP:*:Enabled:Spanish
    "3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
    "3540:UDP" = 3540:UDP:*:Enabled:peer Name Resolution Protocol (PNRP)
    "3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
    "C:\Program Files\Acronis\TrueImageWorkstation\TrueImage.exe" = C:\Program Files\Acronis\TrueImageWorkstation\TrueImage.exe:*:Enabled:Acronis True Image -- (Acronis)
    "C:\Program Files\GolfLogix\CourseManager\CourseManager.exe" = C:\Program Files\GolfLogix\CourseManager\CourseManager.exe:*:Enabled:GolfLogix Course Manager -- ()
    "C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
    "C:\WINDOWS\system32\dxdiag.exe" = C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool -- (Microsoft Corporation)
    "C:\Program Files\Microsoft Games\Microsoft Flight Simulator X\fsx.exe" = C:\Program Files\Microsoft Games\Microsoft Flight Simulator X\fsx.exe:*:Enabled:Microsoft Flight Simulator X -- (Microsoft Corp.)
    "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
    "C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX700_series" = Canon MX700 series
    "{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{2545228C-6A70-4A01-B936-6DA77984D298}" = Acronis*True*Image*Workstation
    "{2818ADC7-C1FB-40A8-BE6B-36B62682E9E8}" = PICkit 2 v2.61
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35E542F9-1CDE-4839-989D-D77ADB84307E}" = PicLoops v2.2
    "{38D68900-ACBC-11D4-B8A3-0050DA91CD36}" = Gaming Devices
    "{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
    "{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
    "{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
    "{5FC28A48-4C11-4602-AA2A-377B1D44A826}" = MPLAB Tools v8.20
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{91FE9A2C-2FBD-4B48-B835-89BC0E943DBB}" = MPLAB Tools v8.36
    "{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
    "{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}" = Sound Blaster Live!
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A638557B-1F13-40A0-9627-C892FBCA6960}" = McAfee Agent
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
    "{AC76BA86-7AD7-2448-0000-900000000003}" = Chinese Traditional Fonts Support For Adobe Reader 9
    "{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
    "{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
    "{D9E91AD3-BE99-48C8-A479-F6259D015DBC}" = SX-Key Editor v3.2.92h BETA
    "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
    "{DF455F10-786F-41E4-805D-0CB59063FC9E}" = DiskeeperWorkstation
    "{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
    "{E412835B-DEEC-41AC-8997-9133FBB090D5}" = Propeller Tool v1.2.5
    "{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
    "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
    "{FF5532E8-1B92-473D-892B-F14E34C87E97}" = BASIC Stamp Editor v2.4.2
    "00BD1CD47675C125126C80095FCC12CFA4D311DB" = Windows Driver Package - FTDI CDM Driver Package (06/27/2007 2.02.04)
    "45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
    "A106663FD3361BDFACB045D83EBA03858EB1E411" = Windows Driver Package - FTDI CDM Driver Package (03/13/2008 2.04.06)
    "A622B79B943ECA1F0AECF1FF5BE13D458F345EBB" = Windows Driver Package - FTDI CDM Driver Package (06/27/2007 2.02.04)
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Bitmap2LCD BASIC Edition V1.8_is1" = Bitmap2LCD BASIC Edition V1.8
    "Canon MX700 series User Registration" = Canon MX700 series User Registration
    "Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
    "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
    "Dell Photo Printer 720" = Dell Photo Printer 720
    "F2F24872454C7CAEAABD8BB063F70FBEFF01989D" = Windows Driver Package - FTDI CDM Driver Package (03/13/2008 2.04.06)
    "GolfLogix Course Manager_is1" = GolfLogix Course Manager 3.7
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
    "InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
    "InstallShield_{5FC28A48-4C11-4602-AA2A-377B1D44A826}" = MPLAB Tools v8.20
    "InstallShield_{91FE9A2C-2FBD-4B48-B835-89BC0E943DBB}" = MPLAB Tools v8.36
    "InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
    "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "MeterBasic" = MeterBasic
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "NoteWorthy Composer 2 Viewer" = NoteWorthy Composer 2 Viewer
    "SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1
    "Student Management System" = Student Management System
    "SystemRequirementsLab" = System Requirements Lab
    "The Rosetta Stone" = The Rosetta Stone
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinZip" = WinZip
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 12/16/2010 7:09:41 PM | Computer Name = SCHOOLROOM | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 12/16/2010 7:09:41 PM | Computer Name = SCHOOLROOM | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 12/16/2010 8:12:22 PM | Computer Name = SCHOOLROOM | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 12/16/2010 8:12:22 PM | Computer Name = SCHOOLROOM | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 12/16/2010 8:40:41 PM | Computer Name = SCHOOLROOM | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 12/16/2010 8:40:41 PM | Computer Name = SCHOOLROOM | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 12/16/2010 9:43:22 PM | Computer Name = SCHOOLROOM | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 12/16/2010 9:43:22 PM | Computer Name = SCHOOLROOM | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 12/16/2010 10:11:41 PM | Computer Name = SCHOOLROOM | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 12/16/2010 10:11:41 PM | Computer Name = SCHOOLROOM | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
    and it will not be loaded. This is most likely caused by a faulty registration.

    [ System Events ]
    Error - 12/15/2010 9:51:34 AM | Computer Name = SCHOOLROOM | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service netman with
    arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

    Error - 12/15/2010 9:51:34 AM | Computer Name = SCHOOLROOM | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service netman with
    arguments " " in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

    Error - 12/15/2010 9:51:42 AM | Computer Name = SCHOOLROOM | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service StiSvc with
    arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

    Error - 12/15/2010 9:51:45 AM | Computer Name = SCHOOLROOM | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 12/15/2010 9:51:45 AM | Computer Name = SCHOOLROOM | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service netman with
    arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

    Error - 12/15/2010 9:53:48 AM | Computer Name = SCHOOLROOM | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service StiSvc with
    arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

    Error - 12/15/2010 9:54:23 AM | Computer Name = SCHOOLROOM | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service StiSvc with
    arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

    Error - 12/15/2010 9:54:43 AM | Computer Name = SCHOOLROOM | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 12/15/2010 3:48:31 PM | Computer Name = SCHOOLROOM | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service netman with
    arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

    Error - 12/16/2010 3:14:06 AM | Computer Name = SCHOOLROOM | Source = DCOM | ID = 10010
    Description = The server {80EE4901-33A8-11D1-A213-0080C88593A5} did not register
    with DCOM within the required timeout.


    < End of report >
     
  13. 2010/12/16
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    =============================================================

    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyOverride" = <local>
      O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
      [10 C:\Documents and Settings\Ryan\My Documents\*.tmp files -> C:\Documents and Settings\Ryan\My Documents\*.tmp -> ]
      [2010/03/23 12:57:30 | 000,014,254 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\Mh3jm32txN
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =============================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  14. 2010/12/17
    Buddie

    Buddie Inactive Thread Starter

    Joined:
    2010/12/13
    Messages:
    10
    Likes Received:
    0
    I have run the scans. Eset did not find anything. The logs are posted below. The tray icon for my anti-virus disappeared after the TFC reboot, but it is still running.


    OTL:


    All processes killed
    ========== OTL ==========
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\ not found.
    C:\Documents and Settings\Ryan\My Documents\Jmw173A.tmp folder deleted successfully.
    C:\Documents and Settings\Ryan\My Documents\Jmw19CF.tmp folder deleted successfully.
    C:\Documents and Settings\Ryan\My Documents\Jmw1BC2.tmp folder deleted successfully.
    C:\Documents and Settings\Ryan\My Documents\Jmw1BE.tmp folder deleted successfully.
    C:\Documents and Settings\Ryan\My Documents\Jmw205.tmp folder deleted successfully.
    C:\Documents and Settings\Ryan\My Documents\Jmw2269.tmp folder deleted successfully.
    C:\Documents and Settings\Ryan\My Documents\Jmw2D3.tmp folder deleted successfully.
    C:\Documents and Settings\Ryan\My Documents\Jmw675.tmp folder deleted successfully.
    C:\Documents and Settings\Ryan\My Documents\JmwC38.tmp folder deleted successfully.
    C:\Documents and Settings\Ryan\My Documents\JmwD9E6.tmp folder deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Mh3jm32txN moved successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Anna

    User: Cheryl
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32835 bytes

    User: Lou

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 575588 bytes

    User: Ryan
    ->Temp folder emptied: 10176911 bytes
    ->Temporary Internet Files folder emptied: 107727 bytes
    ->Java cache emptied: 1970 bytes
    ->Apple Safari cache emptied: 4476928 bytes
    ->Flash cache emptied: 456 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 68096439 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 80.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Anna

    User: Cheryl
    ->Flash cache emptied: 0 bytes

    User: Default User

    User: LocalService

    User: Lou

    User: NetworkService

    User: Ryan
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.17.3 log created on 12172010_084911

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...


    Checkup:


    Results of screen317's Security Check version 0.99.7
    Windows XP Service Pack 3
    Internet Explorer 6 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    McAfee VirusScan Enterprise
    McAfee Agent
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 23
    Out of date Java installed!
    Adobe Flash Player 10.1.102.64
    Adobe Reader 9.3
    Chinese Traditional Fonts Support For Adobe Reader 9
    Out of date Adobe Reader installed!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    McAfee VirusScan Enterprise EngineServer.exe
    McAfee VirusScan Enterprise VsTskMgr.exe
    McAfee VirusScan Enterprise Mcshield.exe
    ``````````End of Log````````````
     
    Last edited: 2010/12/17
  15. 2010/12/17
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Update Internet Explorer to at least version 7. Version 6 is obsolete and thus dangerous.

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
    On this page:

    [​IMG]

    make sure, you have both boxes UN-checked AND (important!) click on Decline button

    ==============================================================

    Your computer is clean :)

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
  16. 2010/12/17
    Buddie

    Buddie Inactive Thread Starter

    Joined:
    2010/12/13
    Messages:
    10
    Likes Received:
    0
    Ran OTL. The log is posted below. Thank you for helping me. I really appreciate it.

    OTL log:


    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Anna

    User: Cheryl
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Lou

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Ryan
    ->Temp folder emptied: 670 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->Apple Safari cache emptied: 1657856 bytes
    ->Flash cache emptied: 456 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 68121059 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 67.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Anna

    User: Cheryl
    ->Flash cache emptied: 0 bytes

    User: Default User

    User: LocalService

    User: Lou

    User: NetworkService

    User: Ryan
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb

    Restore points cleared and new OTL Restore Point set!

    OTL by OldTimer - Version 3.2.17.3 log created on 12172010_163953

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
  17. 2010/12/17
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're very welcome :)

    Whenever ready....
     
  18. 2010/12/22
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    The issue seems to be resolved.
     
  19. 2010/12/23
    Buddie

    Buddie Inactive Thread Starter

    Joined:
    2010/12/13
    Messages:
    10
    Likes Received:
    0
    Yes, the issue is resolved. The computer is working very well now. Thank you.
     
  20. 2010/12/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Good to (finally :)) know....

    Merry Christmas :)
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.