Jump to content
Sign in to follow this  
hadleycat

Hadleycat's Hijack this Log :) Thanks for looking

Recommended Posts

I was directed to start a new thread over here concerning my computer issues. Thanks

 

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 3:15:42 PM, on 12/30/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

c:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\brss01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\Brmfrmps.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe

C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\java.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk"&"inst=NzctNzYxNzMwMTU2LUZMMTArMS1YTzEwKzExLUxJQysyLVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ"&"prod=90"&"ver=2012.0.1831"&"mid=f5e0687ab8f947d1a09bd1686f011352-06ce4fc639803a2e3563922518183d8e94088cb9

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1284597873671

O20 - AppInit_DLLs: halres.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe

O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--

End of file - 6180 bytes

 

Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org

Database version: v2011.12.29.03

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Owner :: YOUR-97E01E8086 [administrator]

12/29/2011 9:05:50 AM

mbam-log-2011-12-29 (09-05-50).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra |

Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 228151

Time elapsed: 2 hour(s), 26 minute(s), 1 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.

  • Please subscribe to this topic, if you haven't already.

  • The fixes are specific to your problem and should only be used for the issues on this machine.

  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.

  • It's often worth reading through these instructions and printing them for ease of reference.

  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.

  • Please reply to this thread. Do not start a new topic.
IMPORTANT NOTE : Please do not delete anything unless instructed to.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.

 

Vista and Windows 7 users:

These tools MUST be run from the executable (.exe) every time you run them

with Admin Rights (Right click, choose "Run as Administrator")

 

Stay with this topic until I give you the all clean post.

----------

 

 

Please download DDS from one of the following links and save it to your desktop.

  • Disable any script blocking protection (How to Disable your Security Programs)
  • Double click DDS icon to run the tool (may take up to 3 minutes to run)
  • When done, DDS.txt will open.
  • After a few moments, attach.txt will open in a second window.
  • Save both reports to your desktop.
---------------------------------------------------
  • Post the contents of the DDS.txt report in your next reply
  • Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.
----------

 

Please download aswMBR to your desktop.

  • Double click the aswMBR icon to run it.

    Vista and Windows 7 users right click the icon and choose "Run as administrator".

  • Click the Scan button to start scan.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.
Posted Image

Click the image to enlarge it

----------

 

In your next reply please post both of the logs created by DDS and the log created by aswMBR.exe. :)

Share this post


Link to post
Share on other sites

Thank You VERY much for your time. I really, really appreciate it.

 

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Owner at 19:03:31 on 2012-01-03

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.382.117 [GMT -6:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\brss01a.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\Brmfrmps.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe

C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\java.exe

C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = hxxp://www.google.com/ie

uStart Page = hxxp://www.google.com/

mDefault_Page_URL = hxxp://www.yahoo.com/?ilc=8

mStart Page = hxxp://www.yahoo.com/?ilc=8

uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe"

uInternet Settings,ProxyOverride = *.local

mSearchAssistant = hxxp://www.google.com/ie

uURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk"&"inst=NzctNzYxNzMwMTU2LUZMMTArMS1YTzEwKzExLUxJQysyLVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ"&"prod=90"&"ver=2012.0.1831"&"mid=f5e0687ab8f947d1a09bd1686f011352-06ce4fc639803a2e3563922518183d8e94088cb9

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1284597873671

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

TCP: DhcpNameServer = 209.55.5.10 209.55.5.11

TCP: Interfaces\{AE03CBA9-B8BC-4ACB-A42A-C6E3D685D8B9} : DhcpNameServer = 209.55.5.10 209.55.5.11

Notify: AtiExtEvent - Ati2evxx.dll

AppInit_DLLs: halres.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]

R1 MpKsl6be03382;MpKsl6be03382;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b431dcd1-9111-4f6f-a836-52429e603b52}\mpksl6be03382.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b431dcd1-9111-4f6f-a836-52429e603b52}\MpKsl6be03382.sys [?]

R1 MpKslc6b3ed53;MpKslc6b3ed53;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{955b6672-dc6d-4d65-b59f-97b2b146b647}\MpKslc6b3ed53.sys [2012-1-3 29904]

R1 MpKslfbf17d03;MpKslfbf17d03;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b431dcd1-9111-4f6f-a836-52429e603b52}\mpkslfbf17d03.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b431dcd1-9111-4f6f-a836-52429e603b52}\MpKslfbf17d03.sys [?]

R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [2009-12-2 581480]

R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [2009-12-2 209640]

R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [2009-12-2 20584]

R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [2009-12-2 18280]

S1 atazazvi;atazazvi;\??\c:\windows\system32\drivers\atazazvi.sys --> c:\windows\system32\drivers\atazazvi.sys [?]

S1 beuiwanw;beuiwanw;\??\c:\windows\system32\drivers\beuiwanw.sys --> c:\windows\system32\drivers\beuiwanw.sys [?]

S1 bozhsczl;bozhsczl;\??\c:\windows\system32\drivers\bozhsczl.sys --> c:\windows\system32\drivers\bozhsczl.sys [?]

S1 bwmubxqs;bwmubxqs;\??\c:\windows\system32\drivers\bwmubxqs.sys --> c:\windows\system32\drivers\bwmubxqs.sys [?]

S1 cerhqgfd;cerhqgfd;\??\c:\windows\system32\drivers\cerhqgfd.sys --> c:\windows\system32\drivers\cerhqgfd.sys [?]

S1 cfeztjyj;cfeztjyj;\??\c:\windows\system32\drivers\cfeztjyj.sys --> c:\windows\system32\drivers\cfeztjyj.sys [?]

S1 cgweoqxu;cgweoqxu;\??\c:\windows\system32\drivers\cgweoqxu.sys --> c:\windows\system32\drivers\cgweoqxu.sys [?]

S1 czaacyhy;czaacyhy;\??\c:\windows\system32\drivers\czaacyhy.sys --> c:\windows\system32\drivers\czaacyhy.sys [?]

S1 dbhrlpbn;dbhrlpbn;\??\c:\windows\system32\drivers\dbhrlpbn.sys --> c:\windows\system32\drivers\dbhrlpbn.sys [?]

S1 dfdikjza;dfdikjza;\??\c:\windows\system32\drivers\dfdikjza.sys --> c:\windows\system32\drivers\dfdikjza.sys [?]

S1 dflmbagz;dflmbagz;\??\c:\windows\system32\drivers\dflmbagz.sys --> c:\windows\system32\drivers\dflmbagz.sys [?]

S1 djrnsdvk;djrnsdvk;\??\c:\windows\system32\drivers\djrnsdvk.sys --> c:\windows\system32\drivers\djrnsdvk.sys [?]

S1 dlsobddj;dlsobddj;\??\c:\windows\system32\drivers\dlsobddj.sys --> c:\windows\system32\drivers\dlsobddj.sys [?]

S1 dyiejrpu;dyiejrpu;\??\c:\windows\system32\drivers\dyiejrpu.sys --> c:\windows\system32\drivers\dyiejrpu.sys [?]

S1 eovluipf;eovluipf;\??\c:\windows\system32\drivers\eovluipf.sys --> c:\windows\system32\drivers\eovluipf.sys [?]

S1 epbpdrdb;epbpdrdb;\??\c:\windows\system32\drivers\epbpdrdb.sys --> c:\windows\system32\drivers\epbpdrdb.sys [?]

S1 gqyyceww;gqyyceww;\??\c:\windows\system32\drivers\gqyyceww.sys --> c:\windows\system32\drivers\gqyyceww.sys [?]

S1 grlxaazh;grlxaazh;\??\c:\windows\system32\drivers\grlxaazh.sys --> c:\windows\system32\drivers\grlxaazh.sys [?]

S1 iiwrrlvq;iiwrrlvq;\??\c:\windows\system32\drivers\iiwrrlvq.sys --> c:\windows\system32\drivers\iiwrrlvq.sys [?]

S1 jhkomrnc;jhkomrnc;\??\c:\windows\system32\drivers\jhkomrnc.sys --> c:\windows\system32\drivers\jhkomrnc.sys [?]

S1 kueazaew;kueazaew;\??\c:\windows\system32\drivers\kueazaew.sys --> c:\windows\system32\drivers\kueazaew.sys [?]

S1 ldutfuif;ldutfuif;\??\c:\windows\system32\drivers\ldutfuif.sys --> c:\windows\system32\drivers\ldutfuif.sys [?]

S1 lhptwgkc;lhptwgkc;\??\c:\windows\system32\drivers\lhptwgkc.sys --> c:\windows\system32\drivers\lhptwgkc.sys [?]

S1 lkdiflmt;lkdiflmt;\??\c:\windows\system32\drivers\lkdiflmt.sys --> c:\windows\system32\drivers\lkdiflmt.sys [?]

S1 llldxwoj;llldxwoj;\??\c:\windows\system32\drivers\llldxwoj.sys --> c:\windows\system32\drivers\llldxwoj.sys [?]

S1 MpKsl041785b4;MpKsl041785b4;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{05cab850-1a7b-4e3c-ae31-0c60bfe0ef30}\mpksl041785b4.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{05cab850-1a7b-4e3c-ae31-0c60bfe0ef30}\MpKsl041785b4.sys [?]

S1 MpKsl04ace497;MpKsl04ace497;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2f77433d-ecd4-4811-8cc4-bc8f16ac736f}\mpksl04ace497.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2f77433d-ecd4-4811-8cc4-bc8f16ac736f}\MpKsl04ace497.sys [?]

S1 MpKsl059ec4a8;MpKsl059ec4a8;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{aafc5781-f57e-4234-b283-5d3f2b556e90}\mpksl059ec4a8.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{aafc5781-f57e-4234-b283-5d3f2b556e90}\MpKsl059ec4a8.sys [?]

S1 MpKsl0f3f07bb;MpKsl0f3f07bb;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e0e1f894-33c6-4985-a32f-bb3b6bbaa57b}\mpksl0f3f07bb.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e0e1f894-33c6-4985-a32f-bb3b6bbaa57b}\MpKsl0f3f07bb.sys [?]

S1 MpKsl0ffc53b4;MpKsl0ffc53b4;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d3401703-c036-4817-8162-dd84115a7c03}\mpksl0ffc53b4.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d3401703-c036-4817-8162-dd84115a7c03}\MpKsl0ffc53b4.sys [?]

S1 MpKsl14dc7263;MpKsl14dc7263;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0caade4f-6dac-4951-a650-b7760ebc5e4b}\mpksl14dc7263.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0caade4f-6dac-4951-a650-b7760ebc5e4b}\MpKsl14dc7263.sys [?]

S1 MpKsl1a132f66;MpKsl1a132f66;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8fcec918-cb82-41f7-82d2-1b06fb26a933}\mpksl1a132f66.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8fcec918-cb82-41f7-82d2-1b06fb26a933}\MpKsl1a132f66.sys [?]

S1 MpKsl1b64075b;MpKsl1b64075b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5af00cfd-3c9b-4e7b-8317-aba631dad3a1}\mpksl1b64075b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5af00cfd-3c9b-4e7b-8317-aba631dad3a1}\MpKsl1b64075b.sys [?]

S1 MpKsl21501628;MpKsl21501628;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e9dd2295-d9f7-4184-98d1-fb1dd7745cbd}\mpksl21501628.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e9dd2295-d9f7-4184-98d1-fb1dd7745cbd}\MpKsl21501628.sys [?]

S1 MpKsl3426e806;MpKsl3426e806;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{049f7735-8464-47d7-9b35-deee08fd987b}\mpksl3426e806.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{049f7735-8464-47d7-9b35-deee08fd987b}\MpKsl3426e806.sys [?]

S1 MpKsl40ba36d7;MpKsl40ba36d7;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2f77433d-ecd4-4811-8cc4-bc8f16ac736f}\mpksl40ba36d7.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2f77433d-ecd4-4811-8cc4-bc8f16ac736f}\MpKsl40ba36d7.sys [?]

S1 MpKsl42194ebe;MpKsl42194ebe;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{114dc8b9-1f00-41cf-8dcb-d1903919f881}\mpksl42194ebe.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{114dc8b9-1f00-41cf-8dcb-d1903919f881}\MpKsl42194ebe.sys [?]

S1 MpKsl46ad5bf5;MpKsl46ad5bf5;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f7f4a1b3-384d-4433-8e89-46d0a673fadb}\mpksl46ad5bf5.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f7f4a1b3-384d-4433-8e89-46d0a673fadb}\MpKsl46ad5bf5.sys [?]

S1 MpKsl47ad3348;MpKsl47ad3348;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f4567c5b-8fbc-47b5-b28c-485ba1d4e43e}\mpksl47ad3348.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f4567c5b-8fbc-47b5-b28c-485ba1d4e43e}\MpKsl47ad3348.sys [?]

S1 MpKsl4c40c17d;MpKsl4c40c17d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{69bfce84-c29d-4eaa-84e0-ec59f44c0f7e}\mpksl4c40c17d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{69bfce84-c29d-4eaa-84e0-ec59f44c0f7e}\MpKsl4c40c17d.sys [?]

S1 MpKsl508b2718;MpKsl508b2718;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{47517185-d7b8-43c4-b442-1f191d45fcfa}\mpksl508b2718.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{47517185-d7b8-43c4-b442-1f191d45fcfa}\MpKsl508b2718.sys [?]

S1 MpKsl5788ea9f;MpKsl5788ea9f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3ba4a78c-eeae-45a9-995c-2cffcb4d911a}\mpksl5788ea9f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3ba4a78c-eeae-45a9-995c-2cffcb4d911a}\MpKsl5788ea9f.sys [?]

S1 MpKsl5d1d0e2a;MpKsl5d1d0e2a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e70258d5-564d-485a-bc8c-27c18b09bcb7}\mpksl5d1d0e2a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e70258d5-564d-485a-bc8c-27c18b09bcb7}\MpKsl5d1d0e2a.sys [?]

S1 MpKsl68017f38;MpKsl68017f38;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1a1a27b1-5c41-488f-928a-2077e90de80c}\mpksl68017f38.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1a1a27b1-5c41-488f-928a-2077e90de80c}\MpKsl68017f38.sys [?]

S1 MpKsl6955d0d1;MpKsl6955d0d1;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{118c703c-d0fc-4975-9d42-7b1712f17395}\mpksl6955d0d1.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{118c703c-d0fc-4975-9d42-7b1712f17395}\MpKsl6955d0d1.sys [?]

S1 MpKsl70127f5f;MpKsl70127f5f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{aad30d41-3562-49a4-bb90-0c535b871506}\mpksl70127f5f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{aad30d41-3562-49a4-bb90-0c535b871506}\MpKsl70127f5f.sys [?]

S1 MpKsl78af9377;MpKsl78af9377;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{993a047f-896e-4519-8219-cf46a43ad966}\mpksl78af9377.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{993a047f-896e-4519-8219-cf46a43ad966}\MpKsl78af9377.sys [?]

S1 MpKsl792635ce;MpKsl792635ce;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{aafc5781-f57e-4234-b283-5d3f2b556e90}\mpksl792635ce.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{aafc5781-f57e-4234-b283-5d3f2b556e90}\MpKsl792635ce.sys [?]

S1 MpKsl818eb5cd;MpKsl818eb5cd;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{79a5785f-d06a-4cae-8f9e-bdf00e311aee}\mpksl818eb5cd.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{79a5785f-d06a-4cae-8f9e-bdf00e311aee}\MpKsl818eb5cd.sys [?]

S1 MpKsl8af57843;MpKsl8af57843;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6b4e96a8-50bb-4527-a976-c724e2130812}\mpksl8af57843.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6b4e96a8-50bb-4527-a976-c724e2130812}\MpKsl8af57843.sys [?]

S1 MpKsl9e543ae1;MpKsl9e543ae1;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8bf20083-4848-48c5-bee0-c8a4fc0fa253}\mpksl9e543ae1.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8bf20083-4848-48c5-bee0-c8a4fc0fa253}\MpKsl9e543ae1.sys [?]

S1 MpKsla196fd05;MpKsla196fd05;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bc4d29ee-71d6-4322-81a4-4b05e70fd07e}\mpksla196fd05.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bc4d29ee-71d6-4322-81a4-4b05e70fd07e}\MpKsla196fd05.sys [?]

S1 MpKsla6cddc86;MpKsla6cddc86;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1eb2833a-3265-4258-9d2b-6e23452cc05a}\mpksla6cddc86.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1eb2833a-3265-4258-9d2b-6e23452cc05a}\MpKsla6cddc86.sys [?]

S1 MpKslac06dc1a;MpKslac06dc1a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7981e9a2-c74b-48a7-8731-529b3098eb70}\mpkslac06dc1a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7981e9a2-c74b-48a7-8731-529b3098eb70}\MpKslac06dc1a.sys [?]

S1 MpKslad78c156;MpKslad78c156;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{eefe04d5-7dfa-4623-9a45-2ee8b84306a3}\mpkslad78c156.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{eefe04d5-7dfa-4623-9a45-2ee8b84306a3}\MpKslad78c156.sys [?]

S1 MpKslba1f3005;MpKslba1f3005;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{326310b3-6d31-4373-a3ce-50f5ac51a77b}\mpkslba1f3005.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{326310b3-6d31-4373-a3ce-50f5ac51a77b}\MpKslba1f3005.sys [?]

S1 MpKslbb1aa00d;MpKslbb1aa00d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{05cab850-1a7b-4e3c-ae31-0c60bfe0ef30}\mpkslbb1aa00d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{05cab850-1a7b-4e3c-ae31-0c60bfe0ef30}\MpKslbb1aa00d.sys [?]

S1 MpKslbbb7477e;MpKslbbb7477e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e084e324-b3f6-4cb4-97a0-1260521363a2}\mpkslbbb7477e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e084e324-b3f6-4cb4-97a0-1260521363a2}\MpKslbbb7477e.sys [?]

S1 MpKslbe2942c8;MpKslbe2942c8;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c00602da-c65f-41d9-b2c6-595fbba384ec}\mpkslbe2942c8.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c00602da-c65f-41d9-b2c6-595fbba384ec}\MpKslbe2942c8.sys [?]

S1 MpKslc346ca72;MpKslc346ca72;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{300746c3-0c61-4ef3-a2e6-e3fd00fcfd96}\mpkslc346ca72.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{300746c3-0c61-4ef3-a2e6-e3fd00fcfd96}\MpKslc346ca72.sys [?]

S1 MpKslc7e435c0;MpKslc7e435c0;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{993a047f-896e-4519-8219-cf46a43ad966}\mpkslc7e435c0.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{993a047f-896e-4519-8219-cf46a43ad966}\MpKslc7e435c0.sys [?]

S1 MpKslca02702e;MpKslca02702e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{06ee09f7-3601-4f34-8bec-29bfc1460335}\mpkslca02702e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{06ee09f7-3601-4f34-8bec-29bfc1460335}\MpKslca02702e.sys [?]

S1 MpKslce228fc3;MpKslce228fc3;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b1c46a61-9822-4385-a442-d21f1c0caf01}\mpkslce228fc3.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b1c46a61-9822-4385-a442-d21f1c0caf01}\MpKslce228fc3.sys [?]

S1 MpKsle09f4daf;MpKsle09f4daf;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{933c57ed-8a63-4d1d-a705-fe9b6108143e}\mpksle09f4daf.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{933c57ed-8a63-4d1d-a705-fe9b6108143e}\MpKsle09f4daf.sys [?]

S1 MpKsle63cd9bc;MpKsle63cd9bc;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{008b3206-7d59-49b8-ae05-0a6695b688aa}\mpksle63cd9bc.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{008b3206-7d59-49b8-ae05-0a6695b688aa}\MpKsle63cd9bc.sys [?]

S1 MpKsle9ff5327;MpKsle9ff5327;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{69f7358a-dd05-4eba-a5f8-4f1922e74031}\mpksle9ff5327.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{69f7358a-dd05-4eba-a5f8-4f1922e74031}\MpKsle9ff5327.sys [?]

S1 MpKslec6256e7;MpKslec6256e7;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e9dd2295-d9f7-4184-98d1-fb1dd7745cbd}\mpkslec6256e7.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e9dd2295-d9f7-4184-98d1-fb1dd7745cbd}\MpKslec6256e7.sys [?]

S1 MpKslf0b7504d;MpKslf0b7504d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a454a123-d4e9-4ef0-8335-539fc4209f36}\mpkslf0b7504d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a454a123-d4e9-4ef0-8335-539fc4209f36}\MpKslf0b7504d.sys [?]

S1 MpKslf0e1dc77;MpKslf0e1dc77;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1eb2833a-3265-4258-9d2b-6e23452cc05a}\mpkslf0e1dc77.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1eb2833a-3265-4258-9d2b-6e23452cc05a}\MpKslf0e1dc77.sys [?]

S1 MpKslfba14a47;MpKslfba14a47;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c8b47794-3c7e-4a23-a54f-1310f6bb13fb}\mpkslfba14a47.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c8b47794-3c7e-4a23-a54f-1310f6bb13fb}\MpKslfba14a47.sys [?]

S1 mypyslaw;mypyslaw;\??\c:\windows\system32\drivers\mypyslaw.sys --> c:\windows\system32\drivers\mypyslaw.sys [?]

S1 qqnrwxmj;qqnrwxmj;\??\c:\windows\system32\drivers\qqnrwxmj.sys --> c:\windows\system32\drivers\qqnrwxmj.sys [?]

S1 rtwoadno;rtwoadno;\??\c:\windows\system32\drivers\rtwoadno.sys --> c:\windows\system32\drivers\rtwoadno.sys [?]

.

=============== Created Last 30 ================

.

2012-01-03 22:59:29 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{955b6672-dc6d-4d65-b59f-97b2b146b647}\MpKslc6b3ed53.sys

2012-01-03 22:57:15 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{955b6672-dc6d-4d65-b59f-97b2b146b647}\offreg.dll

2012-01-03 22:57:07 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{955b6672-dc6d-4d65-b59f-97b2b146b647}\mpengine.dll

2011-12-28 01:53:06 -------- d-----w- c:\program files\ZOOM

2011-12-14 22:07:27 458752 ----a-w- c:\windows\system32\aclperf.dll

2011-12-14 20:18:13 458752 ----a-w- c:\windows\system32\bootdlg.dll

2011-12-14 19:18:33 458752 ----a-w- c:\windows\system32\iasmgr10.dll

2011-12-14 03:32:36 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-12-14 03:32:36 -------- d-----w- c:\windows\system32\wbem\Repository

2011-12-14 03:32:07 -------- d-----w- c:\program files\Microsoft Security Essentials

2011-12-14 03:31:50 -------- d-----w- c:\program files\Ask.com

2011-12-14 03:31:50 -------- d-----w- c:\documents and settings\owner\local settings\application data\AskToolbar

2011-12-12 20:24:32 0 ----a-w- c:\documents and settings\owner\application data\ixu116.tmp

2011-12-12 18:24:38 0 ----a-w- c:\documents and settings\owner\application data\ixu113.tmp

2011-12-12 17:24:32 0 ----a-w- c:\documents and settings\owner\application data\ixu111.tmp

2011-12-12 15:50:58 0 ----a-w- c:\documents and settings\owner\application data\ixu10F.tmp

2011-12-12 14:17:23 0 ----a-w- c:\documents and settings\owner\application data\ixu10C.tmp

2011-12-12 13:17:23 0 ----a-w- c:\documents and settings\owner\application data\ixu10A.tmp

2011-12-12 11:19:18 0 ----a-w- c:\documents and settings\owner\application data\ixu108.tmp

2011-12-12 10:17:23 0 ----a-w- c:\documents and settings\owner\application data\ixu106.tmp

2011-12-12 09:17:23 0 ----a-w- c:\documents and settings\owner\application data\ixu104.tmp

2011-12-12 08:27:30 41680 ----a-w- c:\windows\system32\drivers\ojolmhjl.sys

2011-12-12 08:17:23 0 ----a-w- c:\documents and settings\owner\application data\ixu102.tmp

2011-12-12 07:27:30 41680 ----a-w- c:\windows\system32\drivers\stirordi.sys

2011-12-12 07:17:22 0 ----a-w- c:\documents and settings\owner\application data\ixu100.tmp

2011-12-12 06:28:01 41680 ----a-w- c:\windows\system32\drivers\wlmmrjaj.sys

2011-12-12 06:17:23 0 ----a-w- c:\documents and settings\owner\application data\ixuFE.tmp

2011-12-12 05:27:30 41680 ----a-w- c:\windows\system32\drivers\fgvakngk.sys

2011-12-12 05:17:22 0 ----a-w- c:\documents and settings\owner\application data\ixuFC.tmp

2011-12-12 04:28:00 41680 ----a-w- c:\windows\system32\drivers\fqkxtuxf.sys

2011-12-12 04:17:23 0 ----a-w- c:\documents and settings\owner\application data\ixuFA.tmp

2011-12-12 03:27:30 41680 ----a-w- c:\windows\system32\drivers\tofhvchu.sys

2011-12-12 03:17:23 0 ----a-w- c:\documents and settings\owner\application data\ixuF8.tmp

2011-12-12 02:27:30 41680 ----a-w- c:\windows\system32\drivers\ugmhropw.sys

2011-12-12 02:17:23 0 ----a-w- c:\documents and settings\owner\application data\ixuF6.tmp

2011-12-12 01:28:20 41680 ----a-w- c:\windows\system32\drivers\rqiwbvja.sys

2011-12-12 01:17:24 0 ----a-w- c:\documents and settings\owner\application data\ixuF4.tmp

2011-12-11 23:19:42 41680 ----a-w- c:\windows\system32\drivers\adicnusb.sys

2011-12-11 23:18:27 -------- d-----r- c:\documents and settings\owner\application data\Brother

2011-12-11 23:17:59 0 ----a-w- c:\documents and settings\owner\application data\ixuEE.tmp

2011-12-11 22:28:00 41680 ----a-w- c:\windows\system32\drivers\wjlusrep.sys

2011-12-11 22:17:23 0 ----a-w- c:\documents and settings\owner\application data\ixuEB.tmp

2011-12-11 21:27:30 41680 ----a-w- c:\windows\system32\drivers\wwnmmgue.sys

2011-12-11 21:17:23 0 ----a-w- c:\documents and settings\owner\application data\ixuE9.tmp

2011-12-11 20:28:00 41680 ----a-w- c:\windows\system32\drivers\tupbvijw.sys

2011-12-11 20:17:23 0 ----a-w- c:\documents and settings\owner\application data\ixuE7.tmp

2011-12-11 18:40:36 41680 ----a-w- c:\windows\system32\drivers\gnamnqbd.sys

2011-12-11 18:30:29 0 ----a-w- c:\documents and settings\owner\application data\ixuE3.tmp

2011-12-11 17:41:07 41680 ----a-w- c:\windows\system32\drivers\rjgmntsf.sys

2011-12-11 17:30:29 0 ----a-w- c:\documents and settings\owner\application data\ixuE1.tmp

2011-12-11 15:41:31 41680 ----a-w- c:\windows\system32\drivers\tgbtrpnq.sys

2011-12-11 15:30:53 0 ----a-w- c:\documents and settings\owner\application data\ixuDF.tmp

2011-12-11 14:48:19 41680 ----a-w- c:\windows\system32\drivers\hlcsgkmm.sys

2011-12-11 14:30:25 0 ----a-w- c:\documents and settings\owner\application data\ixuDA.tmp

2011-12-11 12:37:01 0 ----a-w- c:\documents and settings\owner\application data\ixuF7.tmp

2011-12-11 11:37:00 0 ----a-w- c:\documents and settings\owner\application data\ixuF5.tmp

2011-12-11 10:37:01 0 ----a-w- c:\documents and settings\owner\application data\ixuF3.tmp

2011-12-11 09:37:00 0 ----a-w- c:\documents and settings\owner\application data\ixuF1.tmp

2011-12-11 08:37:02 0 ----a-w- c:\documents and settings\owner\application data\ixuEF.tmp

2011-12-11 06:45:04 0 ----a-w- c:\documents and settings\owner\application data\ixuEC.tmp

2011-12-11 05:45:04 0 ----a-w- c:\documents and settings\owner\application data\ixuEA.tmp

2011-12-11 04:45:04 0 ----a-w- c:\documents and settings\owner\application data\ixuE8.tmp

2011-12-11 03:45:04 0 ----a-w- c:\documents and settings\owner\application data\ixuE6.tmp

2011-12-11 01:45:05 0 ----a-w- c:\documents and settings\owner\application data\ixuE4.tmp

2011-12-11 00:45:04 0 ----a-w- c:\documents and settings\owner\application data\ixuE2.tmp

2011-12-10 22:45:04 0 ----a-w- c:\documents and settings\owner\application data\ixuE0.tmp

2011-12-10 21:45:04 0 ----a-w- c:\documents and settings\owner\application data\ixuDE.tmp

2011-12-10 20:45:04 0 ----a-w- c:\documents and settings\owner\application data\ixuDC.tmp

2011-12-10 18:45:36 0 ----a-w- c:\documents and settings\owner\application data\ixuD8.tmp

2011-12-10 17:45:02 0 ----a-w- c:\documents and settings\owner\application data\ixu2C.tmp

2011-12-10 01:44:39 0 ----a-w- c:\documents and settings\owner\application data\ixuA5.tmp

2011-12-09 23:44:04 0 ----a-w- c:\documents and settings\owner\application data\ixu37.tmp

2011-12-09 02:00:06 0 ----a-w- c:\documents and settings\owner\application data\ixu91.tmp

2011-12-09 01:00:06 0 ----a-w- c:\documents and settings\owner\application data\ixu6B.tmp

2011-12-08 23:00:18 0 ----a-w- c:\documents and settings\owner\application data\ixu61.tmp

2011-12-08 21:00:29 0 ----a-w- c:\documents and settings\owner\application data\ixu3B.tmp

2011-12-08 20:00:06 0 ----a-w- c:\documents and settings\owner\application data\ixu35.tmp

2011-12-08 19:00:06 0 ----a-w- c:\documents and settings\owner\application data\ixu33.tmp

2011-12-08 17:00:11 0 ----a-w- c:\documents and settings\owner\application data\ixu3.tmp

2011-12-08 15:34:26 0 ----a-w- c:\documents and settings\owner\application data\ixuD7.tmp

2011-12-08 14:34:49 0 ----a-w- c:\documents and settings\owner\application data\ixuD3.tmp

2011-12-08 13:34:24 0 ----a-w- c:\documents and settings\owner\application data\ixuCE.tmp

2011-12-08 12:34:24 0 ----a-w- c:\documents and settings\owner\application data\ixuC9.tmp

2011-12-08 11:34:25 0 ----a-w- c:\documents and settings\owner\application data\ixuC7.tmp

2011-12-08 09:34:30 0 ----a-w- c:\documents and settings\owner\application data\ixuC3.tmp

2011-12-08 08:34:24 0 ----a-w- c:\documents and settings\owner\application data\ixu69.tmp

2011-12-08 07:34:24 0 ----a-w- c:\documents and settings\owner\application data\ixu65.tmp

2011-12-08 06:34:24 0 ----a-w- c:\documents and settings\owner\application data\ixu63.tmp

2011-12-08 05:34:24 0 ----a-w- c:\documents and settings\owner\application data\ixu60.tmp

2011-12-08 04:34:24 0 ----a-w- c:\documents and settings\owner\application data\ixu5C.tmp

2011-12-08 03:34:24 0 ----a-w- c:\documents and settings\owner\application data\ixu4D.tmp

2011-12-08 02:34:24 0 ----a-w- c:\documents and settings\owner\application data\ixu49.tmp

2011-12-08 00:34:25 0 ----a-w- c:\documents and settings\owner\application data\ixu47.tmp

2011-12-07 23:34:24 0 ----a-w- c:\documents and settings\owner\application data\ixu45.tmp

2011-12-07 21:34:26 0 ----a-w- c:\documents and settings\owner\application data\ixu41.tmp

2011-12-07 20:34:24 0 ----a-w- c:\documents and settings\owner\application data\ixu3F.tmp

2011-12-07 19:34:48 0 ----a-w- c:\documents and settings\owner\application data\ixu39.tmp

2011-12-07 17:34:26 0 ----a-w- c:\documents and settings\owner\application data\ixu30.tmp

2011-12-07 16:11:22 0 ----a-w- c:\documents and settings\owner\application data\ixuA3.tmp

2011-12-07 14:08:49 0 ----a-w- c:\documents and settings\owner\application data\ixu8A.tmp

2011-12-07 03:08:18 -------- d-----w- C:\192e496d20ae25892cce

2011-12-07 01:33:44 0 ----a-w- c:\documents and settings\owner\application data\ixu2B.tmp

2011-12-07 00:19:49 0 ----a-w- c:\documents and settings\owner\application data\ixu5.tmp

2011-12-06 18:41:17 0 ----a-w- c:\documents and settings\owner\application data\ixuC1.tmp

2011-12-06 17:41:01 0 ----a-w- c:\documents and settings\owner\application data\ixuAD.tmp

2011-12-06 16:41:07 0 ----a-w- c:\documents and settings\owner\application data\ixuAB.tmp

2011-12-06 15:40:40 0 ----a-w- c:\documents and settings\owner\application data\ixuA9.tmp

2011-12-06 14:20:12 0 ----a-w- c:\documents and settings\owner\application data\ixuA7.tmp

2011-12-06 13:20:19 0 ----a-w- c:\documents and settings\owner\application data\ixuA1.tmp

2011-12-06 12:20:13 0 ----a-w- c:\documents and settings\owner\application data\ixu9C.tmp

2011-12-06 11:20:10 0 ----a-w- c:\documents and settings\owner\application data\ixu5E.tmp

2011-12-06 10:20:12 0 ----a-w- c:\documents and settings\owner\application data\ixu5B.tmp

2011-12-06 09:20:10 0 ----a-w- c:\documents and settings\owner\application data\ixu59.tmp

2011-12-06 08:20:11 0 ----a-w- c:\documents and settings\owner\application data\ixu55.tmp

2011-12-06 06:11:47 -------- d-----w- c:\program files\Microsoft Security Client

2011-12-06 00:53:54 0 ----a-w- c:\documents and settings\owner\application data\ixuC0.tmp

2011-12-06 00:50:10 -------- d-----w- c:\program files\Apple Software Update(2)

2011-12-06 00:28:15 -------- d-----w- c:\documents and settings\owner\application data\Participatory Culture Foundation

2011-12-06 00:21:59 -------- d-----w- c:\program files\Participatory Culture Foundation

2011-12-05 23:53:42 0 ----a-w- c:\documents and settings\owner\application data\ixu79.tmp

2011-12-05 03:04:02 0 ----a-w- c:\documents and settings\owner\application data\ixuC8.tmp

.

==================== Find3M ====================

.

2011-12-10 21:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-05 01:04:02 0 ----a-w- c:\documents and settings\owner\application data\ixuC6.tmp

2011-12-04 23:04:02 0 ----a-w- c:\documents and settings\owner\application data\ixuC4.tmp

2011-12-04 21:04:03 0 ----a-w- c:\documents and settings\owner\application data\ixuC2.tmp

2011-12-04 19:04:22 0 ----a-w- c:\documents and settings\owner\application data\ixuBF.tmp

2011-12-04 18:04:05 0 ----a-w- c:\documents and settings\owner\application data\ixuAF.tmp

2011-12-04 17:04:00 0 ----a-w- c:\documents and settings\owner\application data\ixu72.tmp

2011-12-04 10:00:59 457728 ----a-w- c:\windows\system32\w32queue.dll

2011-12-04 10:00:59 457728 ----a-w- c:\windows\system32\syncpack32.dll

2011-12-03 23:27:29 0 ----a-w- c:\documents and settings\owner\application data\ixuF2.tmp

2011-12-03 22:24:57 0 ----a-w- c:\documents and settings\owner\application data\ixuF0.tmp

2011-12-03 20:24:53 0 ----a-w- c:\documents and settings\owner\application data\ixuED.tmp

2011-12-03 18:24:53 0 ----a-w- c:\documents and settings\owner\application data\ixuD5.tmp

2011-12-03 16:24:54 0 ----a-w- c:\documents and settings\owner\application data\ixuD2.tmp

2011-12-03 14:24:54 0 ----a-w- c:\documents and settings\owner\application data\ixuD0.tmp

2011-12-03 12:24:54 0 ----a-w- c:\documents and settings\owner\application data\ixuCC.tmp

2011-12-03 10:32:09 0 ----a-w- c:\documents and settings\owner\application data\ixuCA.tmp

2011-12-03 08:31:49 0 ----a-w- c:\documents and settings\owner\application data\ixuC5.tmp

2011-12-03 07:31:45 0 ----a-w- c:\documents and settings\owner\application data\ixuBE.tmp

2011-12-03 07:29:25 459264 ----a-w- c:\windows\system32\cryptres.dll

2011-12-03 06:31:45 0 ----a-w- c:\documents and settings\owner\application data\ixuBC.tmp

2011-12-03 05:31:45 0 ----a-w- c:\documents and settings\owner\application data\ixuBA.tmp

2011-12-03 04:31:44 0 ----a-w- c:\documents and settings\owner\application data\ixuB8.tmp

2011-12-03 03:31:44 0 ----a-w- c:\documents and settings\owner\application data\ixuB6.tmp

2011-12-03 02:31:44 0 ----a-w- c:\documents and settings\owner\application data\ixuB0.tmp

2011-12-03 00:42:39 0 ----a-w- c:\documents and settings\owner\application data\ixuAE.tmp

2011-12-02 23:42:40 0 ----a-w- c:\documents and settings\owner\application data\ixuAC.tmp

2011-12-02 22:42:39 0 ----a-w- c:\documents and settings\owner\application data\ixuAA.tmp

2011-12-02 21:42:37 0 ----a-w- c:\documents and settings\owner\application data\ixuA8.tmp

2011-12-02 20:42:38 0 ----a-w- c:\documents and settings\owner\application data\ixuA6.tmp

2011-12-02 19:42:38 0 ----a-w- c:\documents and settings\owner\application data\ixuA2.tmp

2011-12-02 18:42:38 0 ----a-w- c:\documents and settings\owner\application data\ixu7E.tmp

2011-12-02 18:19:40 457728 ----a-w- c:\windows\system32\halres.dll

2011-12-02 18:19:40 457728 ----a-w- c:\windows\system32\authres.dll

2011-12-02 17:42:36 0 ----a-w- c:\documents and settings\owner\application data\ixu77.tmp

2011-12-02 16:22:22 0 ----a-w- c:\documents and settings\owner\application data\ixu74.tmp

2011-12-02 15:21:45 0 ----a-w- c:\documents and settings\owner\application data\ixu71.tmp

2011-12-02 13:37:04 0 ----a-w- c:\documents and settings\owner\application data\ixu6F.tmp

2011-12-02 13:24:23 459264 ----a-w- c:\windows\system32\bcdapi.dll

2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-22 00:47:30 0 ----a-w- c:\documents and settings\owner\application data\ixuB4.tmp

2011-11-21 23:47:21 0 ----a-w- c:\documents and settings\owner\application data\ixuA4.tmp

2011-11-21 22:47:20 0 ----a-w- c:\documents and settings\owner\application data\ixuA0.tmp

2011-11-21 20:47:21 0 ----a-w- c:\documents and settings\owner\application data\ixu9E.tmp

2011-11-21 18:47:25 0 ----a-w- c:\documents and settings\owner\application data\ixu9A.tmp

2011-11-21 16:47:20 0 ----a-w- c:\documents and settings\owner\application data\ixu98.tmp

2011-11-21 14:47:46 0 ----a-w- c:\documents and settings\owner\application data\ixu96.tmp

2011-11-21 12:48:01 0 ----a-w- c:\documents and settings\owner\application data\ixu94.tmp

2011-11-21 11:47:20 0 ----a-w- c:\documents and settings\owner\application data\ixu92.tmp

2011-11-21 09:47:20 0 ----a-w- c:\documents and settings\owner\application data\ixu90.tmp

2011-11-21 08:47:20 0 ----a-w- c:\documents and settings\owner\application data\ixu8E.tmp

2011-11-21 07:47:20 0 ----a-w- c:\documents and settings\owner\application data\ixu8C.tmp

2011-11-21 06:47:20 0 ----a-w- c:\documents and settings\owner\application data\ixu89.tmp

2011-11-21 05:47:20 0 ----a-w- c:\documents and settings\owner\application data\ixu87.tmp

2011-11-21 03:47:23 0 ----a-w- c:\documents and settings\owner\application data\ixu84.tmp

2011-11-21 01:47:22 0 ----a-w- c:\documents and settings\owner\application data\ixu7C.tmp

2011-11-21 00:47:21 0 ----a-w- c:\documents and settings\owner\application data\ixu7A.tmp

2011-11-20 23:47:20 0 ----a-w- c:\documents and settings\owner\application data\ixu78.tmp

2011-11-20 22:47:20 0 ----a-w- c:\documents and settings\owner\application data\ixu76.tmp

2011-11-20 20:47:20 0 ----a-w- c:\documents and settings\owner\application data\ixu73.tmp

2011-11-20 19:47:20 0 ----a-w- c:\documents and settings\owner\application data\ixu70.tmp

2011-11-20 18:47:20 0 ----a-w- c:\documents and settings\owner\application data\ixu6E.tmp

2011-11-20 16:47:59 0 ----a-w- c:\documents and settings\owner\application data\ixu6C.tmp

2011-11-20 14:47:24 0 ----a-w- c:\documents and settings\owner\application data\ixu6A.tmp

2011-11-20 13:47:20 0 ----a-w- c:\documents and settings\owner\application data\ixu68.tmp

2011-11-20 11:47:20 0 ----a-w- c:\documents and settings\owner\application data\ixu66.tmp

2011-11-20 09:47:22 0 ----a-w- c:\documents and settings\owner\application data\ixu64.tmp

2011-11-20 07:48:52 0 ----a-w- c:\documents and settings\owner\application data\ixu62.tmp

2011-11-20 06:47:22 0 ----a-w- c:\documents and settings\owner\application data\ixu5F.tmp

2011-11-20 04:47:46 0 ----a-w- c:\documents and settings\owner\application data\ixu5D.tmp

2011-11-20 02:47:44 0 ----a-w- c:\documents and settings\owner\application data\ixu43.tmp

2011-11-20 01:47:15 0 ----a-w- c:\documents and settings\owner\application data\ixu2A.tmp

2011-11-20 00:28:02 0 ----a-w- c:\documents and settings\owner\application data\ixu57.tmp

2011-11-19 22:32:26 0 ----a-w- c:\documents and settings\owner\application data\ixu53.tmp

2011-11-19 21:27:54 0 ----a-w- c:\documents and settings\owner\application data\ixu51.tmp

2011-11-19 20:26:10 0 ----a-w- c:\documents and settings\owner\application data\ixu4F.tmp

2011-11-19 18:25:58 0 ----a-w- c:\documents and settings\owner\application data\ixu4B.tmp

2011-11-19 17:24:18 0 ----a-w- c:\documents and settings\owner\application data\ixu48.tmp

2011-11-19 15:24:04 0 ----a-w- c:\documents and settings\owner\application data\ixu46.tmp

2011-11-19 13:24:00 0 ----a-w- c:\documents and settings\owner\application data\ixu44.tmp

2011-11-19 12:01:29 0 ----a-w- c:\documents and settings\owner\application data\ixu42.tmp

2011-11-19 11:01:25 0 ----a-w- c:\documents and settings\owner\application data\ixu40.tmp

2011-11-19 10:01:21 0 ----a-w- c:\documents and settings\owner\application data\ixu3E.tmp

2011-11-19 09:01:28 0 ----a-w- c:\documents and settings\owner\application data\ixu3C.tmp

2011-11-19 08:01:30 0 ----a-w- c:\documents and settings\owner\application data\ixu3A.tmp

2011-11-19 07:01:32 0 ----a-w- c:\documents and settings\owner\application data\ixu38.tmp

2011-11-19 06:01:36 0 ----a-w- c:\documents and settings\owner\application data\ixu36.tmp

2011-11-19 05:01:31 0 ----a-w- c:\documents and settings\owner\application data\ixu34.tmp

2011-11-19 04:01:39 0 ----a-w- c:\documents and settings\owner\application data\ixu32.tmp

2011-11-19 03:01:17 0 ----a-w- c:\documents and settings\owner\application data\ixu2F.tmp

2011-11-19 01:01:17 0 ----a-w- c:\documents and settings\owner\application data\ixu2D.tmp

2011-11-18 23:01:19 0 ----a-w- c:\documents and settings\owner\application data\ixu29.tmp

2011-11-18 03:08:20 0 ----a-w- c:\documents and settings\owner\application data\ixuB2.tmp

2011-11-18 02:06:44 0 ----a-w- c:\documents and settings\owner\application data\ixu8F.tmp

2011-11-18 01:05:54 0 ----a-w- c:\documents and settings\owner\application data\ixu8D.tmp

2011-11-17 23:09:27 0 ----a-w- c:\documents and settings\owner\application data\ixu8B.tmp

2011-11-17 21:14:53 0 ----a-w- c:\documents and settings\owner\application data\ixu88.tmp

2011-11-17 19:19:07 0 ----a-w- c:\documents and settings\owner\application data\ixu85.tmp

2011-11-17 18:14:50 0 ----a-w- c:\documents and settings\owner\application data\ixu83.tmp

2011-11-17 17:14:26 0 ----a-w- c:\documents and settings\owner\application data\ixu81.tmp

.

============= FINISH: 19:05:37.01 ===============

 

 

aswMBR version 0.9.9.1156 Copyright© 2011 AVAST Software

Run date: 2012-01-03 19:09:11

-----------------------------

19:09:11.466 OS Version: Windows 5.1.2600 Service Pack 3

19:09:11.466 Number of processors: 1 586 0xC00

19:09:11.466 ComputerName: YOUR-97E01E8086 UserName: Owner

19:09:12.247 Initialize success

19:09:28.106 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"

 

aswMBR version 0.9.9.1156 Copyright© 2011 AVAST Software

Run date: 2012-01-03 19:09:11

-----------------------------

19:09:11.466 OS Version: Windows 5.1.2600 Service Pack 3

19:09:11.466 Number of processors: 1 586 0xC00

19:09:11.466 ComputerName: YOUR-97E01E8086 UserName: Owner

19:09:12.247 Initialize success

19:09:28.106 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"

19:09:39.934 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-16

19:09:39.934 Disk 0 Vendor: ST380011A 8.01 Size: 76319MB BusType: 3

19:09:39.950 Disk 0 MBR read successfully

19:09:39.950 Disk 0 MBR scan

19:09:39.950 Disk 0 unknown MBR code

19:09:39.966 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 72935 MB offset 6924015

19:09:39.966 Disk 0 Partition 2 00 0B FAT32 RECOVERY 3380 MB offset 63

19:09:39.966 Disk 0 scanning sectors +156296385

19:09:40.059 Disk 0 scanning C:\WINDOWS\system32\drivers

19:09:59.122 Service scanning

19:09:59.840 Service MpKslc6b3ed53 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{955B6672-DC6D-4D65-B59F-97B2B146B647}\MpKslc6b3ed53.sys **LOCKED** 32

19:10:00.543 Modules scanning

19:10:28.699 Disk 0 trace - called modules:

19:10:29.199 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS

19:10:29.199 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x83367030]

19:10:29.215 3 CLASSPNP.SYS[f75fcfd7] -> nt!IofCallDriver -> \Device\000000ae[0x83353e78]

19:10:29.215 5 ACPI.sys[f7413620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-16[0x83354a88]

19:10:29.215 Scan finished successfully

19:10:34.027 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"

19:10:34.027 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"

 

aswMBR version 0.9.9.1156 Copyright© 2011 AVAST Software

Run date: 2012-01-03 19:09:11

-----------------------------

19:09:11.466 OS Version: Windows 5.1.2600 Service Pack 3

19:09:11.466 Number of processors: 1 586 0xC00

19:09:11.466 ComputerName: YOUR-97E01E8086 UserName: Owner

19:09:12.247 Initialize success

19:09:28.106 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"

19:09:39.934 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-16

19:09:39.934 Disk 0 Vendor: ST380011A 8.01 Size: 76319MB BusType: 3

19:09:39.950 Disk 0 MBR read successfully

19:09:39.950 Disk 0 MBR scan

19:09:39.950 Disk 0 unknown MBR code

19:09:39.966 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 72935 MB offset 6924015

19:09:39.966 Disk 0 Partition 2 00 0B FAT32 RECOVERY 3380 MB offset 63

19:09:39.966 Disk 0 scanning sectors +156296385

19:09:40.059 Disk 0 scanning C:\WINDOWS\system32\drivers

19:09:59.122 Service scanning

19:09:59.840 Service MpKslc6b3ed53 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{955B6672-DC6D-4D65-B59F-97B2B146B647}\MpKslc6b3ed53.sys **LOCKED** 32

19:10:00.543 Modules scanning

19:10:28.699 Disk 0 trace - called modules:

19:10:29.199 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS

19:10:29.199 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x83367030]

19:10:29.215 3 CLASSPNP.SYS[f75fcfd7] -> nt!IofCallDriver -> \Device\000000ae[0x83353e78]

19:10:29.215 5 ACPI.sys[f7413620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-16[0x83354a88]

19:10:29.215 Scan finished successfully

19:10:34.027 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"

19:10:34.027 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"

19:10:56.777 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"

19:10:56.777 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"

attach.txt

Share this post


Link to post
Share on other sites

Hi hadleycat,

 

 

Please download MBRCheck.exe to your desktop.

  • Be sure to disable your security programs
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
  • A window will open on your desktop
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm:filtered: should appear on your desktop.
  • Please post the contents of that file.

Share this post


Link to post
Share on other sites

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows XP Home Edition

Windows Information: Service Pack 3 (build 2600)

Logical Drives Mask: 0x000103fc

Kernel Drivers (total 177):

0x804D7000 WINDOWSsystem32ntkrnlpa.exe

0x806D1000 WINDOWSsystem32hal.dll

0xF7A3C000 WINDOWSsystem32KDCOM.DLL

0xF794C000 WINDOWSsystem32BOOTVID.dll

0xF740D000 ACPI.sys

0xF7A3E000 WINDOWSsystem32DRIVERSWMILIB.SYS

0xF73FC000 pci.sys

0xF753C000 isapnp.sys

0xF7B04000 pciide.sys

0xF77BC000 WINDOWSsystem32DRIVERSPCIIDEX.SYS

0xF7A40000 aliide.sys

0xF7A42000 cmdide.sys

0xF7A44000 toside.sys

0xF7A46000 viaide.sys

0xF7A48000 intelide.sys

0xF754C000 MountMgr.sys

0xF73DD000 ftdisk.sys

0xF77C4000 PartMgr.sys

0xF755C000 VolSnap.sys

0xF7950000 cpqarray.sys

0xF73C5000 WINDOWSsystem32DRIVERSSCSIPORT.SYS

0xF73AD000 atapi.sys

0xF7954000 aha154x.sys

0xF77CC000 sparrow.sys

0xF7958000 symc810.sys

0xF756C000 aic78xx.sys

0xF795C000 dac960nt.sys

0xF757C000 ql10wnt.sys

0xF7960000 amsint.sys

0xF77D4000 asc.sys

0xF7964000 asc3550.sys

0xF77DC000 mraid35x.sys

0xF77E4000 i2omp.sys

0xF7968000 ini910u.sys

0xF758C000 ql1240.sys

0xF759C000 aic78u2.sys

0xF77EC000 symc8xx.sys

0xF77F4000 sym_hi.sys

0xF77FC000 sym_u3.sys

0xF7804000 ABP480N5.SYS

0xF780C000 asc3350p.sys

0xF7A4A000 cd20xrnt.sys

0xF75AC000 ultra.sys

0xF7394000 adpu160m.sys

0xF7814000 dpti2o.sys

0xF75BC000 ql1080.sys

0xF75CC000 ql1280.sys

0xF75DC000 ql12160.sys

0xF781C000 perc2.sys

0xF7A4C000 perc2hib.sys

0xF7824000 hpn.sys

0xF796C000 cbidf2k.sys

0xF7368000 dac2w2k.sys

0xF75EC000 disk.sys

0xF75FC000 WINDOWSsystem32DRIVERSCLASSPNP.SYS

0xF7348000 fltmgr.sys

0xF7336000 sr.sys

0xF731F000 KSecDD.sys

0xF730C000 WudfPf.sys

0xF727F000 Ntfs.sys

0xF7252000 NDIS.sys

0xF760C000 sisagp.sys

0xF761C000 viaagp.sys

0xF762C000 ohci1394.sys

0xF763C000 WINDOWSsystem32DRIVERS1394BUS.SYS

0xF7238000 Mup.sys

0xF764C000 agp440.sys

0xF765C000 alim1541.sys

0xF766C000 amdagp.sys

0xF767C000 agpCPQ.sys

0xF770C000 SystemRootsystem32DRIVERSnic1394.sys

0xF77AC000 SystemRootsystem32DRIVERSAmdPPM.sys

0xF6968000 SystemRootsystem32DRIVERSati2mtag.sys

0xF6954000 SystemRootsystem32DRIVERSVIDEOPRT.SYS

0xF78EC000 SystemRootsystem32DRIVERSusbohci.sys

0xF6930000 SystemRootsystem32DRIVERSUSBPORT.SYS

0xF78F4000 SystemRootsystem32DRIVERSusbehci.sys

0xF7218000 SystemRootsystem32DRIVERSimapi.sys

0xF7A00000 SystemRootsystem32driverspfc.sys

0xF7208000 SystemRootsystem32DRIVERScdrom.sys

0xF71F8000 SystemRootsystem32DRIVERSredbook.sys

0xF690D000 SystemRootsystem32DRIVERSks.sys

0xF78FC000 SystemRootsystem32DRIVERSGEARAspiWDM.sys

0xF68D4000 SystemRootsystem32DRIVERSHSFHWBS2.sys

0xF67D7000 SystemRootsystem32DRIVERSHSF_DPV.sys

0xF6727000 SystemRootsystem32DRIVERSHSF_CNXT.sys

0xF7904000 SystemRootSystem32DriversModem.SYS

0xF670D000 SystemRootsystem32DRIVERSRtnicxp.sys

0xF64DB000 SystemRootsystem32driversALCXWDM.SYS

0xF64B7000 SystemRootsystem32driversportcls.sys

0xF71E8000 SystemRootsystem32driversdrmk.sys

0xF790C000 SystemRootsystem32DRIVERSfdc.sys

0xF64A3000 SystemRootsystem32DRIVERSparport.sys

0xF71D8000 SystemRootsystem32DRIVERSi8042prt.sys

0xF7914000 SystemRootsystem32DRIVERSmouclass.sys

0xF791C000 SystemRootsystem32DRIVERSkbdclass.sys

0xF7A64000 SystemRootsystem32DRIVERSserscan.sys

0xF7C66000 SystemRootsystem32DRIVERSaudstub.sys

0xF71C8000 SystemRootsystem32DRIVERSrasl2tp.sys

0xF7A08000 SystemRootsystem32DRIVERSndistapi.sys

0xF648C000 SystemRootsystem32DRIVERSndiswan.sys

0xF71B8000 SystemRootsystem32DRIVERSraspppoe.sys

0xF71A8000 SystemRootsystem32DRIVERSraspptp.sys

0xF7924000 SystemRootsystem32DRIVERSTDI.SYS

0xF647B000 SystemRootsystem32DRIVERSpsched.sys

0xF7198000 SystemRootsystem32DRIVERSmsgpc.sys

0xF792C000 SystemRootsystem32DRIVERSptilink.sys

0xF7934000 SystemRootsystem32DRIVERSraspti.sys

0xF6B76000 SystemRootsystem32DRIVERStermdd.sys

0xF7A66000 SystemRootsystem32DRIVERSswenum.sys

0xF641D000 SystemRootsystem32DRIVERSupdate.sys

0xF7A10000 SystemRootsystem32DRIVERSmssmbios.sys

0xF6B66000 SystemRootSystem32DriversNDProxy.SYS

0xF6B36000 SystemRootsystem32DRIVERSusbhub.sys

0xF7A68000 SystemRootsystem32DRIVERSUSBD.SYS

0xF7168000 SystemRootSystem32Driversi2omgmt.SYS

0xEE2C2000 SystemRootsystem32DRIVERSMpFilter.sys

0xEE286000 SystemRootsystem32DRIVERSrt73.sys

0xF7AD6000 SystemRootSystem32DriversFs_Rec.SYS

0xF7BF3000 SystemRootSystem32DriversNull.SYS

0xF7AD8000 SystemRootSystem32DriversBeep.SYS

0xF787C000 SystemRootsystem32DRIVERSHIDPARSE.SYS

0xF7884000 SystemRootSystem32driversvga.sys

0xF7ADA000 SystemRootSystem32Driversmnmdd.SYS

0xF7ADC000 SystemRootSystem32DRIVERSRDPCDD.sys

0xF788C000 SystemRootSystem32DriversMsfs.SYS

0xF7894000 SystemRootSystem32DriversNpfs.SYS

0xF79E8000 SystemRootsystem32DRIVERSrasacd.sys

0xEE253000 SystemRootsystem32DRIVERSipsec.sys

0xEE1FA000 SystemRootsystem32DRIVERStcpip.sys

0xEE1D2000 SystemRootsystem32DRIVERSnetbt.sys

0xEE1B0000 SystemRootSystem32driversafd.sys

0xF6AE6000 SystemRootsystem32DRIVERSnetbios.sys

0xEE185000 SystemRootsystem32DRIVERSrdbss.sys

0xEE115000 SystemRootsystem32DRIVERSmrxsmb.sys

0xF78C4000 ??C:Documents and SettingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{B431DCD1-9111-4F6F-A836-52429E603B52}MpKslfbf17d03.sys

0xEE0C7000 SystemRootsystem32DRIVERSipnat.sys

0xF76CC000 SystemRootsystem32DRIVERSwanarp.sys

0xF78AC000 ??C:Documents and SettingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{B431DCD1-9111-4F6F-A836-52429E603B52}MpKsl6be03382.sys

0xF76DC000 SystemRootsystem32DRIVERSarp1394.sys

0xF76EC000 SystemRootSystem32DriversFips.SYS

0xEE0A3000 SystemRootSystem32DriversFastfat.SYS

0xF78BC000 ??C:WINDOWSSystem32Driverssunkfilt.sys

0xF78CC000 SystemRootsystem32DRIVERSUSBSTOR.SYS

0xF78D4000 SystemRootsystem32DRIVERSusbccgp.sys

0xF78DC000 SystemRootsystem32DRIVERSusbprint.sys

0xF63FD000 SystemRootSystem32DriversBrScnUsb.sys

0xEE08B000 SystemRootSystem32Driversdump_atapi.sys

0xF7ADE000 SystemRootSystem32Driversdump_WMILIB.SYS

0xBF800000 SystemRootSystem32win32k.sys

0xF7164000 SystemRootSystem32driversDxapi.sys

0xF78E4000 SystemRootSystem32watchdog.sys

0xBF000000 SystemRootSystem32driversdxg.sys

0xF7C74000 SystemRootSystem32driversdxgthk.sys

0xBF012000 SystemRootSystem32ati2dvag.dll

0xBF054000 SystemRootSystem32ati2cqag.dll

0xBF093000 SystemRootSystem32atikvmag.dll

0xBF0C9000 SystemRootSystem32ati3duag.dll

0xBF34D000 SystemRootSystem32ativvaxx.dll

0xBF420000 SystemRootSystem32ATMFD.DLL

0xF6F6D000 SystemRootsystem32DRIVERSSftvolxp.sys

0xEBEAF000 SystemRootsystem32DRIVERSndisuio.sys

0xEBB1E000 SystemRootsystem32DRIVERSmrxdav.sys

0xEBAE1000 SystemRootsystem32driverswdmaud.sys

0xEBC63000 SystemRootsystem32driverssysaudio.sys

0xEB62F000 SystemRootsystem32DRIVERSsrv.sys

0xEB9EB000 SystemRootsystem32DRIVERSmdmxsdk.sys

0xEB57A000 SystemRootsystem32DRIVERSSftfsxp.sys

0xEB480000 SystemRootsystem32DRIVERSSftplayxp.sys

0xEB398000 SystemRootsystem32DRIVERSSftredirxp.sys

0xF6ECA000 SystemRootSystem32DriversHTTP.sys

0xEB96B000 SystemRootSystem32DriversCdfs.SYS

0xEE3BD000 ??C:Documents and SettingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{955B6672-DC6D-4D65-B59F-97B2B146B647}MpKslc6b3ed53.sys

0xF785C000 ??C:DOCUME~1OwnerLOCALS~1Tempmbr.sys

0xF7130000 ??C:DOCUME~1OwnerLOCALS~1TempaswMBR.sys

0xBA785000 SystemRootsystem32driverskmixer.sys

0x7C900000 WINDOWSsystem32ntdll.dll

Processes (total 39):

0 System Idle Process

4 System

548 C:WINDOWSsystem32smss.exe

776 csrss.exe

804 C:WINDOWSsystem32winlogon.exe

864 C:WINDOWSsystem32services.exe

876 C:WINDOWSsystem32lsass.exe

1072 C:WINDOWSsystem32ati2evxx.exe

1100 C:WINDOWSsystem32svchost.exe

1160 svchost.exe

1300 C:Program FilesMicrosoft Security EssentialsMsMpEng.exe

1340 C:WINDOWSsystem32svchost.exe

1372 C:WINDOWSsystem32svchost.exe

1452 svchost.exe

1576 svchost.exe

1972 C:WINDOWSsystem32ati2evxx.exe

196 C:WINDOWSsystem32brss01a.exe

204 C:WINDOWSsystem32spoolsv.exe

460 svchost.exe

1232 C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe

296 C:Program FilesBonjourmDNSResponder.exe

392 C:WINDOWSsystem32Brmfrmps.exe

900 C:Program FilesJavajre6binjqs.exe

908 C:WINDOWSexplorer.exe

1284 C:Program FilesLinksysLinksys UpdaterbinLinksysUpdater.exe

1520 C:Program FilesCommon FilesNew BoundaryPrismXLPRISMXL.SYS

604 C:Program FilesMicrosoft Application Virtualization Clientsftvsa.exe

624 C:WINDOWSsystem32svchost.exe

616 C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe

768 C:Program FilesMicrosoft Application Virtualization Clientsftlist.exe

2180 C:WINDOWSsystem32searchindexer.exe

2472 C:WINDOWSsystem32wscntfy.exe

2568 C:WINDOWSsystem32java.exe

3060 C:Program FilesCommon FilesMicrosoft SharedVirtualization HandlerCVHSVC.EXE

3564 C:WINDOWSsystem32ctfmon.exe

3684 alg.exe

1572 C:Program FilesInternet Exploreriexplore.exe

2052 C:Program FilesInternet Exploreriexplore.exe

2744 C:Documents and SettingsOwnerLocal SettingsTemporary Internet FilesContent.IE5W6XZ1G4JMBRCheck[1].exe

.C: --> .PhysicalDrive0 at offset 0x00000000`d34dde00 (NTFS)

.D: --> .PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)

.Q: --> error 5

PhysicalDrive0 Model Number: ST380011A, Rev: 8.01

Size Device Name MBR Status

--------------------------------------------

74 GB .PhysicalDrive0 Gateway MBR code detected

SHA1: 007DADCB3671462B53686F6996D328CFD544ABBD

 

Done!

Man! I wish I understood this stuff. lol....Thanks again.

Share this post


Link to post
Share on other sites

Hi,

 

Man! I wish I understood this stuff. lol....Thanks again.

I wish I did too. LOL!! I'm just kidding. :D

----------

 

 

Please read through these instructions to familarize yourself with what to expect when this tool runs

 

Download ComboFix from one of these locations:

 

Link 1

Link 2

 

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

 

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

Posted Image

 

Click on Yes, to continue scanning for malware.

 

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

 

Notes:

 

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

----------

Share this post


Link to post
Share on other sites

ComboFix 12-01-03.07 - Owner 01/03/2012 20:30:44.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.382.120 [GMT -6:00]

Running from: c:documents and settingsOwnerDesktopComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:documents and settingsDefault UserWINDOWS

c:documents and settingsOwnerApplication Dataixu10.tmp

c:documents and settingsOwnerApplication Dataixu100.tmp

c:documents and settingsOwnerApplication Dataixu102.tmp

c:documents and settingsOwnerApplication Dataixu104.tmp

c:documents and settingsOwnerApplication Dataixu106.tmp

c:documents and settingsOwnerApplication Dataixu108.tmp

c:documents and settingsOwnerApplication Dataixu10A.tmp

c:documents and settingsOwnerApplication Dataixu10C.tmp

c:documents and settingsOwnerApplication Dataixu10F.tmp

c:documents and settingsOwnerApplication Dataixu11.tmp

c:documents and settingsOwnerApplication Dataixu111.tmp

c:documents and settingsOwnerApplication Dataixu113.tmp

c:documents and settingsOwnerApplication Dataixu116.tmp

c:documents and settingsOwnerApplication Dataixu12.tmp

c:documents and settingsOwnerApplication Dataixu13.tmp

c:documents and settingsOwnerApplication Dataixu14.tmp

c:documents and settingsOwnerApplication Dataixu15.tmp

c:documents and settingsOwnerApplication Dataixu16.tmp

c:documents and settingsOwnerApplication Dataixu17.tmp

c:documents and settingsOwnerApplication Dataixu18.tmp

c:documents and settingsOwnerApplication Dataixu19.tmp

c:documents and settingsOwnerApplication Dataixu1A.tmp

c:documents and settingsOwnerApplication Dataixu1B.tmp

c:documents and settingsOwnerApplication Dataixu1C.tmp

c:documents and settingsOwnerApplication Dataixu1D.tmp

c:documents and settingsOwnerApplication Dataixu1E.tmp

c:documents and settingsOwnerApplication Dataixu1F.tmp

c:documents and settingsOwnerApplication Dataixu20.tmp

c:documents and settingsOwnerApplication Dataixu21.tmp

c:documents and settingsOwnerApplication Dataixu22.tmp

c:documents and settingsOwnerApplication Dataixu23.tmp

c:documents and settingsOwnerApplication Dataixu24.tmp

c:documents and settingsOwnerApplication Dataixu25.tmp

c:documents and settingsOwnerApplication Dataixu26.tmp

c:documents and settingsOwnerApplication Dataixu27.tmp

c:documents and settingsOwnerApplication Dataixu28.tmp

c:documents and settingsOwnerApplication Dataixu29.tmp

c:documents and settingsOwnerApplication Dataixu2A.tmp

c:documents and settingsOwnerApplication Dataixu2B.tmp

c:documents and settingsOwnerApplication Dataixu2C.tmp

c:documents and settingsOwnerApplication Dataixu2D.tmp

c:documents and settingsOwnerApplication Dataixu2E.tmp

c:documents and settingsOwnerApplication Dataixu2F.tmp

c:documents and settingsOwnerApplication Dataixu3.tmp

c:documents and settingsOwnerApplication Dataixu30.tmp

c:documents and settingsOwnerApplication Dataixu31.tmp

c:documents and settingsOwnerApplication Dataixu32.tmp

c:documents and settingsOwnerApplication Dataixu33.tmp

c:documents and settingsOwnerApplication Dataixu34.tmp

c:documents and settingsOwnerApplication Dataixu35.tmp

c:documents and settingsOwnerApplication Dataixu36.tmp

c:documents and settingsOwnerApplication Dataixu37.tmp

c:documents and settingsOwnerApplication Dataixu38.tmp

c:documents and settingsOwnerApplication Dataixu39.tmp

c:documents and settingsOwnerApplication Dataixu3A.tmp

c:documents and settingsOwnerApplication Dataixu3B.tmp

c:documents and settingsOwnerApplication Dataixu3C.tmp

c:documents and settingsOwnerApplication Dataixu3D.tmp

c:documents and settingsOwnerApplication Dataixu3E.tmp

c:documents and settingsOwnerApplication Dataixu3F.tmp

c:documents and settingsOwnerApplication Dataixu4.tmp

c:documents and settingsOwnerApplication Dataixu40.tmp

c:documents and settingsOwnerApplication Dataixu41.tmp

c:documents and settingsOwnerApplication Dataixu42.tmp

c:documents and settingsOwnerApplication Dataixu43.tmp

c:documents and settingsOwnerApplication Dataixu44.tmp

c:documents and settingsOwnerApplication Dataixu45.tmp

c:documents and settingsOwnerApplication Dataixu46.tmp

c:documents and settingsOwnerApplication Dataixu47.tmp

c:documents and settingsOwnerApplication Dataixu48.tmp

c:documents and settingsOwnerApplication Dataixu49.tmp

c:documents and settingsOwnerApplication Dataixu4A.tmp

c:documents and settingsOwnerApplication Dataixu4B.tmp

c:documents and settingsOwnerApplication Dataixu4C.tmp

c:documents and settingsOwnerApplication Dataixu4D.tmp

c:documents and settingsOwnerApplication Dataixu4E.tmp

c:documents and settingsOwnerApplication Dataixu4F.tmp

c:documents and settingsOwnerApplication Dataixu5.tmp

c:documents and settingsOwnerApplication Dataixu50.tmp

c:documents and settingsOwnerApplication Dataixu51.tmp

c:documents and settingsOwnerApplication Dataixu52.tmp

c:documents and settingsOwnerApplication Dataixu53.tmp

c:documents and settingsOwnerApplication Dataixu54.tmp

c:documents and settingsOwnerApplication Dataixu55.tmp

c:documents and settingsOwnerApplication Dataixu56.tmp

c:documents and settingsOwnerApplication Dataixu57.tmp

c:documents and settingsOwnerApplication Dataixu58.tmp

c:documents and settingsOwnerApplication Dataixu59.tmp

c:documents and settingsOwnerApplication Dataixu5A.tmp

c:documents and settingsOwnerApplication Dataixu5B.tmp

c:documents and settingsOwnerApplication Dataixu5C.tmp

c:documents and settingsOwnerApplication Dataixu5D.tmp

c:documents and settingsOwnerApplication Dataixu5E.tmp

c:documents and settingsOwnerApplication Dataixu5F.tmp

c:documents and settingsOwnerApplication Dataixu6.tmp

c:documents and settingsOwnerApplication Dataixu60.tmp

c:documents and settingsOwnerApplication Dataixu61.tmp

c:documents and settingsOwnerApplication Dataixu62.tmp

c:documents and settingsOwnerApplication Dataixu63.tmp

c:documents and settingsOwnerApplication Dataixu64.tmp

c:documents and settingsOwnerApplication Dataixu65.tmp

c:documents and settingsOwnerApplication Dataixu66.tmp

c:documents and settingsOwnerApplication Dataixu67.tmp

c:documents and settingsOwnerApplication Dataixu68.tmp

c:documents and settingsOwnerApplication Dataixu69.tmp

c:documents and settingsOwnerApplication Dataixu6A.tmp

c:documents and settingsOwnerApplication Dataixu6B.tmp

c:documents and settingsOwnerApplication Dataixu6C.tmp

c:documents and settingsOwnerApplication Dataixu6D.tmp

c:documents and settingsOwnerApplication Dataixu6E.tmp

c:documents and settingsOwnerApplication Dataixu6F.tmp

c:documents and settingsOwnerApplication Dataixu7.tmp

c:documents and settingsOwnerApplication Dataixu70.tmp

c:documents and settingsOwnerApplication Dataixu71.tmp

c:documents and settingsOwnerApplication Dataixu72.tmp

c:documents and settingsOwnerApplication Dataixu73.tmp

c:documents and settingsOwnerApplication Dataixu74.tmp

c:documents and settingsOwnerApplication Dataixu75.tmp

c:documents and settingsOwnerApplication Dataixu76.tmp

c:documents and settingsOwnerApplication Dataixu77.tmp

c:documents and settingsOwnerApplication Dataixu78.tmp

c:documents and settingsOwnerApplication Dataixu79.tmp

c:documents and settingsOwnerApplication Dataixu7A.tmp

c:documents and settingsOwnerApplication Dataixu7B.tmp

c:documents and settingsOwnerApplication Dataixu7C.tmp

c:documents and settingsOwnerApplication Dataixu7D.tmp

c:documents and settingsOwnerApplication Dataixu7E.tmp

c:documents and settingsOwnerApplication Dataixu7F.tmp

c:documents and settingsOwnerApplication Dataixu8.tmp

c:documents and settingsOwnerApplication Dataixu80.tmp

c:documents and settingsOwnerApplication Dataixu81.tmp

c:documents and settingsOwnerApplication Dataixu82.tmp

c:documents and settingsOwnerApplication Dataixu83.tmp

c:documents and settingsOwnerApplication Dataixu84.tmp

c:documents and settingsOwnerApplication Dataixu85.tmp

c:documents and settingsOwnerApplication Dataixu86.tmp

c:documents and settingsOwnerApplication Dataixu87.tmp

c:documents and settingsOwnerApplication Dataixu88.tmp

c:documents and settingsOwnerApplication Dataixu89.tmp

c:documents and settingsOwnerApplication Dataixu8A.tmp

c:documents and settingsOwnerApplication Dataixu8B.tmp

c:documents and settingsOwnerApplication Dataixu8C.tmp

c:documents and settingsOwnerApplication Dataixu8D.tmp

c:documents and settingsOwnerApplication Dataixu8E.tmp

c:documents and settingsOwnerApplication Dataixu8F.tmp

c:documents and settingsOwnerApplication Dataixu9.tmp

c:documents and settingsOwnerApplication Dataixu90.tmp

c:documents and settingsOwnerApplication Dataixu91.tmp

c:documents and settingsOwnerApplication Dataixu92.tmp

c:documents and settingsOwnerApplication Dataixu93.tmp

c:documents and settingsOwnerApplication Dataixu94.tmp

c:documents and settingsOwnerApplication Dataixu95.tmp

c:documents and settingsOwnerApplication Dataixu96.tmp

c:documents and settingsOwnerApplication Dataixu97.tmp

c:documents and settingsOwnerApplication Dataixu98.tmp

c:documents and settingsOwnerApplication Dataixu99.tmp

c:documents and settingsOwnerApplication Dataixu9A.tmp

c:documents and settingsOwnerApplication Dataixu9B.tmp

c:documents and settingsOwnerApplication Dataixu9C.tmp

c:documents and settingsOwnerApplication Dataixu9D.tmp

c:documents and settingsOwnerApplication Dataixu9E.tmp

c:documents and settingsOwnerApplication Dataixu9F.tmp

c:documents and settingsOwnerApplication DataixuA.tmp

c:documents and settingsOwnerApplication DataixuA0.tmp

c:documents and settingsOwnerApplication DataixuA1.tmp

c:documents and settingsOwnerApplication DataixuA2.tmp

c:documents and settingsOwnerApplication DataixuA3.tmp

c:documents and settingsOwnerApplication DataixuA4.tmp

c:documents and settingsOwnerApplication DataixuA5.tmp

c:documents and settingsOwnerApplication DataixuA6.tmp

c:documents and settingsOwnerApplication DataixuA7.tmp

c:documents and settingsOwnerApplication DataixuA8.tmp

c:documents and settingsOwnerApplication DataixuA9.tmp

c:documents and settingsOwnerApplication DataixuAA.tmp

c:documents and settingsOwnerApplication DataixuAB.tmp

c:documents and settingsOwnerApplication DataixuAC.tmp

c:documents and settingsOwnerApplication DataixuAD.tmp

c:documents and settingsOwnerApplication DataixuAE.tmp

c:documents and settingsOwnerApplication DataixuAF.tmp

c:documents and settingsOwnerApplication DataixuB.tmp

c:documents and settingsOwnerApplication DataixuB0.tmp

c:documents and settingsOwnerApplication DataixuB1.tmp

c:documents and settingsOwnerApplication DataixuB2.tmp

c:documents and settingsOwnerApplication DataixuB3.tmp

c:documents and settingsOwnerApplication DataixuB4.tmp

c:documents and settingsOwnerApplication DataixuB5.tmp

c:documents and settingsOwnerApplication DataixuB6.tmp

c:documents and settingsOwnerApplication DataixuB7.tmp

c:documents and settingsOwnerApplication DataixuB8.tmp

c:documents and settingsOwnerApplication DataixuB9.tmp

c:documents and settingsOwnerApplication DataixuBA.tmp

c:documents and settingsOwnerApplication DataixuBB.tmp

c:documents and settingsOwnerApplication DataixuBC.tmp

c:documents and settingsOwnerApplication DataixuBD.tmp

c:documents and settingsOwnerApplication DataixuBE.tmp

c:documents and settingsOwnerApplication DataixuBF.tmp

c:documents and settingsOwnerApplication DataixuC.tmp

c:documents and settingsOwnerApplication DataixuC0.tmp

c:documents and settingsOwnerApplication DataixuC1.tmp

c:documents and settingsOwnerApplication DataixuC2.tmp

c:documents and settingsOwnerApplication DataixuC3.tmp

c:documents and settingsOwnerApplication DataixuC4.tmp

c:documents and settingsOwnerApplication DataixuC5.tmp

c:documents and settingsOwnerApplication DataixuC6.tmp

c:documents and settingsOwnerApplication DataixuC7.tmp

c:documents and settingsOwnerApplication DataixuC8.tmp

c:documents and settingsOwnerApplication DataixuC9.tmp

c:documents and settingsOwnerApplication DataixuCA.tmp

c:documents and settingsOwnerApplication DataixuCB.tmp

c:documents and settingsOwnerApplication DataixuCC.tmp

c:documents and settingsOwnerApplication DataixuCD.tmp

c:documents and settingsOwnerApplication DataixuCE.tmp

c:documents and settingsOwnerApplication DataixuCF.tmp

c:documents and settingsOwnerApplication DataixuD.tmp

c:documents and settingsOwnerApplication DataixuD0.tmp

c:documents and settingsOwnerApplication DataixuD1.tmp

c:documents and settingsOwnerApplication DataixuD2.tmp

c:documents and settingsOwnerApplication DataixuD3.tmp

c:documents and settingsOwnerApplication DataixuD4.tmp

c:documents and settingsOwnerApplication DataixuD5.tmp

c:documents and settingsOwnerApplication DataixuD6.tmp

c:documents and settingsOwnerApplication DataixuD7.tmp

c:documents and settingsOwnerApplication DataixuD8.tmp

c:documents and settingsOwnerApplication DataixuD9.tmp

c:documents and settingsOwnerApplication DataixuDA.tmp

c:documents and settingsOwnerApplication DataixuDB.tmp

c:documents and settingsOwnerApplication DataixuDC.tmp

c:documents and settingsOwnerApplication DataixuDD.tmp

c:documents and settingsOwnerApplication DataixuDE.tmp

c:documents and settingsOwnerApplication DataixuDF.tmp

c:documents and settingsOwnerApplication DataixuE.tmp

c:documents and settingsOwnerApplication DataixuE0.tmp

c:documents and settingsOwnerApplication DataixuE1.tmp

c:documents and settingsOwnerApplication DataixuE2.tmp

c:documents and settingsOwnerApplication DataixuE3.tmp

c:documents and settingsOwnerApplication DataixuE4.tmp

c:documents and settingsOwnerApplication DataixuE6.tmp

c:documents and settingsOwnerApplication DataixuE7.tmp

c:documents and settingsOwnerApplication DataixuE8.tmp

c:documents and settingsOwnerApplication DataixuE9.tmp

c:documents and settingsOwnerApplication DataixuEA.tmp

c:documents and settingsOwnerApplication DataixuEB.tmp

c:documents and settingsOwnerApplication DataixuEC.tmp

c:documents and settingsOwnerApplication DataixuED.tmp

c:documents and settingsOwnerApplication DataixuEE.tmp

c:documents and settingsOwnerApplication DataixuEF.tmp

c:documents and settingsOwnerApplication DataixuF.tmp

c:documents and settingsOwnerApplication DataixuF0.tmp

c:documents and settingsOwnerApplication DataixuF1.tmp

c:documents and settingsOwnerApplication DataixuF2.tmp

c:documents and settingsOwnerApplication DataixuF3.tmp

c:documents and settingsOwnerApplication DataixuF4.tmp

c:documents and settingsOwnerApplication DataixuF5.tmp

c:documents and settingsOwnerApplication DataixuF6.tmp

c:documents and settingsOwnerApplication DataixuF7.tmp

c:documents and settingsOwnerApplication DataixuF8.tmp

c:documents and settingsOwnerApplication DataixuFA.tmp

c:documents and settingsOwnerApplication DataixuFC.tmp

c:documents and settingsOwnerApplication DataixuFE.tmp

c:documents and settingsOwnerWINDOWS

c:windowsalcrmv.exe

c:windowssystem32commres.dll

c:windowssystem32configsystemprofileWINDOWS

D:AUTORUN.INF

.

Infected copy of c:windowssystem32Driversatapi.sys was found and disinfected

Restored copy from - c:windowsServicePackFilesi386atapi.sys

.

.

((((((((((((((((((((((((( Files Created from 2011-12-04 to 2012-01-04 )))))))))))))))))))))))))))))))

.

.

2012-01-04 02:49 . 2012-01-04 02:49 29904 ----a-w- c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{955B6672-DC6D-4D65-B59F-97B2B146B647}MpKsl1f3a6a2c.sys

2012-01-04 02:47 . 2012-01-04 02:47 56200 ----a-w- c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{955B6672-DC6D-4D65-B59F-97B2B146B647}offreg.dll

2012-01-03 22:57 . 2011-11-21 10:47 6823496 ----a-w- c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{955B6672-DC6D-4D65-B59F-97B2B146B647}mpengine.dll

2011-12-28 01:53 . 2011-12-28 01:53 -------- d-----w- c:program filesZOOM

2011-12-14 22:07 . 2011-12-14 22:07 458752 ----a-w- c:windowssystem32aclperf.dll

2011-12-14 20:18 . 2011-12-14 20:18 458752 ----a-w- c:windowssystem32bootdlg.dll

2011-12-14 19:18 . 2011-12-14 19:18 458752 ----a-w- c:windowssystem32iasmgr10.dll

2011-12-14 03:32 . 2011-12-14 03:32 -------- d-----w- c:windowssystem32wbemRepository

2011-12-14 03:32 . 2011-12-14 03:32 -------- d-----w- c:program filesMicrosoft Security Essentials

2011-12-14 03:31 . 2011-12-14 03:31 -------- d-----w- c:program filesAsk.com

2011-12-14 03:31 . 2011-12-14 03:31 -------- d-----w- c:documents and settingsOwnerLocal SettingsApplication DataAskToolbar

2011-12-12 08:27 . 2011-12-12 08:27 41680 ----a-w- c:windowssystem32driversojolmhjl.sys

2011-12-12 07:27 . 2011-12-12 07:27 41680 ----a-w- c:windowssystem32driversstirordi.sys

2011-12-12 06:28 . 2011-12-12 06:28 41680 ----a-w- c:windowssystem32driverswlmmrjaj.sys

2011-12-12 05:27 . 2011-12-12 05:27 41680 ----a-w- c:windowssystem32driversfgvakngk.sys

2011-12-12 04:28 . 2011-12-12 04:28 41680 ----a-w- c:windowssystem32driversfqkxtuxf.sys

2011-12-12 03:27 . 2011-12-12 03:27 41680 ----a-w- c:windowssystem32driverstofhvchu.sys

2011-12-12 02:27 . 2011-12-12 02:27 41680 ----a-w- c:windowssystem32driversugmhropw.sys

2011-12-12 01:28 . 2011-12-12 01:28 41680 ----a-w- c:windowssystem32driversrqiwbvja.sys

2011-12-11 23:19 . 2011-12-11 23:19 41680 ----a-w- c:windowssystem32driversadicnusb.sys

2011-12-11 23:18 . 2011-12-11 23:18 -------- d-----r- c:documents and settingsOwnerApplication DataBrother

2011-12-11 22:28 . 2011-12-11 22:28 41680 ----a-w- c:windowssystem32driverswjlusrep.sys

2011-12-11 21:27 . 2011-12-11 21:27 41680 ----a-w- c:windowssystem32driverswwnmmgue.sys

2011-12-11 20:28 . 2011-12-11 20:28 41680 ----a-w- c:windowssystem32driverstupbvijw.sys

2011-12-11 18:40 . 2011-12-11 18:40 41680 ----a-w- c:windowssystem32driversgnamnqbd.sys

2011-12-11 17:41 . 2011-12-11 17:41 41680 ----a-w- c:windowssystem32driversrjgmntsf.sys

2011-12-11 15:41 . 2011-12-11 15:41 41680 ----a-w- c:windowssystem32driverstgbtrpnq.sys

2011-12-11 14:48 . 2011-12-11 14:48 41680 ----a-w- c:windowssystem32drivershlcsgkmm.sys

2011-12-07 03:08 . 2011-12-14 03:31 -------- d-----w- C:192e496d20ae25892cce

2011-12-06 18:07 . 2011-12-06 18:07 -------- d-----w- c:documents and settingsAll UsersApplication DataCyberLink

2011-12-06 06:11 . 2011-12-14 03:32 -------- d-----w- c:program filesMicrosoft Security Client

2011-12-06 03:24 . 2011-12-06 03:24 -------- d-----w- c:program filesApple Software Update

2011-12-06 03:08 . 2011-12-06 03:24 -------- d-s---w- c:documents and settingsAdministrator

2011-12-06 00:28 . 2011-12-06 00:28 -------- d-----w- c:documents and settingsOwnerApplication DataParticipatory Culture Foundation

2011-12-06 00:21 . 2011-12-06 00:21 -------- d-----w- c:program filesParticipatory Culture Foundation

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-10 21:24 . 2011-10-18 00:38 20464 ----a-w- c:windowssystem32driversmbam.sys

2011-12-04 10:01 . 2011-11-25 09:21 459264 ----a-w- c:windowssystem32aaccache20.dll

2011-12-04 10:01 . 2011-11-30 06:45 457728 ----a-w- c:windowssystem32aacprov.dll

2011-12-04 10:01 . 2011-11-29 21:45 459264 ----a-w- c:windowssystem32acpclient.dll

2011-12-04 10:01 . 2011-12-01 01:27 457728 ----a-w- c:windowssystem32atlsvc.dll

2011-12-04 10:01 . 2011-11-30 02:45 457728 ----a-w- c:windowssystem32adtspl.dll

2011-12-04 10:01 . 2011-11-25 04:22 459264 ----a-w- c:windowssystem32certutil.dll

2011-12-04 10:01 . 2011-11-25 06:21 459264 ----a-w- c:windowssystem32cfgdlg.dll

2011-12-04 10:01 . 2011-12-01 03:27 457728 ----a-w- c:windowssystem32commspl32.dll

2011-12-04 10:01 . 2011-11-30 04:45 457728 ----a-w- c:windowssystem32comprov32.dll

2011-12-04 10:01 . 2011-11-25 12:21 459264 ----a-w- c:windowssystem32crtstream.dll

2011-12-04 10:01 . 2011-12-01 00:27 457728 ----a-w- c:windowssystem32cryptstream.dll

2011-12-04 10:01 . 2011-11-30 18:45 457728 ----a-w- c:windowssystem32ctlrgwiz.dll

2011-12-04 10:01 . 2011-11-24 22:18 459264 ----a-w- c:windowssystem32ieprxy.dll

2011-12-04 10:01 . 2011-11-25 14:21 459264 ----a-w- c:windowssystem32imapicfg.dll

2011-12-04 10:01 . 2011-11-30 22:27 457728 ----a-w- c:windowssystem32inetcache20.dll

2011-12-04 10:01 . 2011-11-30 16:45 457728 ----a-w- c:windowssystem32mapidlg.dll

2011-12-04 10:01 . 2011-11-30 14:48 457728 ----a-w- c:windowssystem32imapiinfo32.dll

2011-12-04 10:01 . 2011-11-24 23:21 459264 ----a-w- c:windowssystem32mapistream.dll

2011-12-04 10:01 . 2011-11-25 11:21 459264 ----a-w- c:windowssystem32mmcman.dll

2011-12-04 10:01 . 2011-11-25 02:21 459264 ----a-w- c:windowssystem32netcache32.dll

2011-12-04 10:01 . 2011-11-25 07:21 459264 ----a-w- c:windowssystem32odbcmon.dll

2011-12-04 10:01 . 2011-11-30 23:27 457728 ----a-w- c:windowssystem32odbcsrv10.dll

2011-12-04 10:01 . 2011-11-30 08:45 457728 ----a-w- c:windowssystem32prnman.dll

2011-12-04 10:01 . 2011-11-30 00:45 457728 ----a-w- c:windowssystem32odbcrgwiz.dll

2011-12-04 10:01 . 2011-11-26 02:57 459264 ----a-w- c:windowssystem32prnprf.dll

2011-12-04 10:01 . 2011-11-25 10:21 459264 ----a-w- c:windowssystem32rasspl.dll

2011-12-04 10:01 . 2011-11-30 12:45 457728 ----a-w- c:windowssystem32rpcpack.dll

2011-12-04 10:01 . 2011-11-25 01:21 459264 ----a-w- c:windowssystem32rpcwiz.dll

2011-12-04 10:01 . 2011-11-25 15:22 459264 ----a-w- c:windowssystem32srvnet.dll

2011-12-04 10:00 . 2011-11-30 10:45 457728 ----a-w- c:windowssystem32w32queue.dll

2011-12-04 10:00 . 2011-11-29 23:45 457728 ----a-w- c:windowssystem32syncpack32.dll

2011-12-03 07:29 . 2011-11-25 17:22 459264 ----a-w- c:windowssystem32cryptres.dll

2011-12-02 18:19 . 2011-12-02 12:36 457728 ----a-w- c:windowssystem32halres.dll

2011-12-02 18:19 . 2011-11-30 20:45 457728 ----a-w- c:windowssystem32authres.dll

2011-12-02 13:24 . 2011-11-26 03:58 459264 ----a-w- c:windowssystem32bcdapi.dll

2011-11-23 13:25 . 2005-03-23 16:53 1859584 ----a-w- c:windowssystem32win32k.sys

2011-11-21 10:47 . 2010-09-17 03:04 6823496 ----a-w- c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition UpdatesBackupmpengine.dll

2011-11-05 18:57 . 2003-03-19 13:14 499712 ----a-w- c:windowssystem32msvcp71.dll

2011-11-04 19:20 . 2005-03-23 16:53 916992 ----a-w- c:windowssystem32wininet.dll

2011-11-04 19:20 . 2005-03-23 16:52 43520 ----a-w- c:windowssystem32licmgr10.dll

2011-11-04 19:20 . 2005-03-23 16:52 1469440 ------w- c:windowssystem32inetcpl.cpl

2011-11-04 11:23 . 2005-03-23 16:52 385024 ----a-w- c:windowssystem32html.iec

2011-11-01 16:07 . 2005-03-23 16:52 1288704 ----a-w- c:windowssystem32ole32.dll

2011-10-28 05:31 . 2005-03-23 16:52 33280 ----a-w- c:windowssystem32csrsrv.dll

2011-10-25 13:33 . 2005-03-23 16:52 2192768 ----a-w- c:windowssystem32ntoskrnl.exe

2011-10-25 12:52 . 2004-08-04 05:59 2069376 ----a-w- c:windowssystem32ntkrnlpa.exe

2011-10-18 12:28 . 2011-10-18 12:28 414368 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl

2011-10-18 11:13 . 2005-03-23 16:52 186880 ----a-w- c:windowssystem32encdec.dll

2011-10-10 14:22 . 2005-03-23 18:10 692736 ----a-w- c:windowssystem32inetcomm.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunOnce]

"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk&inst=NzctNzYxNzMwMTU2LUZMMTArMS1YTzEwKzExLUxJQysyLVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ&prod=90&ver=2012.0.1831&mid=f5e0687ab8f947d1a09bd1686f011352-06ce4fc639803a2e3563922518183d8e94088cb9" [?]

.

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]

"DWQueuedReporting"="c:progra~1COMMON~1MICROS~1DWdwtrig20.exe" [2010-02-28 519584]

.

[hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:program filesWindows Desktop SearchMSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMsMpSvc]

@="Service"

.

[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor.lnk]

path=c:documents and settingsAll UsersStart MenuProgramsStartupStatus Monitor.lnk

backup=c:windowspssStatus Monitor.lnkCommon Startup

.

[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

path=c:documents and settingsAll UsersStart MenuProgramsStartupWindows Search.lnk

backup=c:windowspssWindows Search.lnkCommon Startup

.

[HKLM~startupfolderC:^Documents and Settings^Owner^Start Menu^Programs^Startup^Desktop Alert.lnk]

path=c:documents and settingsOwnerStart MenuProgramsStartupDesktop Alert.lnk

backup=c:windowspssDesktop Alert.lnkStartup

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAppleSyncNotifier]

2011-04-20 17:48 58656 ----a-w- c:program filesCommon FilesAppleMobile Device SupportAppleSyncNotifier.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregATIPTA]

2005-03-18 04:05 339968 ----a-w- c:program filesATI TechnologiesATI Control Panelatiptaxx.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBigDogPath]

2003-01-21 20:19 40960 ----a-w- c:windowsVM_STI.EXE

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregControlCenter2.0]

2004-07-20 14:34 851968 ----a-w- c:program filesBrotherControlCenter2brctrcen.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:windowssystem32ctfmon.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregIndexSearch]

2004-04-14 20:04 40960 ----a-w- c:program filesScanSoftPaperPortIndexSearch.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregiTunesHelper]

2011-04-27 06:22 421160 ----a-w- c:program filesiTunesiTunesHelper.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMessenger (Yahoo!)]

2010-06-01 15:17 5252408 ----a-w- c:progra~1Yahoo!MessengerYahooMessenger.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSMSGS]

2008-04-14 00:12 1695232 ----a-w- c:program filesMessengermsmsgs.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSSE]

2010-09-15 11:34 1094224 ----a-w- c:program filesMicrosoft Security Essentialsmsseces.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]

2001-07-09 18:50 155648 ----a-w- c:windowssystem32NeroCheck.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPaperPort PTD]

2004-04-14 19:46 57393 ----a-w- c:program filesScanSoftPaperPortpptd40nt.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]

2010-11-29 23:38 421888 ----a-w- c:program filesQuickTimeQTTask.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRecguard]

2002-09-14 06:42 212992 ----a-w- c:windowsSMINSTRecguard.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRemoteControl]

2004-11-03 01:24 32768 ----a-w- c:program filesCyberLinkPowerDVDPDVDServ.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSetDefPrt]

2004-05-25 14:16 49152 ------w- c:program filesBrotherBrmfl04aBrStDvPt.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSkype]

2011-06-15 20:02 15141768 ----a-r- c:program filesSkypePhoneSkype.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSoundMan]

2004-12-01 23:54 77824 ----a-w- c:windowsSOUNDMAN.EXE

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSSBkgdUpdate]

2003-10-14 15:22 155648 ----a-r- c:program filesCommon FilesScanSoft SharedSSBkgdUpdateSSBkgdUpdate.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched]

2010-05-14 19:44 248552 ----a-w- c:program filesCommon FilesJavaJava Updatejusched.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunKistEM]

2004-11-15 22:04 135168 ----a-w- c:program filesDigital Media ReadershwiconEM.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTomTomHOME.exe]

2011-04-22 12:21 247728 ----a-w- c:program filesTomTom HOME 2TomTomHOMERunner.exe

.

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]

"%windir%system32sessmgr.exe"=

"%windir%Network Diagnosticxpnetdiag.exe"=

"c:Program FilesYahoo!MessengerYahooMessenger.exe"=

"c:Program FilesBonjourmDNSResponder.exe"=

"c:Program FilesiTunesiTunes.exe"=

"c:Program FilesSkypePhoneSkype.exe"=

.

R1 atazazvi;atazazvi;c:windowssystem32driversatazazvi.sys [x]

R1 beuiwanw;beuiwanw;c:windowssystem32driversbeuiwanw.sys [x]

R1 bozhsczl;bozhsczl;c:windowssystem32driversbozhsczl.sys [x]

R1 bwmubxqs;bwmubxqs;c:windowssystem32driversbwmubxqs.sys [x]

R1 cerhqgfd;cerhqgfd;c:windowssystem32driverscerhqgfd.sys [x]

R1 cfeztjyj;cfeztjyj;c:windowssystem32driverscfeztjyj.sys [x]

R1 cgweoqxu;cgweoqxu;c:windowssystem32driverscgweoqxu.sys [x]

R1 czaacyhy;czaacyhy;c:windowssystem32driversczaacyhy.sys [x]

R1 dbhrlpbn;dbhrlpbn;c:windowssystem32driversdbhrlpbn.sys [x]

R1 dfdikjza;dfdikjza;c:windowssystem32driversdfdikjza.sys [x]

R1 dflmbagz;dflmbagz;c:windowssystem32driversdflmbagz.sys [x]

R1 djrnsdvk;djrnsdvk;c:windowssystem32driversdjrnsdvk.sys [x]

R1 dlsobddj;dlsobddj;c:windowssystem32driversdlsobddj.sys [x]

R1 dyiejrpu;dyiejrpu;c:windowssystem32driversdyiejrpu.sys [x]

R1 eovluipf;eovluipf;c:windowssystem32driverseovluipf.sys [x]

R1 epbpdrdb;epbpdrdb;c:windowssystem32driversepbpdrdb.sys [x]

R1 gqyyceww;gqyyceww;c:windowssystem32driversgqyyceww.sys [x]

R1 grlxaazh;grlxaazh;c:windowssystem32driversgrlxaazh.sys [x]

R1 iiwrrlvq;iiwrrlvq;c:windowssystem32driversiiwrrlvq.sys [x]

R1 jhkomrnc;jhkomrnc;c:windowssystem32driversjhkomrnc.sys [x]

R1 kueazaew;kueazaew;c:windowssystem32driverskueazaew.sys [x]

R1 ldutfuif;ldutfuif;c:windowssystem32driversldutfuif.sys [x]

R1 lhptwgkc;lhptwgkc;c:windowssystem32driverslhptwgkc.sys [x]

R1 lkdiflmt;lkdiflmt;c:windowssystem32driverslkdiflmt.sys [x]

R1 llldxwoj;llldxwoj;c:windowssystem32driversllldxwoj.sys [x]

R1 MpKsl041785b4;MpKsl041785b4;c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{05CAB850-1A7B-4E3C-AE31-0C60BFE0EF30}MpKsl041785b4.sys [x]

R1 MpKsl04ace497;MpKsl04ace497;c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{2F77433D-ECD4-4811-8CC4-BC8F16AC736F}MpKsl04ace497.sys [x]

R1 MpKsl059ec4a8;MpKsl059ec4a8;c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{AAFC5781-F57E-4234-B283-5D3F2B556E90}MpKsl059ec4a8.sys [x]

R1 MpKsl0f3f07bb;MpKsl0f3f07bb;c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{E0E1F894-33C6-4985-A32F-BB3B6BBAA57B}MpKsl0f3f07bb.sys [x]

R1 MpKsl0ffc53b4;MpKsl0ffc53b4;c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{D3401703-C036-4817-8162-DD84115A7C03}MpKsl0ffc53b4.sys [x]

R1 MpKsl14dc7263;MpKsl14dc7263;c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{0CAADE4F-6DAC-4951-A650-B7760EBC5E4B}MpKsl14dc7263.sys [x]

R1 MpKsl1a132f66;MpKsl1a132f66;c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{8FCEC918-CB82-41F7-82D2-1B06FB26A933}MpKsl1a132f66.sys [x]

R1 MpKsl1b64075b;MpKsl1b64075b;c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{5AF00CFD-3C9B-4E7B-8317-ABA631DAD3A1}MpKsl1b64075b.sys [x]

R1 MpKsl21501628;MpKsl21501628;c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{E9DD2295-D9F7-4184-98D1-FB1DD7745CBD}MpKsl21501628.sys [x]

R1 MpKsl3426e806;MpKsl3426e806;c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{049F7735-8464-47D7-9B35-DEEE08FD987B}MpKsl3426e806.sys [x]

R1 MpKsl40ba36d7;MpKsl40ba36d7;c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{2F77433D-ECD4-4811-8CC4-BC8F16AC736F}MpKsl40ba36d7.sys [x]

R1 MpKsl42194ebe;MpKsl42194ebe;c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{114DC8B9-1F00-41CF-8DCB-D1903919F881}MpKsl42194ebe.sys [x]

R1 MpKsl46ad5bf5;MpKsl46ad5bf5;c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{F7F4A1B3-384D-4433-8E89-46D0A673FADB}MpKsl46ad5bf5.sys [x]

R1 MpKsl47ad3348;MpKsl47ad3348;c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{F4567C5B-8FBC-47B5-B28C-485BA1D4E43E}MpKsl47ad3348.sys [x]

R1 MpKsl4c40c17d;MpKsl4c40c17d;c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{69BFCE84-C29D-4EAA-84E0-EC59F44C0F7E}MpKsl4c40c17d.sys [x]

R1 MpKsl508b2718;MpKsl508b2718;c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{47517185-D7B8-43C4-B442-1F191D45FCFA}MpKsl508b2718.sys [x]

R1 MpKsl5788ea9f;MpKsl5788ea9f;c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{3BA4A78C-EEAE-45A9-995C-2CFFCB4D911A}MpKsl5788ea9f.sys [x]

R1 MpKsl5d1d0e2a;MpKsl5d1d0e2a;c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{E70258D5-564D-485A-BC8C-27C18B09BCB7}MpKsl5d1d0e2a.sys [x]

R1 MpKsl68017f38;MpKsl68017f38;c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{1A1A27B1-5C41-488F-928A-2077E90DE80C}MpKsl68017f38.sys [x]

R1 MpKsl6955d0d1;MpKsl6955d0d1;c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{118C703C-D0FC-4975-9D42-7B1712F17395}MpKsl6955d0d1.sys [x]

R1 MpKsl6be03382;MpKsl6be03382;c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{B431DCD1-9111-4F6F-A836-52429E603B52}MpKsl6be03382.sys [x]

R1 MpKsl70127f5f;MpKsl70127f5f;c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{AAD30D41-3562-49A4-BB90-0C535B871506}MpKsl70127f5f.sys [x]

R1 MpKsl78af9377;MpKsl78af9377;c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{993A047F-896E-4519-8219-CF46A43AD966}MpKsl78af9377.sys [x]

R1 MpKsl792635ce;MpKsl792635ce;c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{AAFC5781-F57E-4234-B283-5D3F2B556E90}MpKsl792635ce.sys [x]

R1 MpKsl818eb5cd;MpKsl818eb5cd;c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{79A5785F-D06A-4CAE-8F9E-BDF00E311AEE}MpKsl818eb5cd.sys [x]

R1 MpKsl8af57843;MpKsl8af57843;c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{6B4E96A8-50BB-4527-A976-C724E2130812}MpKsl8af57843.sys [x]

R1 MpKsl9e543ae1;MpKsl9e543ae1;c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{8BF20083-4848-48C5-BEE0-C8A4FC0FA253}MpKsl9e543ae1.sys [x]

R1 MpKsla196fd05;MpKsla196fd05;c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{BC4D29EE-71D6-4322-81A4-4B05E70FD07E}MpKsla196fd05.sys [x]

R1 MpKsla6cddc86;MpKsla6cddc86;c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{1EB2833A-3265-4258-9D2B-6E23452CC05A}MpKsla6cddc86.sys [x]

R1 MpKslac06dc1a;MpKslac06dc1a;c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{7981E9A2-C74B-48A7-8731-529B3098EB70}MpKslac06dc1a.sys [x]

R1 MpKslad78c156;MpKslad78c156;c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{EEFE04D5-7DFA-4623-9A45-2EE8B84306A3}MpKslad78c156.sys [x]

R1 MpKslba1f3005;MpKslba1f3005;c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{326310B3-6D31-4373-A3CE-50F5AC51A77B}MpKslba1f3005.sys [x]

R1 MpKslbb1aa00d;MpKslbb1aa00d;c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{05CAB850-1A7B-4E3C-AE31-0C60BFE0EF30}MpKslbb1aa00d.sys [x]

R1 MpKslbbb7477e;MpKslbbb7477e;c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{E084E324-B3F6-4CB4-97A0-1260521363A2}MpKslbbb7477e.sys [x]

R1 MpKslbe2942c8;MpKslbe2942c8;c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{C00602DA-C65F-41D9-B2C6-595FBBA384EC}MpKslbe2942c8.sys [x]

R1 MpKslc346ca72;MpKslc346ca72;c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{300746C3-0C61-4EF3-A2E6-E3FD00FCFD96}MpKslc346ca72.sys [x]

R1 MpKslc7e435c0;MpKslc7e435c0;c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{993A047F-896E-4519-8219-CF46A43AD966}MpKslc7e435c0.sys [x]

R1 MpKslca02702e;MpKslca02702e;c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{06EE09F7-3601-4F34-8BEC-29BFC1460335}MpKslca02702e.sys [x]

R1 MpKslce228fc3;MpKslce228fc3;c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{B1C46A61-9822-4385-A442-D21F1C0CAF01}MpKslce228fc3.sys [x]

R1 MpKsle09f4daf;MpKsle09f4daf;c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{933C57ED-8A63-4D1D-A705-FE9B6108143E}MpKsle09f4daf.sys [x]

R1 MpKsle63cd9bc;MpKsle63cd9bc;c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{008B3206-7D59-49B8-AE05-0A6695B688AA}MpKsle63cd9bc.sys [x]

R1 MpKsle9ff5327;MpKsle9ff5327;c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{69F7358A-DD05-4EBA-A5F8-4F1922E74031}MpKsle9ff5327.sys [x]

R1 MpKslec6256e7;MpKslec6256e7;c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{E9DD2295-D9F7-4184-98D1-FB1DD7745CBD}MpKslec6256e7.sys [x]

R1 MpKslf0b7504d;MpKslf0b7504d;c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{A454A123-D4E9-4EF0-8335-539FC4209F36}MpKslf0b7504d.sys [x]

R1 MpKslf0e1dc77;MpKslf0e1dc77;c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{1EB2833A-3265-4258-9D2B-6E23452CC05A}MpKslf0e1dc77.sys [x]

R1 MpKslfba14a47;MpKslfba14a47;c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{C8B47794-3C7E-4A23-A54F-1310F6BB13FB}MpKslfba14a47.sys [x]

R1 MpKslfbf17d03;MpKslfbf17d03;c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{B431DCD1-9111-4F6F-A836-52429E603B52}MpKslfbf17d03.sys [x]

R1 mypyslaw;mypyslaw;c:windowssystem32driversmypyslaw.sys [x]

R1 qqnrwxmj;qqnrwxmj;c:windowssystem32driversqqnrwxmj.sys [x]

R1 rtwoadno;rtwoadno;c:windowssystem32driversrtwoadno.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:windowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:program filesGoogleUpdateGoogleUpdate.exe [2011-11-05 136176]

R3 gupdatem;Google Update Service (gupdatem);c:program filesGoogleUpdateGoogleUpdate.exe [2011-11-05 136176]

R3 osppsvc;Office Software Protection Platform;c:program filesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE [2010-01-10 4640000]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:windowsMicrosoft.NETFrameworkv4.0.30319WPFWPFFontCache_v0400.exe [2010-03-18 753504]

S1 MpKsl1f3a6a2c;MpKsl1f3a6a2c;c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{955B6672-DC6D-4D65-B59F-97B2B146B647}MpKsl1f3a6a2c.sys [2012-01-04 29904]

S2 cvhsvc;Client Virtualization Handler;c:program filesCommon FilesMicrosoft SharedVirtualization HandlerCVHSVC.EXE [2010-10-20 821664]

S2 LinksysUpdater;Linksys Updater;c:program filesLinksysLinksys UpdaterbinLinksysUpdater.exe [2008-01-15 204800]

S2 sftlist;Application Virtualization Client;c:program filesMicrosoft Application Virtualization Clientsftlist.exe [2010-09-14 508264]

S3 Sftfs;Sftfs;c:windowssystem32DRIVERSSftfsxp.sys [2010-09-14 581480]

S3 Sftplay;Sftplay;c:windowssystem32DRIVERSSftplayxp.sys [2010-09-14 209640]

S3 Sftredir;Sftredir;c:windowssystem32DRIVERSSftredirxp.sys [2010-09-14 20584]

S3 Sftvol;Sftvol;c:windowssystem32DRIVERSSftvolxp.sys [2010-09-14 18280]

S3 sftvsa;Application Virtualization Service Agent;c:program filesMicrosoft Application Virtualization Clientsftvsa.exe [2010-09-14 219496]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MPKSL1F3A6A2C

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-31 c:windowsTasksAppleSoftwareUpdate.job

- c:program filesApple Software UpdateSoftwareUpdate.exe [2011-12-06 17:50]

.

2012-01-04 c:windowsTasksGoogleUpdateTaskMachineCore.job

- c:program filesGoogleUpdateGoogleUpdate.exe [2011-11-05 18:50]

.

2012-01-04 c:windowsTasksGoogleUpdateTaskMachineUA.job

- c:program filesGoogleUpdateGoogleUpdate.exe [2011-11-05 18:50]

.

2012-01-04 c:windowsTasksMP Scheduled Scan.job

- c:program filesMicrosoft Security EssentialsMpCmdRun.exe [2010-03-26 04:40]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://www.yahoo.com/?ilc=8

uInternet Connection Wizard,ShellNext = "c:program filesOutlook Expressmsimn.exe"

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000

TCP: DhcpNameServer = 209.55.5.10 209.55.5.11

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-01-03 20:49

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

.

c:windowsTEMPTMP000000013BCC041E850C1D2F 524288 bytes

.

scan completed successfully

hidden files: 1

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS.DefaultSoftwareMicrosoftInternet ExplorerUser Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,ef,d6,b2,9c,cc,4c,4c,a8,18,b9,

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,ef,d6,b2,9c,cc,4c,4c,a8,18,b9,

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(808)

c:windowssystem32Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(3984)

c:windowssystem32WININET.dll

c:program filesWindows Desktop Searchdeskbar.dll

c:program filesWindows Desktop Searchen-usdbres.dll.mui

c:program filesWindows Desktop Searchdbres.dll

c:program filesWindows Desktop Searchwordwheel.dll

c:program filesWindows Desktop Searchen-usmsnlExtRes.dll.mui

c:program filesWindows Desktop SearchmsnlExtRes.dll

c:windowssystem32ieframe.dll

c:windowssystem32webcheck.dll

c:windowssystem32WPDShServiceObj.dll

c:windowssystem32PortableDeviceTypes.dll

c:windowssystem32PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:windowssystem32Ati2evxx.exe

c:program filesMicrosoft Security EssentialsMsMpEng.exe

c:windowssystem32Ati2evxx.exe

c:windowssystem32brsvc01a.exe

c:windowssystem32brss01a.exe

c:program filesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe

c:program filesBonjourmDNSResponder.exe

c:windowssystem32Brmfrmps.exe

c:program filesJavajre6binjqs.exe

c:program filesCommon FilesNew BoundaryPrismXLPRISMXL.SYS

c:windowssystem32java.exe

c:program filesYahoo!SoftwareUpdateYahooAUService.exe

c:windowssystem32SearchIndexer.exe

c:windowssystem32wscntfy.exe

.

**************************************************************************

.

Completion time: 2012-01-03 21:16:49 - machine was rebooted

ComboFix-quarantined-files.txt 2012-01-04 03:15

.

Pre-Run: 54,166,200,320 bytes free

Post-Run: 54,481,838,080 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS

[operating systems]

c:cmdconsBOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 1168ACBA6B3097128800D649B617ADE0

Share this post


Link to post
Share on other sites

Hi,

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    DDS::
    uURLSearchHooks: H - No File
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    {e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
    AppInit_DLLs: halres.dll
    
    File::
    c:\windows\system32\aaccache20.dll
    c:\windows\system32\aacprov.dll
    c:\windows\system32\acpclient.dll
    c:\windows\system32\atlsvc.dll
    c:\windows\system32\adtspl.dll
    c:\windows\system32\certutil.dll
    c:\windows\system32\cfgdlg.dll
    c:\windows\system32\commspl32.dll
    c:\windows\system32\comprov32.dll
    c:\windows\system32\crtstream.dll
    c:\windows\system32\cryptstream.dll
    c:\windows\system32\ctlrgwiz.dll
    c:\windows\system32\ieprxy.dll
    c:\windows\system32\imapicfg.dll
    c:\windows\system32\inetcache20.dll
    c:\windows\system32\mapidlg.dll
    c:\windows\system32\imapiinfo32.dll
    c:\windows\system32\mapistream.dll
    c:\windows\system32\mmcman.dll
    c:\windows\system32\netcache32.dll
    c:\windows\system32\odbcmon.dll
    c:\windows\system32\odbcsrv10.dll
    c:\windows\system32\prnman.dll
    c:\windows\system32\odbcrgwiz.dll
    c:\windows\system32\prnprf.dll
    c:\windows\system32\rasspl.dll
    c:\windows\system32\rpcpack.dll
    c:\windows\system32\rpcwiz.dll
    c:\windows\system32\srvnet.dll
    c:\windows\system32\w32queue.dll
    c:\windows\system32\syncpack32.dll
    c:\windows\system32\cryptres.dll
    c:\windows\system32\halres.dll
    c:\windows\system32\authres.dll
    c:\windows\system32\bcdapi.dll
    c:\windows\system32\drivers\rtwoadno.sys
    c:\windows\system32\drivers\qqnrwxmj.sys
    c:\windows\system32\drivers\mypyslaw.sys
    c:\windows\system32\drivers\llldxwoj.sys
    c:\windows\system32\drivers\lkdiflmt.sys
    c:\windows\system32\drivers\lhptwgkc.sys
    c:\windows\system32\drivers\ldutfuif.sys
    c:\windows\system32\drivers\kueazaew.sys
    c:\windows\system32\drivers\jhkomrnc.sys
    c:\windows\system32\drivers\iiwrrlvq.sys
    c:\windows\system32\drivers\grlxaazh.sys
    c:\windows\system32\drivers\gqyyceww.sys
    c:\windows\system32\drivers\epbpdrdb.sys
    c:\windows\system32\drivers\eovluipf.sys
    c:\windows\system32\drivers\dyiejrpu.sys
    c:\windows\system32\drivers\dlsobddj.sys
    c:\windows\system32\drivers\djrnsdvk.sys
    c:\windows\system32\drivers\dflmbagz.sys
    c:\windows\system32\drivers\dfdikjza.sys
    c:\windows\system32\drivers\dbhrlpbn.sys
    c:\windows\system32\drivers\czaacyhy.sys
    c:\windows\system32\drivers\cgweoqxu.sys
    c:\windows\system32\drivers\cfeztjyj.sys
    c:\windows\system32\drivers\cerhqgfd.sys
    c:\windows\system32\drivers\bwmubxqs.sys
    c:\windows\system32\drivers\bozhsczl.sys
    c:\windows\system32\drivers\beuiwanw.sys
    c:\windows\system32\drivers\atazazvi.sys
    c:\windows\system32\drivers\wjlusrep.sys
    c:\windows\system32\drivers\wwnmmgue.sys
    c:\windows\system32\drivers\tupbvijw.sys
    c:\windows\system32\drivers\gnamnqbd.sys
    c:\windows\system32\drivers\rjgmntsf.sys
    c:\windows\system32\drivers\tgbtrpnq.sys
    c:\windows\system32\drivers\hlcsgkmm.sys
    c:\windows\system32\drivers\ojolmhjl.sys
    c:\windows\system32\drivers\stirordi.sys
    c:\windows\system32\drivers\wlmmrjaj.sys
    c:\windows\system32\drivers\fgvakngk.sys
    c:\windows\system32\drivers\fqkxtuxf.sys
    c:\windows\system32\drivers\tofhvchu.sys
    c:\windows\system32\drivers\ugmhropw.sys
    c:\windows\system32\drivers\rqiwbvja.sys
    c:\windows\system32\drivers\adicnusb.sys
    
    Folder::
    c:\program files\Ask.com
    c:\documents and settings\owner\local settings\application data\AskToolbar
    
    RegLock::
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    
    Driver::
    rtwoadno
    qqnrwxmj
    mypyslaw
    llldxwoj
    lkdiflmt
    lhptwgkc
    ldutfuif
    kueazaew
    jhkomrnc
    iiwrrlvq
    grlxaazh
    gqyyceww
    epbpdrdb
    eovluipf
    dyiejrpu
    dlsobddj
    djrnsdvk
    dflmbagz
    dfdikjza
    dbhrlpbn
    czaacyhy
    cgweoqxu
    cfeztjyj
    cerhqgfd
    bwmubxqs
    bozhsczl
    beuiwanw
    atazazvi
    
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

     

    Posted Image

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

----------

Share this post


Link to post
Share on other sites

Thank you. I'm sorry I took awhile to reply. I didn't see this this morning. I'm trying to respond as quickly as possible so I don't waste anyone's time. I certainly appreciate your help.

 

 

 

ComboFix 12-01-04.03 - Owner 01/04/2012 17:31:40.3.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.382.127 [GMT -6:00]

Running from: c:documents and settingsOwnerDesktopComboFix.exe

Command switches used :: c:documents and settingsOwnerDesktopCFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

FILE ::

"c:windowssystem32aaccache20.dll"

"c:windowssystem32aacprov.dll"

"c:windowssystem32acpclient.dll"

"c:windowssystem32adtspl.dll"

"c:windowssystem32atlsvc.dll"

"c:windowssystem32authres.dll"

"c:windowssystem32bcdapi.dll"

"c:windowssystem32certutil.dll"

"c:windowssystem32cfgdlg.dll"

"c:windowssystem32commspl32.dll"

"c:windowssystem32comprov32.dll"

"c:windowssystem32crtstream.dll"

"c:windowssystem32cryptres.dll"

"c:windowssystem32cryptstream.dll"

"c:windowssystem32ctlrgwiz.dll"

"c:windowssystem32driversadicnusb.sys"

"c:windowssystem32driversatazazvi.sys"

"c:windowssystem32driversbeuiwanw.sys"

"c:windowssystem32driversbozhsczl.sys"

"c:windowssystem32driversbwmubxqs.sys"

"c:windowssystem32driverscerhqgfd.sys"

"c:windowssystem32driverscfeztjyj.sys"

"c:windowssystem32driverscgweoqxu.sys"

"c:windowssystem32driversczaacyhy.sys"

"c:windowssystem32driversdbhrlpbn.sys"

"c:windowssystem32driversdfdikjza.sys"

"c:windowssystem32driversdflmbagz.sys"

"c:windowssystem32driversdjrnsdvk.sys"

"c:windowssystem32driversdlsobddj.sys"

"c:windowssystem32driversdyiejrpu.sys"

"c:windowssystem32driverseovluipf.sys"

"c:windowssystem32driversepbpdrdb.sys"

"c:windowssystem32driversfgvakngk.sys"

"c:windowssystem32driversfqkxtuxf.sys"

"c:windowssystem32driversgnamnqbd.sys"

"c:windowssystem32driversgqyyceww.sys"

"c:windowssystem32driversgrlxaazh.sys"

"c:windowssystem32drivershlcsgkmm.sys"

"c:windowssystem32driversiiwrrlvq.sys"

"c:windowssystem32driversjhkomrnc.sys"

"c:windowssystem32driverskueazaew.sys"

"c:windowssystem32driversldutfuif.sys"

"c:windowssystem32driverslhptwgkc.sys"

"c:windowssystem32driverslkdiflmt.sys"

"c:windowssystem32driversllldxwoj.sys"

"c:windowssystem32driversmypyslaw.sys"

"c:windowssystem32driversojolmhjl.sys"

"c:windowssystem32driversqqnrwxmj.sys"

"c:windowssystem32driversrjgmntsf.sys"

"c:windowssystem32driversrqiwbvja.sys"

"c:windowssystem32driversrtwoadno.sys"

"c:windowssystem32driversstirordi.sys"

"c:windowssystem32driverstgbtrpnq.sys"

"c:windowssystem32driverstofhvchu.sys"

"c:windowssystem32driverstupbvijw.sys"

"c:windowssystem32driversugmhropw.sys"

"c:windowssystem32driverswjlusrep.sys"

"c:windowssystem32driverswlmmrjaj.sys"

"c:windowssystem32driverswwnmmgue.sys"

"c:windowssystem32halres.dll"

"c:windowssystem32ieprxy.dll"

"c:windowssystem32imapicfg.dll"

"c:windowssystem32imapiinfo32.dll"

"c:windowssystem32inetcache20.dll"

"c:windowssystem32mapidlg.dll"

"c:windowssystem32mapistream.dll"

"c:windowssystem32mmcman.dll"

"c:windowssystem32netcache32.dll"

"c:windowssystem32odbcmon.dll"

"c:windowssystem32odbcrgwiz.dll"

"c:windowssystem32odbcsrv10.dll"

"c:windowssystem32prnman.dll"

"c:windowssystem32prnprf.dll"

"c:windowssystem32rasspl.dll"

"c:windowssystem32rpcpack.dll"

"c:windowssystem32rpcwiz.dll"

"c:windowssystem32srvnet.dll"

"c:windowssystem32syncpack32.dll"

"c:windowssystem32w32queue.dll"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:documents and settingsownerlocal settingsapplication dataAskToolbar

c:program filesAsk.com

c:windowssystem32aaccache20.dll

c:windowssystem32aacprov.dll

c:windowssystem32acpclient.dll

c:windowssystem32adtspl.dll

c:windowssystem32atlsvc.dll

c:windowssystem32authres.dll

c:windowssystem32bcdapi.dll

c:windowssystem32certutil.dll

c:windowssystem32cfgdlg.dll

c:windowssystem32commspl32.dll

c:windowssystem32comprov32.dll

c:windowssystem32crtstream.dll

c:windowssystem32cryptres.dll

c:windowssystem32cryptstream.dll

c:windowssystem32ctlrgwiz.dll

c:windowssystem32driversadicnusb.sys

c:windowssystem32driversfgvakngk.sys

c:windowssystem32driversfqkxtuxf.sys

c:windowssystem32driversgnamnqbd.sys

c:windowssystem32drivershlcsgkmm.sys

c:windowssystem32driversojolmhjl.sys

c:windowssystem32driversrjgmntsf.sys

c:windowssystem32driversrqiwbvja.sys

c:windowssystem32driversstirordi.sys

c:windowssystem32driverstgbtrpnq.sys

c:windowssystem32driverstofhvchu.sys

c:windowssystem32driverstupbvijw.sys

c:windowssystem32driversugmhropw.sys

c:windowssystem32driverswjlusrep.sys

c:windowssystem32driverswlmmrjaj.sys

c:windowssystem32driverswwnmmgue.sys

c:windowssystem32halres.dll

c:windowssystem32ieprxy.dll

c:windowssystem32imapicfg.dll

c:windowssystem32imapiinfo32.dll

c:windowssystem32inetcache20.dll

c:windowssystem32mapidlg.dll

c:windowssystem32mapistream.dll

c:windowssystem32mmcman.dll

c:windowssystem32netcache32.dll

c:windowssystem32odbcmon.dll

c:windowssystem32odbcrgwiz.dll

c:windowssystem32odbcsrv10.dll

c:windowssystem32prnman.dll

c:windowssystem32prnprf.dll

c:windowssystem32rasspl.dll

c:windowssystem32rpcpack.dll

c:windowssystem32rpcwiz.dll

c:windowssystem32srvnet.dll

c:windowssystem32syncpack32.dll

c:windowssystem32w32queue.dll

.

Infected copy of c:windowssystem32userinit.exe was found and disinfected

Restored copy from - c:windowsERDNTcacheuserinit.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------Service_atazazvi

-------Service_beuiwanw

-------Service_bozhsczl

-------Service_bwmubxqs

-------Service_cerhqgfd

-------Service_cfeztjyj

-------Service_cgweoqxu

-------Service_czaacyhy

-------Service_dbhrlpbn

-------Service_dfdikjza

-------Service_dflmbagz

-------Service_djrnsdvk

-------Service_dlsobddj

-------Service_dyiejrpu

-------Service_eovluipf

-------Service_epbpdrdb

-------Service_gqyyceww

-------Service_grlxaazh

-------Service_iiwrrlvq

-------Service_jhkomrnc

-------Service_kueazaew

-------Service_ldutfuif

-------Service_lhptwgkc

-------Service_lkdiflmt

-------Service_llldxwoj

-------Service_mypyslaw

-------Service_qqnrwxmj

-------Service_rtwoadno

.

.

((((((((((((((((((((((((( Files Created from 2011-12-04 to 2012-01-04 )))))))))))))))))))))))))))))))

.

.

2012-01-04 23:48 . 2012-01-04 23:48 29904 ----a-w- c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{955B6672-DC6D-4D65-B59F-97B2B146B647}MpKslc97961a0.sys

2012-01-04 23:48 . 2012-01-04 23:48 56200 ----a-w- c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{955B6672-DC6D-4D65-B59F-97B2B146B647}offreg.dll

2012-01-03 22:57 . 2011-11-21 10:47 6823496 ----a-w- c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{955B6672-DC6D-4D65-B59F-97B2B146B647}mpengine.dll

2011-12-28 01:53 . 2011-12-28 01:53 -------- d-----w- c:program filesZOOM

2011-12-14 22:07 . 2011-12-14 22:07 458752 ----a-w- c:windowssystem32aclperf.dll

2011-12-14 20:18 . 2011-12-14 20:18 458752 ----a-w- c:windowssystem32bootdlg.dll

2011-12-14 19:18 . 2011-12-14 19:18 458752 ----a-w- c:windowssystem32iasmgr10.dll

2011-12-14 03:32 . 2011-12-14 03:32 -------- d-----w- c:windowssystem32wbemRepository

2011-12-14 03:32 . 2011-12-14 03:32 -------- d-----w- c:program filesMicrosoft Security Essentials

2011-12-11 23:18 . 2011-12-11 23:18 -------- d-----r- c:documents and settingsOwnerApplication DataBrother

2011-12-07 03:08 . 2011-12-14 03:31 -------- d-----w- C:192e496d20ae25892cce

2011-12-06 18:07 . 2011-12-06 18:07 -------- d-----w- c:documents and settingsAll UsersApplication DataCyberLink

2011-12-06 06:11 . 2011-12-14 03:32 -------- d-----w- c:program filesMicrosoft Security Client

2011-12-06 03:24 . 2011-12-06 03:24 -------- d-----w- c:program filesApple Software Update

2011-12-06 03:08 . 2011-12-06 03:24 -------- d-s---w- c:documents and settingsAdministrator

2011-12-06 00:28 . 2011-12-06 00:28 -------- d-----w- c:documents and settingsOwnerApplication DataParticipatory Culture Foundation

2011-12-06 00:21 . 2011-12-06 00:21 -------- d-----w- c:program filesParticipatory Culture Foundation

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-10 21:24 . 2011-10-18 00:38 20464 ----a-w- c:windowssystem32driversmbam.sys

2011-11-23 13:25 . 2005-03-23 16:53 1859584 ----a-w- c:windowssystem32win32k.sys

2011-11-21 10:47 . 2010-09-17 03:04 6823496 ----a-w- c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition UpdatesBackupmpengine.dll

2011-11-05 18:57 . 2003-03-19 13:14 499712 ----a-w- c:windowssystem32msvcp71.dll

2011-11-04 19:20 . 2005-03-23 16:53 916992 ----a-w- c:windowssystem32wininet.dll

2011-11-04 19:20 . 2005-03-23 16:52 43520 ----a-w- c:windowssystem32licmgr10.dll

2011-11-04 19:20 . 2005-03-23 16:52 1469440 ------w- c:windowssystem32inetcpl.cpl

2011-11-04 11:23 . 2005-03-23 16:52 385024 ----a-w- c:windowssystem32html.iec

2011-11-01 16:07 . 2005-03-23 16:52 1288704 ----a-w- c:windowssystem32ole32.dll

2011-10-28 05:31 . 2005-03-23 16:52 33280 ----a-w- c:windowssystem32csrsrv.dll

2011-10-25 13:33 . 2005-03-23 16:52 2192768 ----a-w- c:windowssystem32ntoskrnl.exe

2011-10-25 12:52 . 2004-08-04 05:59 2069376 ----a-w- c:windowssystem32ntkrnlpa.exe

2011-10-18 12:28 . 2011-10-18 12:28 414368 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl

2011-10-18 11:13 . 2005-03-23 16:52 186880 ----a-w- c:windowssystem32encdec.dll

2011-10-10 14:22 . 2005-03-23 18:10 692736 ----a-w- c:windowssystem32inetcomm.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunOnce]

"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk&inst=NzctNzYxNzMwMTU2LUZMMTArMS1YTzEwKzExLUxJQysyLVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ&prod=90&ver=2012.0.1831&mid=f5e0687ab8f947d1a09bd1686f011352-06ce4fc639803a2e3563922518183d8e94088cb9" [?]

.

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]

"DWQueuedReporting"="c:progra~1COMMON~1MICROS~1DWdwtrig20.exe" [2010-02-28 519584]

.

[hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:program filesWindows Desktop SearchMSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMsMpSvc]

@="Service"

.

[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor.lnk]

path=c:documents and settingsAll UsersStart MenuProgramsStartupStatus Monitor.lnk

backup=c:windowspssStatus Monitor.lnkCommon Startup

.

[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

path=c:documents and settingsAll UsersStart MenuProgramsStartupWindows Search.lnk

backup=c:windowspssWindows Search.lnkCommon Startup

.

[HKLM~startupfolderC:^Documents and Settings^Owner^Start Menu^Programs^Startup^Desktop Alert.lnk]

path=c:documents and settingsOwnerStart MenuProgramsStartupDesktop Alert.lnk

backup=c:windowspssDesktop Alert.lnkStartup

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAppleSyncNotifier]

2011-04-20 17:48 58656 ----a-w- c:program filesCommon FilesAppleMobile Device SupportAppleSyncNotifier.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregATIPTA]

2005-03-18 04:05 339968 ----a-w- c:program filesATI TechnologiesATI Control Panelatiptaxx.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBigDogPath]

2003-01-21 20:19 40960 ----a-w- c:windowsVM_STI.EXE

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregControlCenter2.0]

2004-07-20 14:34 851968 ----a-w- c:program filesBrotherControlCenter2brctrcen.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:windowssystem32ctfmon.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregIndexSearch]

2004-04-14 20:04 40960 ----a-w- c:program filesScanSoftPaperPortIndexSearch.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregiTunesHelper]

2011-04-27 06:22 421160 ----a-w- c:program filesiTunesiTunesHelper.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMessenger (Yahoo!)]

2010-06-01 15:17 5252408 ----a-w- c:progra~1Yahoo!MessengerYahooMessenger.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSMSGS]

2008-04-14 00:12 1695232 ----a-w- c:program filesMessengermsmsgs.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSSE]

2010-09-15 11:34 1094224 ----a-w- c:program filesMicrosoft Security Essentialsmsseces.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]

2001-07-09 18:50 155648 ----a-w- c:windowssystem32NeroCheck.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPaperPort PTD]

2004-04-14 19:46 57393 ----a-w- c:program filesScanSoftPaperPortpptd40nt.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]

2010-11-29 23:38 421888 ----a-w- c:program filesQuickTimeQTTask.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRecguard]

2002-09-14 06:42 212992 ----a-w- c:windowsSMINSTRecguard.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRemoteControl]

2004-11-03 01:24 32768 ----a-w- c:program filesCyberLinkPowerDVDPDVDServ.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSetDefPrt]

2004-05-25 14:16 49152 ------w- c:program filesBrotherBrmfl04aBrStDvPt.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSkype]

2011-06-15 20:02 15141768 ----a-r- c:program filesSkypePhoneSkype.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSoundMan]

2004-12-01 23:54 77824 ----a-w- c:windowsSOUNDMAN.EXE

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSSBkgdUpdate]

2003-10-14 15:22 155648 ----a-r- c:program filesCommon FilesScanSoft SharedSSBkgdUpdateSSBkgdUpdate.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched]

2010-05-14 19:44 248552 ----a-w- c:program filesCommon FilesJavaJava Updatejusched.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunKistEM]

2004-11-15 22:04 135168 ----a-w- c:program filesDigital Media ReadershwiconEM.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTomTomHOME.exe]

2011-04-22 12:21 247728 ----a-w- c:program filesTomTom HOME 2TomTomHOMERunner.exe

.

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]

"%windir%system32sessmgr.exe"=

"%windir%Network Diagnosticxpnetdiag.exe"=

"c:Program FilesYahoo!MessengerYahooMessenger.exe"=

"c:Program FilesBonjourmDNSResponder.exe"=

"c:Program FilesiTunesiTunes.exe"=

"c:Program FilesSkypePhoneSkype.exe"=

.

R1 MpKslc97961a0;MpKslc97961a0;c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{955B6672-DC6D-4D65-B59F-97B2B146B647}MpKslc97961a0.sys [1/4/2012 5:48 PM 29904]

R2 cvhsvc;Client Virtualization Handler;c:program filesCommon FilesMicrosoft SharedVirtualization HandlerCVHSVC.EXE [10/20/2010 3:23 PM 821664]

R2 LinksysUpdater;Linksys Updater;c:program filesLinksysLinksys UpdaterbinLinksysUpdater.exe [1/15/2008 11:28 AM 204800]

R2 sftlist;Application Virtualization Client;c:program filesMicrosoft Application Virtualization Clientsftlist.exe [9/14/2010 5:46 AM 508264]

R3 Sftfs;Sftfs;c:windowssystem32driversSftfsxp.sys [12/2/2009 9:23 PM 581480]

R3 Sftplay;Sftplay;c:windowssystem32driversSftplayxp.sys [12/2/2009 9:23 PM 209640]

R3 Sftredir;Sftredir;c:windowssystem32driversSftredirxp.sys [12/2/2009 9:23 PM 20584]

R3 Sftvol;Sftvol;c:windowssystem32driversSftvolxp.sys [12/2/2009 9:23 PM 18280]

R3 sftvsa;Application Virtualization Service Agent;c:program filesMicrosoft Application Virtualization Clientsftvsa.exe [9/14/2010 5:46 AM 219496]

S1 MpKsl041785b4;MpKsl041785b4;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{05CAB850-1A7B-4E3C-AE31-0C60BFE0EF30}MpKsl041785b4.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{05CAB850-1A7B-4E3C-AE31-0C60BFE0EF30}MpKsl041785b4.sys [?]

S1 MpKsl04ace497;MpKsl04ace497;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{2F77433D-ECD4-4811-8CC4-BC8F16AC736F}MpKsl04ace497.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{2F77433D-ECD4-4811-8CC4-BC8F16AC736F}MpKsl04ace497.sys [?]

S1 MpKsl059ec4a8;MpKsl059ec4a8;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{AAFC5781-F57E-4234-B283-5D3F2B556E90}MpKsl059ec4a8.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{AAFC5781-F57E-4234-B283-5D3F2B556E90}MpKsl059ec4a8.sys [?]

S1 MpKsl0f3f07bb;MpKsl0f3f07bb;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{E0E1F894-33C6-4985-A32F-BB3B6BBAA57B}MpKsl0f3f07bb.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{E0E1F894-33C6-4985-A32F-BB3B6BBAA57B}MpKsl0f3f07bb.sys [?]

S1 MpKsl0ffc53b4;MpKsl0ffc53b4;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{D3401703-C036-4817-8162-DD84115A7C03}MpKsl0ffc53b4.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{D3401703-C036-4817-8162-DD84115A7C03}MpKsl0ffc53b4.sys [?]

S1 MpKsl14dc7263;MpKsl14dc7263;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{0CAADE4F-6DAC-4951-A650-B7760EBC5E4B}MpKsl14dc7263.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{0CAADE4F-6DAC-4951-A650-B7760EBC5E4B}MpKsl14dc7263.sys [?]

S1 MpKsl1a132f66;MpKsl1a132f66;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{8FCEC918-CB82-41F7-82D2-1B06FB26A933}MpKsl1a132f66.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{8FCEC918-CB82-41F7-82D2-1B06FB26A933}MpKsl1a132f66.sys [?]

S1 MpKsl1b64075b;MpKsl1b64075b;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{5AF00CFD-3C9B-4E7B-8317-ABA631DAD3A1}MpKsl1b64075b.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{5AF00CFD-3C9B-4E7B-8317-ABA631DAD3A1}MpKsl1b64075b.sys [?]

S1 MpKsl1f3a6a2c;MpKsl1f3a6a2c;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{955B6672-DC6D-4D65-B59F-97B2B146B647}MpKsl1f3a6a2c.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{955B6672-DC6D-4D65-B59F-97B2B146B647}MpKsl1f3a6a2c.sys [?]

S1 MpKsl21501628;MpKsl21501628;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{E9DD2295-D9F7-4184-98D1-FB1DD7745CBD}MpKsl21501628.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{E9DD2295-D9F7-4184-98D1-FB1DD7745CBD}MpKsl21501628.sys [?]

S1 MpKsl3426e806;MpKsl3426e806;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{049F7735-8464-47D7-9B35-DEEE08FD987B}MpKsl3426e806.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{049F7735-8464-47D7-9B35-DEEE08FD987B}MpKsl3426e806.sys [?]

S1 MpKsl40ba36d7;MpKsl40ba36d7;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{2F77433D-ECD4-4811-8CC4-BC8F16AC736F}MpKsl40ba36d7.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{2F77433D-ECD4-4811-8CC4-BC8F16AC736F}MpKsl40ba36d7.sys [?]

S1 MpKsl42194ebe;MpKsl42194ebe;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{114DC8B9-1F00-41CF-8DCB-D1903919F881}MpKsl42194ebe.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{114DC8B9-1F00-41CF-8DCB-D1903919F881}MpKsl42194ebe.sys [?]

S1 MpKsl46ad5bf5;MpKsl46ad5bf5;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{F7F4A1B3-384D-4433-8E89-46D0A673FADB}MpKsl46ad5bf5.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{F7F4A1B3-384D-4433-8E89-46D0A673FADB}MpKsl46ad5bf5.sys [?]

S1 MpKsl47ad3348;MpKsl47ad3348;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{F4567C5B-8FBC-47B5-B28C-485BA1D4E43E}MpKsl47ad3348.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{F4567C5B-8FBC-47B5-B28C-485BA1D4E43E}MpKsl47ad3348.sys [?]

S1 MpKsl4c40c17d;MpKsl4c40c17d;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{69BFCE84-C29D-4EAA-84E0-EC59F44C0F7E}MpKsl4c40c17d.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{69BFCE84-C29D-4EAA-84E0-EC59F44C0F7E}MpKsl4c40c17d.sys [?]

S1 MpKsl508b2718;MpKsl508b2718;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{47517185-D7B8-43C4-B442-1F191D45FCFA}MpKsl508b2718.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{47517185-D7B8-43C4-B442-1F191D45FCFA}MpKsl508b2718.sys [?]

S1 MpKsl5788ea9f;MpKsl5788ea9f;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{3BA4A78C-EEAE-45A9-995C-2CFFCB4D911A}MpKsl5788ea9f.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{3BA4A78C-EEAE-45A9-995C-2CFFCB4D911A}MpKsl5788ea9f.sys [?]

S1 MpKsl5d1d0e2a;MpKsl5d1d0e2a;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{E70258D5-564D-485A-BC8C-27C18B09BCB7}MpKsl5d1d0e2a.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{E70258D5-564D-485A-BC8C-27C18B09BCB7}MpKsl5d1d0e2a.sys [?]

S1 MpKsl68017f38;MpKsl68017f38;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{1A1A27B1-5C41-488F-928A-2077E90DE80C}MpKsl68017f38.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{1A1A27B1-5C41-488F-928A-2077E90DE80C}MpKsl68017f38.sys [?]

S1 MpKsl6955d0d1;MpKsl6955d0d1;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{118C703C-D0FC-4975-9D42-7B1712F17395}MpKsl6955d0d1.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{118C703C-D0FC-4975-9D42-7B1712F17395}MpKsl6955d0d1.sys [?]

S1 MpKsl6be03382;MpKsl6be03382;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{B431DCD1-9111-4F6F-A836-52429E603B52}MpKsl6be03382.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{B431DCD1-9111-4F6F-A836-52429E603B52}MpKsl6be03382.sys [?]

S1 MpKsl70127f5f;MpKsl70127f5f;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{AAD30D41-3562-49A4-BB90-0C535B871506}MpKsl70127f5f.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{AAD30D41-3562-49A4-BB90-0C535B871506}MpKsl70127f5f.sys [?]

S1 MpKsl78af9377;MpKsl78af9377;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{993A047F-896E-4519-8219-CF46A43AD966}MpKsl78af9377.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{993A047F-896E-4519-8219-CF46A43AD966}MpKsl78af9377.sys [?]

S1 MpKsl792635ce;MpKsl792635ce;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{AAFC5781-F57E-4234-B283-5D3F2B556E90}MpKsl792635ce.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{AAFC5781-F57E-4234-B283-5D3F2B556E90}MpKsl792635ce.sys [?]

S1 MpKsl818eb5cd;MpKsl818eb5cd;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{79A5785F-D06A-4CAE-8F9E-BDF00E311AEE}MpKsl818eb5cd.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{79A5785F-D06A-4CAE-8F9E-BDF00E311AEE}MpKsl818eb5cd.sys [?]

S1 MpKsl8af57843;MpKsl8af57843;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{6B4E96A8-50BB-4527-A976-C724E2130812}MpKsl8af57843.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{6B4E96A8-50BB-4527-A976-C724E2130812}MpKsl8af57843.sys [?]

S1 MpKsl9e543ae1;MpKsl9e543ae1;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{8BF20083-4848-48C5-BEE0-C8A4FC0FA253}MpKsl9e543ae1.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{8BF20083-4848-48C5-BEE0-C8A4FC0FA253}MpKsl9e543ae1.sys [?]

S1 MpKsla196fd05;MpKsla196fd05;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{BC4D29EE-71D6-4322-81A4-4B05E70FD07E}MpKsla196fd05.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{BC4D29EE-71D6-4322-81A4-4B05E70FD07E}MpKsla196fd05.sys [?]

S1 MpKsla6cddc86;MpKsla6cddc86;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{1EB2833A-3265-4258-9D2B-6E23452CC05A}MpKsla6cddc86.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{1EB2833A-3265-4258-9D2B-6E23452CC05A}MpKsla6cddc86.sys [?]

S1 MpKslac06dc1a;MpKslac06dc1a;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{7981E9A2-C74B-48A7-8731-529B3098EB70}MpKslac06dc1a.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{7981E9A2-C74B-48A7-8731-529B3098EB70}MpKslac06dc1a.sys [?]

S1 MpKslad78c156;MpKslad78c156;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{EEFE04D5-7DFA-4623-9A45-2EE8B84306A3}MpKslad78c156.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{EEFE04D5-7DFA-4623-9A45-2EE8B84306A3}MpKslad78c156.sys [?]

S1 MpKslba1f3005;MpKslba1f3005;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{326310B3-6D31-4373-A3CE-50F5AC51A77B}MpKslba1f3005.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{326310B3-6D31-4373-A3CE-50F5AC51A77B}MpKslba1f3005.sys [?]

S1 MpKslbb1aa00d;MpKslbb1aa00d;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{05CAB850-1A7B-4E3C-AE31-0C60BFE0EF30}MpKslbb1aa00d.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{05CAB850-1A7B-4E3C-AE31-0C60BFE0EF30}MpKslbb1aa00d.sys [?]

S1 MpKslbbb7477e;MpKslbbb7477e;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{E084E324-B3F6-4CB4-97A0-1260521363A2}MpKslbbb7477e.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{E084E324-B3F6-4CB4-97A0-1260521363A2}MpKslbbb7477e.sys [?]

S1 MpKslbe2942c8;MpKslbe2942c8;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{C00602DA-C65F-41D9-B2C6-595FBBA384EC}MpKslbe2942c8.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{C00602DA-C65F-41D9-B2C6-595FBBA384EC}MpKslbe2942c8.sys [?]

S1 MpKslc346ca72;MpKslc346ca72;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{300746C3-0C61-4EF3-A2E6-E3FD00FCFD96}MpKslc346ca72.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{300746C3-0C61-4EF3-A2E6-E3FD00FCFD96}MpKslc346ca72.sys [?]

S1 MpKslc7e435c0;MpKslc7e435c0;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{993A047F-896E-4519-8219-CF46A43AD966}MpKslc7e435c0.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{993A047F-896E-4519-8219-CF46A43AD966}MpKslc7e435c0.sys [?]

S1 MpKslca02702e;MpKslca02702e;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{06EE09F7-3601-4F34-8BEC-29BFC1460335}MpKslca02702e.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{06EE09F7-3601-4F34-8BEC-29BFC1460335}MpKslca02702e.sys [?]

S1 MpKslce228fc3;MpKslce228fc3;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{B1C46A61-9822-4385-A442-D21F1C0CAF01}MpKslce228fc3.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{B1C46A61-9822-4385-A442-D21F1C0CAF01}MpKslce228fc3.sys [?]

S1 MpKsle09f4daf;MpKsle09f4daf;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{933C57ED-8A63-4D1D-A705-FE9B6108143E}MpKsle09f4daf.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{933C57ED-8A63-4D1D-A705-FE9B6108143E}MpKsle09f4daf.sys [?]

S1 MpKsle63cd9bc;MpKsle63cd9bc;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{008B3206-7D59-49B8-AE05-0A6695B688AA}MpKsle63cd9bc.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{008B3206-7D59-49B8-AE05-0A6695B688AA}MpKsle63cd9bc.sys [?]

S1 MpKsle9ff5327;MpKsle9ff5327;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{69F7358A-DD05-4EBA-A5F8-4F1922E74031}MpKsle9ff5327.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{69F7358A-DD05-4EBA-A5F8-4F1922E74031}MpKsle9ff5327.sys [?]

S1 MpKslec6256e7;MpKslec6256e7;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{E9DD2295-D9F7-4184-98D1-FB1DD7745CBD}MpKslec6256e7.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{E9DD2295-D9F7-4184-98D1-FB1DD7745CBD}MpKslec6256e7.sys [?]

S1 MpKslf0b7504d;MpKslf0b7504d;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{A454A123-D4E9-4EF0-8335-539FC4209F36}MpKslf0b7504d.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{A454A123-D4E9-4EF0-8335-539FC4209F36}MpKslf0b7504d.sys [?]

S1 MpKslf0e1dc77;MpKslf0e1dc77;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{1EB2833A-3265-4258-9D2B-6E23452CC05A}MpKslf0e1dc77.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{1EB2833A-3265-4258-9D2B-6E23452CC05A}MpKslf0e1dc77.sys [?]

S1 MpKslfba14a47;MpKslfba14a47;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{C8B47794-3C7E-4A23-A54F-1310F6BB13FB}MpKslfba14a47.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{C8B47794-3C7E-4A23-A54F-1310F6BB13FB}MpKslfba14a47.sys [?]

S1 MpKslfbf17d03;MpKslfbf17d03;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{B431DCD1-9111-4F6F-A836-52429E603B52}MpKslfbf17d03.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{B431DCD1-9111-4F6F-A836-52429E603B52}MpKslfbf17d03.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:windowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [3/18/2010 2:16 PM 130384]

S2 gupdate;Google Update Service (gupdate);c:program filesGoogleUpdateGoogleUpdate.exe [11/5/2011 12:51 PM 136176]

S3 gupdatem;Google Update Service (gupdatem);c:program filesGoogleUpdateGoogleUpdate.exe [11/5/2011 12:51 PM 136176]

S3 osppsvc;Office Software Protection Platform;c:program filesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE [1/9/2010 8:37 PM 4640000]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:windowsMicrosoft.NETFrameworkv4.0.30319WPFWPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MPKSLC97961A0

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-31 c:windowsTasksAppleSoftwareUpdate.job

- c:program filesApple Software UpdateSoftwareUpdate.exe [2011-12-06 17:50]

.

2012-01-04 c:windowsTasksGoogleUpdateTaskMachineCore.job

- c:program filesGoogleUpdateGoogleUpdate.exe [2011-11-05 18:50]

.

2012-01-04 c:windowsTasksGoogleUpdateTaskMachineUA.job

- c:program filesGoogleUpdateGoogleUpdate.exe [2011-11-05 18:50]

.

2012-01-04 c:windowsTasksMP Scheduled Scan.job

- c:program filesMicrosoft Security EssentialsMpCmdRun.exe [2010-03-26 04:40]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://www.yahoo.com/?ilc=8

uInternet Connection Wizard,ShellNext = "c:program filesOutlook Expressmsimn.exe"

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000

TCP: DhcpNameServer = 209.55.5.10 209.55.5.11

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-01-04 17:52

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(808)

c:windowssystem32Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(3484)

c:windowssystem32WININET.dll

c:program filesWindows Desktop Searchdeskbar.dll

c:program filesWindows Desktop Searchen-usdbres.dll.mui

c:program filesWindows Desktop Searchdbres.dll

c:program filesWindows Desktop Searchwordwheel.dll

c:program filesWindows Desktop Searchen-usmsnlExtRes.dll.mui

c:program filesWindows Desktop SearchmsnlExtRes.dll

c:windowssystem32ieframe.dll

c:windowssystem32webcheck.dll

c:windowssystem32WPDShServiceObj.dll

c:windowssystem32PortableDeviceTypes.dll

c:windowssystem32PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:windowssystem32Ati2evxx.exe

c:program filesMicrosoft Security EssentialsMsMpEng.exe

c:windowssystem32Ati2evxx.exe

c:windowssystem32brss01a.exe

c:program filesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe

c:program filesBonjourmDNSResponder.exe

c:windowssystem32Brmfrmps.exe

c:program filesJavajre6binjqs.exe

c:program filesCommon FilesNew BoundaryPrismXLPRISMXL.SYS

c:program filesYahoo!SoftwareUpdateYahooAUService.exe

c:windowssystem32SearchIndexer.exe

c:windowssystem32java.exe

c:windowssystem32wscntfy.exe

.

**************************************************************************

.

Completion time: 2012-01-04 17:58:58 - machine was rebooted

ComboFix-quarantined-files.txt 2012-01-04 23:58

ComboFix2.txt 2012-01-04 03:16

.

Pre-Run: 54,460,497,920 bytes free

Post-Run: 54,351,077,376 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS

[operating systems]

c:cmdconsBOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 620013C5439999268D34433577DF8204

Share this post


Link to post
Share on other sites

Hi,

 

Thank you. I'm sorry I took awhile to reply. I didn't see this this morning. I'm trying to respond as quickly as possible so I don't waste anyone's time.

You aren't wasting my time at all. :)

--------

 

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    File::
    
    c:\windows\system32\aclperf.dll
    
    c:\windows\system32\bootdlg.dll
    
    c:\windows\system32\iasmgr10.dll
    
    DirLook::
    
    c:\program files\ZOOM
    
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

     

    Posted Image

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

----------

 

 

I see that you have Malwarebytes on your system. Please open Malwarebytes, update it and then run a Quick Scan. Please save the log that is created for your next reply.

----------

 

 

ESET Online Scanner

I'd like us to scan your machine with ESET Online Scan

 

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.

Please don't go surfing while your resident protection is disabled!

Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

 

 

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin

    scanning your computer. Please be patient as this can take some time.

  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as

    ESETScan. Include the contents of this report in your next reply.

  • Push the Back button.
  • Push Finish
http://www.eset.com/onlinescan/

----------

 

In your next reply please post the logs created by ComboFix, Malwarebytes and ESET online scanner. :)

Share this post


Link to post
Share on other sites

ESETScan.txtComboFix 12-01-04.03 - Owner 01/04/2012 20:13:53.4.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.382.160 [GMT -6:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

.

((((((((((((((((((((((((( Files Created from 2011-12-05 to 2012-01-05 )))))))))))))))))))))))))))))))

.

.

2012-01-05 00:05 . 2012-01-05 00:05 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C5BE0925-4127-4122-A6A1-7131FBD4FDA9}\MpKsl1a23e355.sys

2012-01-05 00:03 . 2012-01-05 00:03 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C5BE0925-4127-4122-A6A1-7131FBD4FDA9}\offreg.dll

2012-01-05 00:03 . 2011-11-21 10:47 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C5BE0925-4127-4122-A6A1-7131FBD4FDA9}\mpengine.dll

2011-12-28 01:53 . 2011-12-28 01:53 -------- d-----w- c:\program files\ZOOM

2011-12-14 22:07 . 2011-12-14 22:07 458752 ----a-w- c:\windows\system32\aclperf.dll

2011-12-14 20:18 . 2011-12-14 20:18 458752 ----a-w- c:\windows\system32\bootdlg.dll

2011-12-14 19:18 . 2011-12-14 19:18 458752 ----a-w- c:\windows\system32\iasmgr10.dll

2011-12-14 03:32 . 2011-12-14 03:32 -------- d-----w- c:\windows\system32\wbem\Repository

2011-12-14 03:32 . 2011-12-14 03:32 -------- d-----w- c:\program files\Microsoft Security Essentials

2011-12-11 23:18 . 2011-12-11 23:18 -------- d-----r- c:\documents and settings\Owner\Application Data\Brother

2011-12-07 03:08 . 2011-12-14 03:31 -------- d-----w- C:\192e496d20ae25892cce

2011-12-06 18:07 . 2011-12-06 18:07 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink

2011-12-06 06:11 . 2011-12-14 03:32 -------- d-----w- c:\program files\Microsoft Security Client

2011-12-06 03:24 . 2011-12-06 03:24 -------- d-----w- c:\program files\Apple Software Update

2011-12-06 03:08 . 2011-12-06 03:24 -------- d-s---w- c:\documents and settings\Administrator

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-04 09:26 . 2010-09-16 02:42 236576 ------w- c:\windows\system32\MpSigStub.exe

2011-12-10 21:24 . 2011-10-18 00:38 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-23 13:25 . 2005-03-23 16:53 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-21 10:47 . 2010-09-17 03:04 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-11-05 18:57 . 2003-03-19 13:14 499712 ----a-w- c:\windows\system32\msvcp71.dll

2011-11-04 19:20 . 2005-03-23 16:53 916992 ----a-w- c:\windows\system32\wininet.dll

2011-11-04 19:20 . 2005-03-23 16:52 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-11-04 19:20 . 2005-03-23 16:52 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-11-04 11:23 . 2005-03-23 16:52 385024 ----a-w- c:\windows\system32\html.iec

2011-11-01 16:07 . 2005-03-23 16:52 1288704 ----a-w- c:\windows\system32\ole32.dll

2011-10-28 05:31 . 2005-03-23 16:52 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-25 13:33 . 2005-03-23 16:52 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-10-25 12:52 . 2004-08-04 05:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-18 12:28 . 2011-10-18 12:28 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-18 11:13 . 2005-03-23 16:52 186880 ----a-w- c:\windows\system32\encdec.dll

2011-10-10 14:22 . 2005-03-23 18:10 692736 ----a-w- c:\windows\system32\inetcomm.dll

.

.

((((((((((((((((((((((((((((( [email protected]_23.50.02 )))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http://www.avg.com/w...8183d8e94088cb9" [?]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk

backup=c:\windows\pss\Status Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

backup=c:\windows\pss\Windows Search.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Desktop Alert.lnk]

path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Desktop Alert.lnk

backup=c:\windows\pss\Desktop Alert.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2011-04-20 17:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

2005-03-18 04:05 339968 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]

2003-01-21 20:19 40960 ----a-w- c:\windows\VM_STI.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]

2004-07-20 14:34 851968 ----a-w- c:\program files\Brother\ControlCenter2\brctrcen.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]

2004-04-14 20:04 40960 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-04-27 06:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]

2010-06-01 15:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]

2010-09-15 11:34 1094224 ----a-w- c:\program files\Microsoft Security Essentials\msseces.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 18:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]

2004-04-14 19:46 57393 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]

2002-09-14 06:42 212992 ----a-w- c:\windows\SMINST\Recguard.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2004-11-03 01:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]

2004-05-25 14:16 49152 ------w- c:\program files\Brother\Brmfl04a\BrStDvPt.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2011-06-15 20:02 15141768 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

2004-12-01 23:54 77824 ----a-w- c:\windows\SOUNDMAN.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

2003-10-14 15:22 155648 ----a-r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 19:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]

2004-11-15 22:04 135168 ----a-w- c:\program files\Digital Media Reader\shwiconEM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

2011-04-22 12:21 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

R1 MpKsl1a23e355;MpKsl1a23e355;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C5BE0925-4127-4122-A6A1-7131FBD4FDA9}\MpKsl1a23e355.sys [1/4/2012 6:05 PM 29904]

R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [10/20/2010 3:23 PM 821664]

R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [9/14/2010 5:46 AM 508264]

R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [12/2/2009 9:23 PM 581480]

R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [12/2/2009 9:23 PM 209640]

R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [12/2/2009 9:23 PM 20584]

R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [12/2/2009 9:23 PM 18280]

R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [9/14/2010 5:46 AM 219496]

S1 MpKsl041785b4;MpKsl041785b4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{05CAB850-1A7B-4E3C-AE31-0C60BFE0EF30}\MpKsl041785b4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{05CAB850-1A7B-4E3C-AE31-0C60BFE0EF30}\MpKsl041785b4.sys [?]

S1 MpKsl04ace497;MpKsl04ace497;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2F77433D-ECD4-4811-8CC4-BC8F16AC736F}\MpKsl04ace497.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2F77433D-ECD4-4811-8CC4-BC8F16AC736F}\MpKsl04ace497.sys [?]

S1 MpKsl059ec4a8;MpKsl059ec4a8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AAFC5781-F57E-4234-B283-5D3F2B556E90}\MpKsl059ec4a8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AAFC5781-F57E-4234-B283-5D3F2B556E90}\MpKsl059ec4a8.sys [?]

S1 MpKsl0f3f07bb;MpKsl0f3f07bb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E0E1F894-33C6-4985-A32F-BB3B6BBAA57B}\MpKsl0f3f07bb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E0E1F894-33C6-4985-A32F-BB3B6BBAA57B}\MpKsl0f3f07bb.sys [?]

S1 MpKsl0ffc53b4;MpKsl0ffc53b4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D3401703-C036-4817-8162-DD84115A7C03}\MpKsl0ffc53b4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D3401703-C036-4817-8162-DD84115A7C03}\MpKsl0ffc53b4.sys [?]

S1 MpKsl14dc7263;MpKsl14dc7263;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0CAADE4F-6DAC-4951-A650-B7760EBC5E4B}\MpKsl14dc7263.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0CAADE4F-6DAC-4951-A650-B7760EBC5E4B}\MpKsl14dc7263.sys [?]

S1 MpKsl1a132f66;MpKsl1a132f66;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8FCEC918-CB82-41F7-82D2-1B06FB26A933}\MpKsl1a132f66.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8FCEC918-CB82-41F7-82D2-1B06FB26A933}\MpKsl1a132f66.sys [?]

S1 MpKsl1b64075b;MpKsl1b64075b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5AF00CFD-3C9B-4E7B-8317-ABA631DAD3A1}\MpKsl1b64075b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5AF00CFD-3C9B-4E7B-8317-ABA631DAD3A1}\MpKsl1b64075b.sys [?]

S1 MpKsl1f3a6a2c;MpKsl1f3a6a2c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{955B6672-DC6D-4D65-B59F-97B2B146B647}\MpKsl1f3a6a2c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{955B6672-DC6D-4D65-B59F-97B2B146B647}\MpKsl1f3a6a2c.sys [?]

S1 MpKsl21501628;MpKsl21501628;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E9DD2295-D9F7-4184-98D1-FB1DD7745CBD}\MpKsl21501628.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E9DD2295-D9F7-4184-98D1-FB1DD7745CBD}\MpKsl21501628.sys [?]

S1 MpKsl3426e806;MpKsl3426e806;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{049F7735-8464-47D7-9B35-DEEE08FD987B}\MpKsl3426e806.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{049F7735-8464-47D7-9B35-DEEE08FD987B}\MpKsl3426e806.sys [?]

S1 MpKsl40ba36d7;MpKsl40ba36d7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2F77433D-ECD4-4811-8CC4-BC8F16AC736F}\MpKsl40ba36d7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2F77433D-ECD4-4811-8CC4-BC8F16AC736F}\MpKsl40ba36d7.sys [?]

S1 MpKsl42194ebe;MpKsl42194ebe;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{114DC8B9-1F00-41CF-8DCB-D1903919F881}\MpKsl42194ebe.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{114DC8B9-1F00-41CF-8DCB-D1903919F881}\MpKsl42194ebe.sys [?]

S1 MpKsl46ad5bf5;MpKsl46ad5bf5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F7F4A1B3-384D-4433-8E89-46D0A673FADB}\MpKsl46ad5bf5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F7F4A1B3-384D-4433-8E89-46D0A673FADB}\MpKsl46ad5bf5.sys [?]

S1 MpKsl47ad3348;MpKsl47ad3348;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F4567C5B-8FBC-47B5-B28C-485BA1D4E43E}\MpKsl47ad3348.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F4567C5B-8FBC-47B5-B28C-485BA1D4E43E}\MpKsl47ad3348.sys [?]

S1 MpKsl4c40c17d;MpKsl4c40c17d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69BFCE84-C29D-4EAA-84E0-EC59F44C0F7E}\MpKsl4c40c17d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69BFCE84-C29D-4EAA-84E0-EC59F44C0F7E}\MpKsl4c40c17d.sys [?]

S1 MpKsl508b2718;MpKsl508b2718;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{47517185-D7B8-43C4-B442-1F191D45FCFA}\MpKsl508b2718.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{47517185-D7B8-43C4-B442-1F191D45FCFA}\MpKsl508b2718.sys [?]

S1 MpKsl5788ea9f;MpKsl5788ea9f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3BA4A78C-EEAE-45A9-995C-2CFFCB4D911A}\MpKsl5788ea9f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3BA4A78C-EEAE-45A9-995C-2CFFCB4D911A}\MpKsl5788ea9f.sys [?]

S1 MpKsl5d1d0e2a;MpKsl5d1d0e2a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E70258D5-564D-485A-BC8C-27C18B09BCB7}\MpKsl5d1d0e2a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E70258D5-564D-485A-BC8C-27C18B09BCB7}\MpKsl5d1d0e2a.sys [?]

S1 MpKsl68017f38;MpKsl68017f38;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1A1A27B1-5C41-488F-928A-2077E90DE80C}\MpKsl68017f38.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1A1A27B1-5C41-488F-928A-2077E90DE80C}\MpKsl68017f38.sys [?]

S1 MpKsl6955d0d1;MpKsl6955d0d1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{118C703C-D0FC-4975-9D42-7B1712F17395}\MpKsl6955d0d1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{118C703C-D0FC-4975-9D42-7B1712F17395}\MpKsl6955d0d1.sys [?]

S1 MpKsl6be03382;MpKsl6be03382;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B431DCD1-9111-4F6F-A836-52429E603B52}\MpKsl6be03382.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B431DCD1-9111-4F6F-A836-52429E603B52}\MpKsl6be03382.sys [?]

S1 MpKsl70127f5f;MpKsl70127f5f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AAD30D41-3562-49A4-BB90-0C535B871506}\MpKsl70127f5f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AAD30D41-3562-49A4-BB90-0C535B871506}\MpKsl70127f5f.sys [?]

S1 MpKsl78af9377;MpKsl78af9377;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{993A047F-896E-4519-8219-CF46A43AD966}\MpKsl78af9377.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{993A047F-896E-4519-8219-CF46A43AD966}\MpKsl78af9377.sys [?]

S1 MpKsl792635ce;MpKsl792635ce;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AAFC5781-F57E-4234-B283-5D3F2B556E90}\MpKsl792635ce.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AAFC5781-F57E-4234-B283-5D3F2B556E90}\MpKsl792635ce.sys [?]

S1 MpKsl818eb5cd;MpKsl818eb5cd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{79A5785F-D06A-4CAE-8F9E-BDF00E311AEE}\MpKsl818eb5cd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{79A5785F-D06A-4CAE-8F9E-BDF00E311AEE}\MpKsl818eb5cd.sys [?]

S1 MpKsl8af57843;MpKsl8af57843;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6B4E96A8-50BB-4527-A976-C724E2130812}\MpKsl8af57843.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6B4E96A8-50BB-4527-A976-C724E2130812}\MpKsl8af57843.sys [?]

S1 MpKsl9e543ae1;MpKsl9e543ae1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8BF20083-4848-48C5-BEE0-C8A4FC0FA253}\MpKsl9e543ae1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8BF20083-4848-48C5-BEE0-C8A4FC0FA253}\MpKsl9e543ae1.sys [?]

S1 MpKsla196fd05;MpKsla196fd05;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BC4D29EE-71D6-4322-81A4-4B05E70FD07E}\MpKsla196fd05.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BC4D29EE-71D6-4322-81A4-4B05E70FD07E}\MpKsla196fd05.sys [?]

S1 MpKsla6cddc86;MpKsla6cddc86;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1EB2833A-3265-4258-9D2B-6E23452CC05A}\MpKsla6cddc86.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1EB2833A-3265-4258-9D2B-6E23452CC05A}\MpKsla6cddc86.sys [?]

S1 MpKslac06dc1a;MpKslac06dc1a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7981E9A2-C74B-48A7-8731-529B3098EB70}\MpKslac06dc1a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7981E9A2-C74B-48A7-8731-529B3098EB70}\MpKslac06dc1a.sys [?]

S1 MpKslad78c156;MpKslad78c156;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EEFE04D5-7DFA-4623-9A45-2EE8B84306A3}\MpKslad78c156.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EEFE04D5-7DFA-4623-9A45-2EE8B84306A3}\MpKslad78c156.sys [?]

S1 MpKslba1f3005;MpKslba1f3005;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{326310B3-6D31-4373-A3CE-50F5AC51A77B}\MpKslba1f3005.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{326310B3-6D31-4373-A3CE-50F5AC51A77B}\MpKslba1f3005.sys [?]

S1 MpKslbb1aa00d;MpKslbb1aa00d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{05CAB850-1A7B-4E3C-AE31-0C60BFE0EF30}\MpKslbb1aa00d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{05CAB850-1A7B-4E3C-AE31-0C60BFE0EF30}\MpKslbb1aa00d.sys [?]

S1 MpKslbbb7477e;MpKslbbb7477e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E084E324-B3F6-4CB4-97A0-1260521363A2}\MpKslbbb7477e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E084E324-B3F6-4CB4-97A0-1260521363A2}\MpKslbbb7477e.sys [?]

S1 MpKslbe2942c8;MpKslbe2942c8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C00602DA-C65F-41D9-B2C6-595FBBA384EC}\MpKslbe2942c8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C00602DA-C65F-41D9-B2C6-595FBBA384EC}\MpKslbe2942c8.sys [?]

S1 MpKslc346ca72;MpKslc346ca72;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{300746C3-0C61-4EF3-A2E6-E3FD00FCFD96}\MpKslc346ca72.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{300746C3-0C61-4EF3-A2E6-E3FD00FCFD96}\MpKslc346ca72.sys [?]

S1 MpKslc7e435c0;MpKslc7e435c0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{993A047F-896E-4519-8219-CF46A43AD966}\MpKslc7e435c0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{993A047F-896E-4519-8219-CF46A43AD966}\MpKslc7e435c0.sys [?]

S1 MpKslca02702e;MpKslca02702e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{06EE09F7-3601-4F34-8BEC-29BFC1460335}\MpKslca02702e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{06EE09F7-3601-4F34-8BEC-29BFC1460335}\MpKslca02702e.sys [?]

S1 MpKslce228fc3;MpKslce228fc3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B1C46A61-9822-4385-A442-D21F1C0CAF01}\MpKslce228fc3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B1C46A61-9822-4385-A442-D21F1C0CAF01}\MpKslce228fc3.sys [?]

S1 MpKsle09f4daf;MpKsle09f4daf;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{933C57ED-8A63-4D1D-A705-FE9B6108143E}\MpKsle09f4daf.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{933C57ED-8A63-4D1D-A705-FE9B6108143E}\MpKsle09f4daf.sys [?]

S1 MpKsle63cd9bc;MpKsle63cd9bc;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{008B3206-7D59-49B8-AE05-0A6695B688AA}\MpKsle63cd9bc.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{008B3206-7D59-49B8-AE05-0A6695B688AA}\MpKsle63cd9bc.sys [?]

S1 MpKsle9ff5327;MpKsle9ff5327;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69F7358A-DD05-4EBA-A5F8-4F1922E74031}\MpKsle9ff5327.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69F7358A-DD05-4EBA-A5F8-4F1922E74031}\MpKsle9ff5327.sys [?]

S1 MpKslec6256e7;MpKslec6256e7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E9DD2295-D9F7-4184-98D1-FB1DD7745CBD}\MpKslec6256e7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E9DD2295-D9F7-4184-98D1-FB1DD7745CBD}\MpKslec6256e7.sys [?]

S1 MpKslf0b7504d;MpKslf0b7504d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A454A123-D4E9-4EF0-8335-539FC4209F36}\MpKslf0b7504d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A454A123-D4E9-4EF0-8335-539FC4209F36}\MpKslf0b7504d.sys [?]

S1 MpKslf0e1dc77;MpKslf0e1dc77;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1EB2833A-3265-4258-9D2B-6E23452CC05A}\MpKslf0e1dc77.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1EB2833A-3265-4258-9D2B-6E23452CC05A}\MpKslf0e1dc77.sys [?]

S1 MpKslfba14a47;MpKslfba14a47;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C8B47794-3C7E-4A23-A54F-1310F6BB13FB}\MpKslfba14a47.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C8B47794-3C7E-4A23-A54F-1310F6BB13FB}\MpKslfba14a47.sys [?]

S1 MpKslfbf17d03;MpKslfbf17d03;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B431DCD1-9111-4F6F-A836-52429E603B52}\MpKslfbf17d03.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B431DCD1-9111-4F6F-A836-52429E603B52}\MpKslfbf17d03.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/5/2011 12:51 PM 136176]

S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [1/15/2008 11:28 AM 204800]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/5/2011 12:51 PM 136176]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 8:37 PM 4640000]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MPKSL1A23E355

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-31 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-12-06 17:50]

.

2012-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-05 18:50]

.

2012-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-05 18:50]

.

2012-01-04 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 04:40]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://www.yahoo.com/?ilc=8

uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 209.55.5.10 209.55.5.11

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-01-04 20:24

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(808)

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(3336)

c:\windows\system32\WININET.dll

c:\program files\Windows Desktop Search\deskbar.dll

c:\program files\Windows Desktop Search\en-us\dbres.dll.mui

c:\program files\Windows Desktop Search\dbres.dll

c:\program files\Windows Desktop Search\wordwheel.dll

c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui

c:\program files\Windows Desktop Search\msnlExtRes.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2012-01-04 20:29:52

ComboFix-quarantined-files.txt 2012-01-05 02:29

ComboFix2.txt 2012-01-04 23:58

ComboFix3.txt 2012-01-04 03:16

.

Pre-Run: 54,332,731,392 bytes free

Post-Run: 54,322,044,928 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 24EEDDBC6C3710AAF150775E92CD2506

 

 

Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org

Database version: v2011.12.29.03

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Owner :: YOUR-97E01E8086 [administrator]

1/4/2012 8:37:56 PM

mbam-log-2012-01-04 (20-37-56).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 174574

Time elapsed: 10 minute(s), 13 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

Good Morning. I had to attach the ESET scan thingy. I don't know if that came out right. I wouldn't know...lol...It all looks like Chinese to me.

 

Thanks and let me know if I did that wrong.

 

Have a good one!

Share this post


Link to post
Share on other sites

Hi hadleycat,

 

You did a fine job getting the ESET long to me. :) It looks like the ComboFix fix did not run correctly. Please do the following:

 

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    File::
    c:\windows\system32\aclperf.dll
    c:\windows\system32\bootdlg.dll
    c:\windows\system32\iasmgr10.dll
    C:\WINDOWS\system32\94081FA880FF6E4AE3F348A4B2317154\conf\templates\3482.zip
    C:\WINDOWS\system32\94081FA880FF6E4AE3F348A4B2317154\conf\templates\3483.zip
    C:\WINDOWS\system32\94081FA880FF6E4AE3F348A4B2317154\conf\templates\3484.zip
    C:\WINDOWS\system32\94081FA880FF6E4AE3F348A4B2317154\conf\templates\3485.rar
    C:\WINDOWS\system32\94081FA880FF6E4AE3F348A4B2317154\conf\templates\3486.rar
    
    DirLook::
    c:\program files\ZOOM
    
    
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

     

    Posted Image

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

----------

Share this post


Link to post
Share on other sites

ComboFix 12-01-05.02 - Owner 01/05/2012 16:13:51.5.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.382.132 [GMT -6:00]

Running from: c:documents and settingsOwnerDesktopComboFix.exe

Command switches used :: c:documents and settingsOwnerDesktopCFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

.

((((((((((((((((((((((((( Files Created from 2011-12-05 to 2012-01-05 )))))))))))))))))))))))))))))))

.

.

2012-01-05 02:58 . 2012-01-05 02:58 -------- d-----w- c:program filesESET

2012-01-05 00:05 . 2012-01-05 00:05 29904 ----a-w- c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{C5BE0925-4127-4122-A6A1-7131FBD4FDA9}MpKsl1a23e355.sys

2012-01-05 00:03 . 2012-01-05 00:03 56200 ----a-w- c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{C5BE0925-4127-4122-A6A1-7131FBD4FDA9}offreg.dll

2012-01-05 00:03 . 2011-11-21 10:47 6823496 ----a-w- c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{C5BE0925-4127-4122-A6A1-7131FBD4FDA9}mpengine.dll

2011-12-28 01:53 . 2011-12-28 01:53 -------- d-----w- c:program filesZOOM

2011-12-14 22:07 . 2011-12-14 22:07 458752 ----a-w- c:windowssystem32aclperf.dll

2011-12-14 20:18 . 2011-12-14 20:18 458752 ----a-w- c:windowssystem32bootdlg.dll

2011-12-14 19:18 . 2011-12-14 19:18 458752 ----a-w- c:windowssystem32iasmgr10.dll

2011-12-14 03:32 . 2011-12-14 03:32 -------- d-----w- c:windowssystem32wbemRepository

2011-12-14 03:32 . 2011-12-14 03:32 -------- d-----w- c:program filesMicrosoft Security Essentials

2011-12-11 23:18 . 2011-12-11 23:18 -------- d-----r- c:documents and settingsOwnerApplication DataBrother

2011-12-07 03:08 . 2011-12-14 03:31 -------- d-----w- C:192e496d20ae25892cce

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-04 09:26 . 2010-09-16 02:42 236576 ------w- c:windowssystem32MpSigStub.exe

2011-12-10 21:24 . 2011-10-18 00:38 20464 ----a-w- c:windowssystem32driversmbam.sys

2011-11-23 13:25 . 2005-03-23 16:53 1859584 ----a-w- c:windowssystem32win32k.sys

2011-11-21 10:47 . 2010-09-17 03:04 6823496 ----a-w- c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition UpdatesBackupmpengine.dll

2011-11-05 18:57 . 2003-03-19 13:14 499712 ----a-w- c:windowssystem32msvcp71.dll

2011-11-04 19:20 . 2005-03-23 16:53 916992 ----a-w- c:windowssystem32wininet.dll

2011-11-04 19:20 . 2005-03-23 16:52 43520 ----a-w- c:windowssystem32licmgr10.dll

2011-11-04 19:20 . 2005-03-23 16:52 1469440 ------w- c:windowssystem32inetcpl.cpl

2011-11-04 11:23 . 2005-03-23 16:52 385024 ----a-w- c:windowssystem32html.iec

2011-11-01 16:07 . 2005-03-23 16:52 1288704 ----a-w- c:windowssystem32ole32.dll

2011-10-28 05:31 . 2005-03-23 16:52 33280 ----a-w- c:windowssystem32csrsrv.dll

2011-10-25 13:33 . 2005-03-23 16:52 2192768 ----a-w- c:windowssystem32ntoskrnl.exe

2011-10-25 12:52 . 2004-08-04 05:59 2069376 ----a-w- c:windowssystem32ntkrnlpa.exe

2011-10-18 12:28 . 2011-10-18 12:28 414368 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl

2011-10-18 11:13 . 2005-03-23 16:52 186880 ----a-w- c:windowssystem32encdec.dll

2011-10-10 14:22 . 2005-03-23 18:10 692736 ----a-w- c:windowssystem32inetcomm.dll

.

.

((((((((((((((((((((((((((((( [email protected]_23.50.02 )))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunOnce]

"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk&inst=NzctNzYxNzMwMTU2LUZMMTArMS1YTzEwKzExLUxJQysyLVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ&prod=90&ver=2012.0.1831&mid=f5e0687ab8f947d1a09bd1686f011352-06ce4fc639803a2e3563922518183d8e94088cb9" [?]

.

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]

"DWQueuedReporting"="c:progra~1COMMON~1MICROS~1DWdwtrig20.exe" [2010-02-28 519584]

.

[hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:program filesWindows Desktop SearchMSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMsMpSvc]

@="Service"

.

[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor.lnk]

path=c:documents and settingsAll UsersStart MenuProgramsStartupStatus Monitor.lnk

backup=c:windowspssStatus Monitor.lnkCommon Startup

.

[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

path=c:documents and settingsAll UsersStart MenuProgramsStartupWindows Search.lnk

backup=c:windowspssWindows Search.lnkCommon Startup

.

[HKLM~startupfolderC:^Documents and Settings^Owner^Start Menu^Programs^Startup^Desktop Alert.lnk]

path=c:documents and settingsOwnerStart MenuProgramsStartupDesktop Alert.lnk

backup=c:windowspssDesktop Alert.lnkStartup

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAppleSyncNotifier]

2011-04-20 17:48 58656 ----a-w- c:program filesCommon FilesAppleMobile Device SupportAppleSyncNotifier.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregATIPTA]

2005-03-18 04:05 339968 ----a-w- c:program filesATI TechnologiesATI Control Panelatiptaxx.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBigDogPath]

2003-01-21 20:19 40960 ----a-w- c:windowsVM_STI.EXE

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregControlCenter2.0]

2004-07-20 14:34 851968 ----a-w- c:program filesBrotherControlCenter2brctrcen.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:windowssystem32ctfmon.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregIndexSearch]

2004-04-14 20:04 40960 ----a-w- c:program filesScanSoftPaperPortIndexSearch.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregiTunesHelper]

2011-04-27 06:22 421160 ----a-w- c:program filesiTunesiTunesHelper.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMessenger (Yahoo!)]

2010-06-01 15:17 5252408 ----a-w- c:progra~1Yahoo!MessengerYahooMessenger.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSMSGS]

2008-04-14 00:12 1695232 ----a-w- c:program filesMessengermsmsgs.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSSE]

2010-09-15 11:34 1094224 ----a-w- c:program filesMicrosoft Security Essentialsmsseces.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]

2001-07-09 18:50 155648 ----a-w- c:windowssystem32NeroCheck.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPaperPort PTD]

2004-04-14 19:46 57393 ----a-w- c:program filesScanSoftPaperPortpptd40nt.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]

2010-11-29 23:38 421888 ----a-w- c:program filesQuickTimeQTTask.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRecguard]

2002-09-14 06:42 212992 ----a-w- c:windowsSMINSTRecguard.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRemoteControl]

2004-11-03 01:24 32768 ----a-w- c:program filesCyberLinkPowerDVDPDVDServ.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSetDefPrt]

2004-05-25 14:16 49152 ------w- c:program filesBrotherBrmfl04aBrStDvPt.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSkype]

2011-06-15 20:02 15141768 ----a-r- c:program filesSkypePhoneSkype.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSoundMan]

2004-12-01 23:54 77824 ----a-w- c:windowsSOUNDMAN.EXE

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSSBkgdUpdate]

2003-10-14 15:22 155648 ----a-r- c:program filesCommon FilesScanSoft SharedSSBkgdUpdateSSBkgdUpdate.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched]

2010-05-14 19:44 248552 ----a-w- c:program filesCommon FilesJavaJava Updatejusched.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunKistEM]

2004-11-15 22:04 135168 ----a-w- c:program filesDigital Media ReadershwiconEM.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTomTomHOME.exe]

2011-04-22 12:21 247728 ----a-w- c:program filesTomTom HOME 2TomTomHOMERunner.exe

.

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]

"%windir%system32sessmgr.exe"=

"%windir%Network Diagnosticxpnetdiag.exe"=

"c:Program FilesYahoo!MessengerYahooMessenger.exe"=

"c:Program FilesBonjourmDNSResponder.exe"=

"c:Program FilesiTunesiTunes.exe"=

"c:Program FilesSkypePhoneSkype.exe"=

.

R1 MpKsl1a23e355;MpKsl1a23e355;c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{C5BE0925-4127-4122-A6A1-7131FBD4FDA9}MpKsl1a23e355.sys [1/4/2012 6:05 PM 29904]

R2 cvhsvc;Client Virtualization Handler;c:program filesCommon FilesMicrosoft SharedVirtualization HandlerCVHSVC.EXE [10/20/2010 3:23 PM 821664]

R2 sftlist;Application Virtualization Client;c:program filesMicrosoft Application Virtualization Clientsftlist.exe [9/14/2010 5:46 AM 508264]

R3 Sftfs;Sftfs;c:windowssystem32driversSftfsxp.sys [12/2/2009 9:23 PM 581480]

R3 Sftplay;Sftplay;c:windowssystem32driversSftplayxp.sys [12/2/2009 9:23 PM 209640]

R3 Sftredir;Sftredir;c:windowssystem32driversSftredirxp.sys [12/2/2009 9:23 PM 20584]

R3 Sftvol;Sftvol;c:windowssystem32driversSftvolxp.sys [12/2/2009 9:23 PM 18280]

R3 sftvsa;Application Virtualization Service Agent;c:program filesMicrosoft Application Virtualization Clientsftvsa.exe [9/14/2010 5:46 AM 219496]

S1 MpKsl041785b4;MpKsl041785b4;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{05CAB850-1A7B-4E3C-AE31-0C60BFE0EF30}MpKsl041785b4.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{05CAB850-1A7B-4E3C-AE31-0C60BFE0EF30}MpKsl041785b4.sys [?]

S1 MpKsl04ace497;MpKsl04ace497;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{2F77433D-ECD4-4811-8CC4-BC8F16AC736F}MpKsl04ace497.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{2F77433D-ECD4-4811-8CC4-BC8F16AC736F}MpKsl04ace497.sys [?]

S1 MpKsl059ec4a8;MpKsl059ec4a8;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{AAFC5781-F57E-4234-B283-5D3F2B556E90}MpKsl059ec4a8.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{AAFC5781-F57E-4234-B283-5D3F2B556E90}MpKsl059ec4a8.sys [?]

S1 MpKsl0f3f07bb;MpKsl0f3f07bb;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{E0E1F894-33C6-4985-A32F-BB3B6BBAA57B}MpKsl0f3f07bb.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{E0E1F894-33C6-4985-A32F-BB3B6BBAA57B}MpKsl0f3f07bb.sys [?]

S1 MpKsl0ffc53b4;MpKsl0ffc53b4;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{D3401703-C036-4817-8162-DD84115A7C03}MpKsl0ffc53b4.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{D3401703-C036-4817-8162-DD84115A7C03}MpKsl0ffc53b4.sys [?]

S1 MpKsl14dc7263;MpKsl14dc7263;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{0CAADE4F-6DAC-4951-A650-B7760EBC5E4B}MpKsl14dc7263.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{0CAADE4F-6DAC-4951-A650-B7760EBC5E4B}MpKsl14dc7263.sys [?]

S1 MpKsl1a132f66;MpKsl1a132f66;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{8FCEC918-CB82-41F7-82D2-1B06FB26A933}MpKsl1a132f66.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{8FCEC918-CB82-41F7-82D2-1B06FB26A933}MpKsl1a132f66.sys [?]

S1 MpKsl1b64075b;MpKsl1b64075b;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{5AF00CFD-3C9B-4E7B-8317-ABA631DAD3A1}MpKsl1b64075b.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{5AF00CFD-3C9B-4E7B-8317-ABA631DAD3A1}MpKsl1b64075b.sys [?]

S1 MpKsl1f3a6a2c;MpKsl1f3a6a2c;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{955B6672-DC6D-4D65-B59F-97B2B146B647}MpKsl1f3a6a2c.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{955B6672-DC6D-4D65-B59F-97B2B146B647}MpKsl1f3a6a2c.sys [?]

S1 MpKsl21501628;MpKsl21501628;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{E9DD2295-D9F7-4184-98D1-FB1DD7745CBD}MpKsl21501628.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{E9DD2295-D9F7-4184-98D1-FB1DD7745CBD}MpKsl21501628.sys [?]

S1 MpKsl3426e806;MpKsl3426e806;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{049F7735-8464-47D7-9B35-DEEE08FD987B}MpKsl3426e806.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{049F7735-8464-47D7-9B35-DEEE08FD987B}MpKsl3426e806.sys [?]

S1 MpKsl40ba36d7;MpKsl40ba36d7;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{2F77433D-ECD4-4811-8CC4-BC8F16AC736F}MpKsl40ba36d7.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{2F77433D-ECD4-4811-8CC4-BC8F16AC736F}MpKsl40ba36d7.sys [?]

S1 MpKsl42194ebe;MpKsl42194ebe;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{114DC8B9-1F00-41CF-8DCB-D1903919F881}MpKsl42194ebe.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{114DC8B9-1F00-41CF-8DCB-D1903919F881}MpKsl42194ebe.sys [?]

S1 MpKsl46ad5bf5;MpKsl46ad5bf5;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{F7F4A1B3-384D-4433-8E89-46D0A673FADB}MpKsl46ad5bf5.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{F7F4A1B3-384D-4433-8E89-46D0A673FADB}MpKsl46ad5bf5.sys [?]

S1 MpKsl47ad3348;MpKsl47ad3348;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{F4567C5B-8FBC-47B5-B28C-485BA1D4E43E}MpKsl47ad3348.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{F4567C5B-8FBC-47B5-B28C-485BA1D4E43E}MpKsl47ad3348.sys [?]

S1 MpKsl4c40c17d;MpKsl4c40c17d;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{69BFCE84-C29D-4EAA-84E0-EC59F44C0F7E}MpKsl4c40c17d.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{69BFCE84-C29D-4EAA-84E0-EC59F44C0F7E}MpKsl4c40c17d.sys [?]

S1 MpKsl508b2718;MpKsl508b2718;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{47517185-D7B8-43C4-B442-1F191D45FCFA}MpKsl508b2718.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{47517185-D7B8-43C4-B442-1F191D45FCFA}MpKsl508b2718.sys [?]

S1 MpKsl5788ea9f;MpKsl5788ea9f;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{3BA4A78C-EEAE-45A9-995C-2CFFCB4D911A}MpKsl5788ea9f.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{3BA4A78C-EEAE-45A9-995C-2CFFCB4D911A}MpKsl5788ea9f.sys [?]

S1 MpKsl5d1d0e2a;MpKsl5d1d0e2a;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{E70258D5-564D-485A-BC8C-27C18B09BCB7}MpKsl5d1d0e2a.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{E70258D5-564D-485A-BC8C-27C18B09BCB7}MpKsl5d1d0e2a.sys [?]

S1 MpKsl68017f38;MpKsl68017f38;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{1A1A27B1-5C41-488F-928A-2077E90DE80C}MpKsl68017f38.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{1A1A27B1-5C41-488F-928A-2077E90DE80C}MpKsl68017f38.sys [?]

S1 MpKsl6955d0d1;MpKsl6955d0d1;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{118C703C-D0FC-4975-9D42-7B1712F17395}MpKsl6955d0d1.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{118C703C-D0FC-4975-9D42-7B1712F17395}MpKsl6955d0d1.sys [?]

S1 MpKsl6be03382;MpKsl6be03382;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{B431DCD1-9111-4F6F-A836-52429E603B52}MpKsl6be03382.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{B431DCD1-9111-4F6F-A836-52429E603B52}MpKsl6be03382.sys [?]

S1 MpKsl70127f5f;MpKsl70127f5f;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{AAD30D41-3562-49A4-BB90-0C535B871506}MpKsl70127f5f.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{AAD30D41-3562-49A4-BB90-0C535B871506}MpKsl70127f5f.sys [?]

S1 MpKsl78af9377;MpKsl78af9377;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{993A047F-896E-4519-8219-CF46A43AD966}MpKsl78af9377.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{993A047F-896E-4519-8219-CF46A43AD966}MpKsl78af9377.sys [?]

S1 MpKsl792635ce;MpKsl792635ce;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{AAFC5781-F57E-4234-B283-5D3F2B556E90}MpKsl792635ce.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{AAFC5781-F57E-4234-B283-5D3F2B556E90}MpKsl792635ce.sys [?]

S1 MpKsl818eb5cd;MpKsl818eb5cd;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{79A5785F-D06A-4CAE-8F9E-BDF00E311AEE}MpKsl818eb5cd.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{79A5785F-D06A-4CAE-8F9E-BDF00E311AEE}MpKsl818eb5cd.sys [?]

S1 MpKsl8af57843;MpKsl8af57843;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{6B4E96A8-50BB-4527-A976-C724E2130812}MpKsl8af57843.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{6B4E96A8-50BB-4527-A976-C724E2130812}MpKsl8af57843.sys [?]

S1 MpKsl9e543ae1;MpKsl9e543ae1;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{8BF20083-4848-48C5-BEE0-C8A4FC0FA253}MpKsl9e543ae1.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{8BF20083-4848-48C5-BEE0-C8A4FC0FA253}MpKsl9e543ae1.sys [?]

S1 MpKsla196fd05;MpKsla196fd05;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{BC4D29EE-71D6-4322-81A4-4B05E70FD07E}MpKsla196fd05.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{BC4D29EE-71D6-4322-81A4-4B05E70FD07E}MpKsla196fd05.sys [?]

S1 MpKsla6cddc86;MpKsla6cddc86;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{1EB2833A-3265-4258-9D2B-6E23452CC05A}MpKsla6cddc86.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{1EB2833A-3265-4258-9D2B-6E23452CC05A}MpKsla6cddc86.sys [?]

S1 MpKslac06dc1a;MpKslac06dc1a;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{7981E9A2-C74B-48A7-8731-529B3098EB70}MpKslac06dc1a.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{7981E9A2-C74B-48A7-8731-529B3098EB70}MpKslac06dc1a.sys [?]

S1 MpKslad78c156;MpKslad78c156;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{EEFE04D5-7DFA-4623-9A45-2EE8B84306A3}MpKslad78c156.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{EEFE04D5-7DFA-4623-9A45-2EE8B84306A3}MpKslad78c156.sys [?]

S1 MpKslba1f3005;MpKslba1f3005;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{326310B3-6D31-4373-A3CE-50F5AC51A77B}MpKslba1f3005.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{326310B3-6D31-4373-A3CE-50F5AC51A77B}MpKslba1f3005.sys [?]

S1 MpKslbb1aa00d;MpKslbb1aa00d;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{05CAB850-1A7B-4E3C-AE31-0C60BFE0EF30}MpKslbb1aa00d.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{05CAB850-1A7B-4E3C-AE31-0C60BFE0EF30}MpKslbb1aa00d.sys [?]

S1 MpKslbbb7477e;MpKslbbb7477e;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{E084E324-B3F6-4CB4-97A0-1260521363A2}MpKslbbb7477e.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{E084E324-B3F6-4CB4-97A0-1260521363A2}MpKslbbb7477e.sys [?]

S1 MpKslbe2942c8;MpKslbe2942c8;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{C00602DA-C65F-41D9-B2C6-595FBBA384EC}MpKslbe2942c8.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{C00602DA-C65F-41D9-B2C6-595FBBA384EC}MpKslbe2942c8.sys [?]

S1 MpKslc346ca72;MpKslc346ca72;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{300746C3-0C61-4EF3-A2E6-E3FD00FCFD96}MpKslc346ca72.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{300746C3-0C61-4EF3-A2E6-E3FD00FCFD96}MpKslc346ca72.sys [?]

S1 MpKslc7e435c0;MpKslc7e435c0;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{993A047F-896E-4519-8219-CF46A43AD966}MpKslc7e435c0.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{993A047F-896E-4519-8219-CF46A43AD966}MpKslc7e435c0.sys [?]

S1 MpKslca02702e;MpKslca02702e;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{06EE09F7-3601-4F34-8BEC-29BFC1460335}MpKslca02702e.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{06EE09F7-3601-4F34-8BEC-29BFC1460335}MpKslca02702e.sys [?]

S1 MpKslce228fc3;MpKslce228fc3;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{B1C46A61-9822-4385-A442-D21F1C0CAF01}MpKslce228fc3.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{B1C46A61-9822-4385-A442-D21F1C0CAF01}MpKslce228fc3.sys [?]

S1 MpKsle09f4daf;MpKsle09f4daf;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{933C57ED-8A63-4D1D-A705-FE9B6108143E}MpKsle09f4daf.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{933C57ED-8A63-4D1D-A705-FE9B6108143E}MpKsle09f4daf.sys [?]

S1 MpKsle63cd9bc;MpKsle63cd9bc;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{008B3206-7D59-49B8-AE05-0A6695B688AA}MpKsle63cd9bc.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{008B3206-7D59-49B8-AE05-0A6695B688AA}MpKsle63cd9bc.sys [?]

S1 MpKsle9ff5327;MpKsle9ff5327;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{69F7358A-DD05-4EBA-A5F8-4F1922E74031}MpKsle9ff5327.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{69F7358A-DD05-4EBA-A5F8-4F1922E74031}MpKsle9ff5327.sys [?]

S1 MpKslec6256e7;MpKslec6256e7;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{E9DD2295-D9F7-4184-98D1-FB1DD7745CBD}MpKslec6256e7.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{E9DD2295-D9F7-4184-98D1-FB1DD7745CBD}MpKslec6256e7.sys [?]

S1 MpKslf0b7504d;MpKslf0b7504d;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{A454A123-D4E9-4EF0-8335-539FC4209F36}MpKslf0b7504d.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{A454A123-D4E9-4EF0-8335-539FC4209F36}MpKslf0b7504d.sys [?]

S1 MpKslf0e1dc77;MpKslf0e1dc77;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{1EB2833A-3265-4258-9D2B-6E23452CC05A}MpKslf0e1dc77.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{1EB2833A-3265-4258-9D2B-6E23452CC05A}MpKslf0e1dc77.sys [?]

S1 MpKslfba14a47;MpKslfba14a47;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{C8B47794-3C7E-4A23-A54F-1310F6BB13FB}MpKslfba14a47.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{C8B47794-3C7E-4A23-A54F-1310F6BB13FB}MpKslfba14a47.sys [?]

S1 MpKslfbf17d03;MpKslfbf17d03;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{B431DCD1-9111-4F6F-A836-52429E603B52}MpKslfbf17d03.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{B431DCD1-9111-4F6F-A836-52429E603B52}MpKslfbf17d03.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:windowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [3/18/2010 2:16 PM 130384]

S2 gupdate;Google Update Service (gupdate);c:program filesGoogleUpdateGoogleUpdate.exe [11/5/2011 12:51 PM 136176]

S2 LinksysUpdater;Linksys Updater;c:program filesLinksysLinksys UpdaterbinLinksysUpdater.exe [1/15/2008 11:28 AM 204800]

S3 gupdatem;Google Update Service (gupdatem);c:program filesGoogleUpdateGoogleUpdate.exe [11/5/2011 12:51 PM 136176]

S3 osppsvc;Office Software Protection Platform;c:program filesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE [1/9/2010 8:37 PM 4640000]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MPKSL1A23E355

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-31 c:windowsTasksAppleSoftwareUpdate.job

- c:program filesApple Software UpdateSoftwareUpdate.exe [2011-12-06 17:50]

.

2012-01-05 c:windowsTasksGoogleUpdateTaskMachineCore.job

- c:program filesGoogleUpdateGoogleUpdate.exe [2011-11-05 18:50]

.

2012-01-05 c:windowsTasksGoogleUpdateTaskMachineUA.job

- c:program filesGoogleUpdateGoogleUpdate.exe [2011-11-05 18:50]

.

2012-01-04 c:windowsTasksMP Scheduled Scan.job

- c:program filesMicrosoft Security EssentialsMpCmdRun.exe [2010-03-26 04:40]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://www.yahoo.com/?ilc=8

uInternet Connection Wizard,ShellNext = "c:program filesOutlook Expressmsimn.exe"

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000

TCP: DhcpNameServer = 209.55.5.10 209.55.5.11

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-01-05 16:24

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(808)

c:windowssystem32Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(3332)

c:windowssystem32WININET.dll

c:program filesWindows Desktop Searchdeskbar.dll

c:program filesWindows Desktop Searchen-usdbres.dll.mui

c:program filesWindows Desktop Searchdbres.dll

c:program filesWindows Desktop Searchwordwheel.dll

c:program filesWindows Desktop Searchen-usmsnlExtRes.dll.mui

c:program filesWindows Desktop SearchmsnlExtRes.dll

c:windowssystem32ieframe.dll

c:windowssystem32webcheck.dll

c:windowssystem32WPDShServiceObj.dll

c:windowssystem32PortableDeviceTypes.dll

c:windowssystem32PortableDeviceApi.dll

.

Completion time: 2012-01-05 16:28:24

ComboFix-quarantined-files.txt 2012-01-05 22:28

ComboFix2.txt 2012-01-05 02:29

ComboFix3.txt 2012-01-04 23:58

ComboFix4.txt 2012-01-04 03:16

.

Pre-Run: 54,179,876,864 bytes free

Post-Run: 54,178,975,744 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS

[operating systems]

c:cmdconsBOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 3779F8A6FB81E13287D2C71DD73520C4

Share this post


Link to post
Share on other sites

Hi hadleycat,

 

 

I need some information on some unidentified files. We will use Virustotal Please submit these files for analysis

 

To submit a file to virustotal, please click VirusTotal

 

copy and paste the following into the upload a file box (one at a time if more than one file is listed)

 

c:\windows\system32\aclperf.dll

c:\windows\system32\bootdlg.dll

c:\windows\system32\iasmgr10.dll

 

scroll down a bit and click "send file", wait for the results and post them in your next reply.

 

Please note that sometimes the scans take a few minutes. Please ensure that the scan has completed and the results are complete before submitting the next sample. Also please make sure each result is clearly identified as to which sample they belong to.

----------

 

 

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :dir
    C:\program files\ZOOM /s
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

-----------

 

In your next reply please post the information provided by Virus Total about the files you submitted and post the log created by SystemLook. :)

Share this post


Link to post
Share on other sites

SystemLook 30.07.11 by jpshortstuff

Log created at 20:23 on 05/01/2012 by Owner

Administrator - Elevation successful

========== dir ==========

C:program filesZOOM - Parameters: "/s"

---Files---

None found.

C:program filesZOOMPS-04 d------ [01:53 28/12/2011]

C:program filesZOOMPS-04CardMgr d------ [01:53 28/12/2011]

CardMgr.ENU --a---- 877056 bytes [01:53 28/12/2011] [20:22 28/02/2007]

CardMgr.exe --a---- 1741824 bytes [01:53 28/12/2011] [20:36 28/02/2007]

CardMgr.JPN --a---- 877056 bytes [01:53 28/12/2011] [20:22 28/02/2007]

epuninst.exe --a---- 134082 bytes [01:53 28/12/2011] [01:53 28/12/2011]

zrs.dll --a---- 81920 bytes [01:53 28/12/2011] [20:22 28/02/2007]

C:program filesZOOMPS-04CardMgrOnLineHelp d------ [01:53 28/12/2011]

11.htm --a---- 1262 bytes [01:53 28/12/2011] [17:38 26/11/2003]

12.htm --a---- 904 bytes [01:53 28/12/2011] [04:27 06/04/2007]

13.htm --a---- 3246 bytes [01:53 28/12/2011] [00:18 28/11/2003]

21.htm --a---- 1429 bytes [01:53 28/12/2011] [00:19 28/11/2003]

22.htm --a---- 1433 bytes [01:53 28/12/2011] [00:20 28/11/2003]

23.htm --a---- 5183 bytes [01:53 28/12/2011] [00:22 28/11/2003]

24.htm --a---- 2677 bytes [01:53 28/12/2011] [04:33 06/04/2007]

2_1.htm --a---- 1715 bytes [01:53 28/12/2011] [00:00 31/10/2003]

2_2.htm --a---- 1643 bytes [01:53 28/12/2011] [00:01 31/10/2003]

2_3.htm --a---- 5796 bytes [01:53 28/12/2011] [22:53 31/10/2003]

2_4.htm --a---- 3004 bytes [01:53 28/12/2011] [03:15 06/04/2007]

31.htm --a---- 467 bytes [01:53 28/12/2011] [19:48 26/11/2003]

32.htm --a---- 775 bytes [01:53 28/12/2011] [20:44 26/11/2003]

33.htm --a---- 535 bytes [01:53 28/12/2011] [04:34 06/04/2007]

Audition.jpg --a---- 9869 bytes [01:53 28/12/2011] [03:23 07/02/2002]

BackUpYourCard.jpg --a---- 11923 bytes [01:53 28/12/2011] [20:01 18/02/2002]

Export_a_audio_take_to_Wav.GIF --a---- 528 bytes [01:53 28/12/2011] [17:16 30/11/2000]

Import_a_audio_take_from_Wav.GIF --a---- 542 bytes [01:53 28/12/2011] [17:16 30/11/2000]

index.html --a---- 609 bytes [01:53 28/12/2011] [17:50 26/11/2003]

mono_VtakeSelect.jpg --a---- 65648 bytes [01:53 28/12/2011] [03:45 07/02/2002]

PANEL2.jpg --a---- 173337 bytes [01:53 28/12/2011] [16:26 31/10/2003]

real_index.htm --a---- 1802 bytes [01:53 28/12/2011] [01:31 28/11/2003]

RestoreYourCard.jpg --a---- 11538 bytes [01:53 28/12/2011] [20:02 18/02/2002]

StereoPanel.jpg --a---- 56917 bytes [01:53 28/12/2011] [03:38 07/02/2002]

Stereo_VtakeSelect.jpg --a---- 59465 bytes [01:53 28/12/2011] [03:47 07/02/2002]

Vtake_WaveAiff.jpg --a---- 11054 bytes [01:53 28/12/2011] [03:22 07/02/2002]

WavAiff_Vtake.jpg --a---- 10424 bytes [01:53 28/12/2011] [03:21 07/02/2002]

-= EOF =-

 

 

 

 

I was able to do the SystemLook log, however, the "Virus Total" was not clickable. I tried googling virus total and got the upload file page, however I was both unable to copy and paste anything into the bar, nor was I able to even type into the search bar.

 

Thanks

Share this post


Link to post
Share on other sites

OMG....I apologize about that. Something happened with the code when I posted. Try this below

 

VirusTotal

Share this post


Link to post
Share on other sites

I was able to click the link this time, but I am still not able to type or paste anything into the Browse bar. I'm sorry.

Share this post


Link to post
Share on other sites

Hi,

 

Let's try a different site. :)

 

 

I need some information on some unidentified files. We will use VirScan Please submit these files for analysis

 

To submit a file to VirScan, please click VirScan

 

Press Browse and locate the following bolded file > once selected press Upload.

 

c:\windows\system32\aclperf.dll

c:\windows\system32\bootdlg.dll

c:\windows\system32\iasmgr10.dll

 

 

Once the scan is completed scroll to the bottom of the page and press Copy to Clipboard

 

Post the results created into your next reply. :)

 

Please note that sometimes the scans take a few minutes. Please ensure that the scan has completed and the results are complete before submitting the next sample. Also please make sure each result is clearly identified as to which sample they belong to.

----------

Share this post


Link to post
Share on other sites

c:windowssystem32aclperf.dll

 

 

VirSCAN.org Scanned Report :

Scanned time : 2012/01/06 07:16:33 (CST)

Scanner results: 6% Scanner(s) (2/36) found malware!

File Name : aclperf.dll

File Size : 458752 byte

File Type : data

MD5 : c7e736c7368f659f394c858724ca44f0

SHA1 : 25a2058263b8569b1ebe23c70552e3d83a4ecd56

Online report : http://r.virscan.org/0f02e694170cc382e1f89734194b846b

Scanner Engine Ver Sig Ver Sig Date Time Scan result

a-squared 5.1.0.4 20120106190420 2012-01-06 0.30 -

AhnLab V3 2012.01.04.00 2012.01.04 2012-01-04 4.05 -

AntiVir 8.2.8.18 7.11.20.192 2012-01-06 0.29 TR/Trash.Gen

Antiy 2.0.18 20120105.15439545 2012-01-05 0.02 -

Arcavir 2011 201201060045 2012-01-06 3.39 -

Authentium 5.1.1 201201052334 2012-01-05 1.49 -

AVAST! 4.7.4 120106-0 2012-01-06 0.03 -

AVG 10.0.1405 2090/4126 2012-01-06 0.07 -

BitDefender 7.90123.7934513 7.40466 2012-01-06 4.08 -

ClamAV 0.97.1 14260 2012-01-06 0.03 -

Comodo 5.1 11200 2012-01-06 2.06 -

CP Secure 1.3.0.5 2012.01.06 2012-01-06 0.03 -

Dr.Web 7.0.0.11250 2012.01.06 2012-01-06 11.19 -

F-Prot 4.6.2.117 20120105 2012-01-05 0.81 -

F-Secure 7.02.73807 2012.01.05.02 2012-01-05 0.11 -

Fortinet 4.2.257 15.65 2012-01-05 0.11 -

GData 22.3351 20120106 2012-01-06 6.47 -

ViRobot 20120106 2012.01.06 2012-01-06 0.38 -

Ikarus T3.1.32.20.0 2012.01.06.80172 2012-01-06 4.85 -

JiangMin 13.0.900 2011.11.26 2011-11-26 1.98 -

Kaspersky 5.5.10 2012.01.06 2012-01-06 0.04 -

KingSoft 2009.2.5.15 2012.1.5.18 2012-01-05 1.00 -

McAfee 5400.1158 6580 2012-01-05 10.75 -

Microsoft 1.7903 2012.01.06 2012-01-06 9.39 -

NOD32 3.0.21 6752 2011-12-29 0.01 -

Panda 9.05.01 2012.01.05 2012-01-05 4.44 -

Trend Micro 9.500-1005 8.690.04 2012-01-06 0.02 -

Quick Heal 11.00 2012.01.06 2012-01-06 1.47 -

Rising 20.0 23.91.04.02 2012-01-06 0.82 -

Sophos 3.27.0 4.73 2012-01-06 4.57 -

Sunbelt 3.9.2525.2 11359 2012-01-05 0.75 -

Symantec 1.3.0.24 20120105.007 2012-01-05 0.34 Bloodhound.MalPE

nProtect 20120106.01 11890055 2012-01-06 12.30 -

The Hacker 6.7.0.1 v00372 2012-01-04 0.60 -

VBA32 3.12.16.4 20120105.0829 2012-01-05 7.33 -

VirusBuster 5.4.0.10 14.1.152.2/72984742012-01-05 0.01 -

 

c:windowssystem32bootdlg.dll

 

 

VirSCAN.org Scanned Report :

Scanned time : 2012/01/06 07:16:33 (CST)

Scanner results: 6% Scanner(s) (2/36) found malware!

File Name : aclperf.dll

File Size : 458752 byte

File Type : data

MD5 : c7e736c7368f659f394c858724ca44f0

SHA1 : 25a2058263b8569b1ebe23c70552e3d83a4ecd56

Online report : http://r.virscan.org/0f02e694170cc382e1f89734194b846b

Scanner Engine Ver Sig Ver Sig Date Time Scan result

a-squared 5.1.0.4 20120106190420 2012-01-06 0.30 -

AhnLab V3 2012.01.04.00 2012.01.04 2012-01-04 4.05 -

AntiVir 8.2.8.18 7.11.20.192 2012-01-06 0.29 TR/Trash.Gen

Antiy 2.0.18 20120105.15439545 2012-01-05 0.02 -

Arcavir 2011 201201060045 2012-01-06 3.39 -

Authentium 5.1.1 201201052334 2012-01-05 1.49 -

AVAST! 4.7.4 120106-0 2012-01-06 0.03 -

AVG 10.0.1405 2090/4126 2012-01-06 0.07 -

BitDefender 7.90123.7934513 7.40466 2012-01-06 4.08 -

ClamAV 0.97.1 14260 2012-01-06 0.03 -

Comodo 5.1 11200 2012-01-06 2.06 -

CP Secure 1.3.0.5 2012.01.06 2012-01-06 0.03 -

Dr.Web 7.0.0.11250 2012.01.06 2012-01-06 11.19 -

F-Prot 4.6.2.117 20120105 2012-01-05 0.81 -

F-Secure 7.02.73807 2012.01.05.02 2012-01-05 0.11 -

Fortinet 4.2.257 15.65 2012-01-05 0.11 -

GData 22.3351 20120106 2012-01-06 6.47 -

ViRobot 20120106 2012.01.06 2012-01-06 0.38 -

Ikarus T3.1.32.20.0 2012.01.06.80172 2012-01-06 4.85 -

JiangMin 13.0.900 2011.11.26 2011-11-26 1.98 -

Kaspersky 5.5.10 2012.01.06 2012-01-06 0.04 -

KingSoft 2009.2.5.15 2012.1.5.18 2012-01-05 1.00 -

McAfee 5400.1158 6580 2012-01-05 10.75 -

Microsoft 1.7903 2012.01.06 2012-01-06 9.39 -

NOD32 3.0.21 6752 2011-12-29 0.01 -

Panda 9.05.01 2012.01.05 2012-01-05 4.44 -

Trend Micro 9.500-1005 8.690.04 2012-01-06 0.02 -

Quick Heal 11.00 2012.01.06 2012-01-06 1.47 -

Rising 20.0 23.91.04.02 2012-01-06 0.82 -

Sophos 3.27.0 4.73 2012-01-06 4.57 -

Sunbelt 3.9.2525.2 11359 2012-01-05 0.75 -

Symantec 1.3.0.24 20120105.007 2012-01-05 0.34 Bloodhound.MalPE

nProtect 20120106.01 11890055 2012-01-06 12.30 -

The Hacker 6.7.0.1 v00372 2012-01-04 0.60 -

VBA32 3.12.16.4 20120105.0829 2012-01-05 7.33 -

VirusBuster 5.4.0.10 14.1.152.2/72984742012-01-05 0.01 -

 

 

c:windowssystem32iasmgr10.dll

VirSCAN.org Scanned Report :

Scanned time : 2012/01/06 07:16:33 (CST)

Scanner results: 6% Scanner(s) (2/36) found malware!

File Name : aclperf.dll

File Size : 458752 byte

File Type : data

MD5 : c7e736c7368f659f394c858724ca44f0

SHA1 : 25a2058263b8569b1ebe23c70552e3d83a4ecd56

Online report : http://r.virscan.org/0f02e694170cc382e1f89734194b846b

Scanner Engine Ver Sig Ver Sig Date Time Scan result

a-squared 5.1.0.4 20120106190420 2012-01-06 0.30 -

AhnLab V3 2012.01.04.00 2012.01.04 2012-01-04 4.05 -

AntiVir 8.2.8.18 7.11.20.192 2012-01-06 0.29 TR/Trash.Gen

Antiy 2.0.18 20120105.15439545 2012-01-05 0.02 -

Arcavir 2011 201201060045 2012-01-06 3.39 -

Authentium 5.1.1 201201052334 2012-01-05 1.49 -

AVAST! 4.7.4 120106-0 2012-01-06 0.03 -

AVG 10.0.1405 2090/4126 2012-01-06 0.07 -

BitDefender 7.90123.7934513 7.40466 2012-01-06 4.08 -

ClamAV 0.97.1 14260 2012-01-06 0.03 -

Comodo 5.1 11200 2012-01-06 2.06 -

CP Secure 1.3.0.5 2012.01.06 2012-01-06 0.03 -

Dr.Web 7.0.0.11250 2012.01.06 2012-01-06 11.19 -

F-Prot 4.6.2.117 20120105 2012-01-05 0.81 -

F-Secure 7.02.73807 2012.01.05.02 2012-01-05 0.11 -

Fortinet 4.2.257 15.65 2012-01-05 0.11 -

GData 22.3351 20120106 2012-01-06 6.47 -

ViRobot 20120106 2012.01.06 2012-01-06 0.38 -

Ikarus T3.1.32.20.0 2012.01.06.80172 2012-01-06 4.85 -

JiangMin 13.0.900 2011.11.26 2011-11-26 1.98 -

Kaspersky 5.5.10 2012.01.06 2012-01-06 0.04 -

KingSoft 2009.2.5.15 2012.1.5.18 2012-01-05 1.00 -

McAfee 5400.1158 6580 2012-01-05 10.75 -

Microsoft 1.7903 2012.01.06 2012-01-06 9.39 -

NOD32 3.0.21 6752 2011-12-29 0.01 -

Panda 9.05.01 2012.01.05 2012-01-05 4.44 -

Trend Micro 9.500-1005 8.690.04 2012-01-06 0.02 -

Quick Heal 11.00 2012.01.06 2012-01-06 1.47 -

Rising 20.0 23.91.04.02 2012-01-06 0.82 -

Sophos 3.27.0 4.73 2012-01-06 4.57 -

Sunbelt 3.9.2525.2 11359 2012-01-05 0.75 -

Symantec 1.3.0.24 20120105.007 2012-01-05 0.34 Bloodhound.MalPE

nProtect 20120106.01 11890055 2012-01-06 12.30 -

The Hacker 6.7.0.1 v00372 2012-01-04 0.60 -

VBA32 3.12.16.4 20120105.0829 2012-01-05 7.33 -

VirusBuster 5.4.0.10 14.1.152.2/72984742012-01-05 0.01 -

Share this post


Link to post
Share on other sites

Hi,

 

That was just what I needed. :)

-----------

 

 

Please download OTM by OldTimer.

  • Save it to your desktop.
  • Please click OTM and then click >> run.
  • Copy the lines inside the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:Processes
explorer.exe

:Files
c:\windows\system32\aclperf.dll
c:\windows\system32\bootdlg.dll
c:\windows\system32\iasmgr10.dll

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTM, right click in the "Paste Instructions for items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM
Note: If an item cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Share this post


Link to post
Share on other sites

All processes killed

========== PROCESSES ==========

No active process named explorer.exe was found!

========== FILES ==========

LoadLibrary failed for c:windowssystem32aclperf.dll

c:windowssystem32aclperf.dll moved successfully.

LoadLibrary failed for c:windowssystem32bootdlg.dll

c:windowssystem32bootdlg.dll moved successfully.

LoadLibrary failed for c:windowssystem32iasmgr10.dll

c:windowssystem32iasmgr10.dll moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

 

User: LocalService

->Temp folder emptied: 65536 bytes

->Temporary Internet Files folder emptied: 65603 bytes

 

User: NetworkService

->Temp folder emptied: 2258 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Owner

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 10554012 bytes

->Java cache emptied: 12239 bytes

->Flash cache emptied: 2828352 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 19569 bytes

%systemroot%System32 .tmp files removed: 2577 bytes

%systemroot%System32dllcache .tmp files removed: 0 bytes

%systemroot%System32drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 544944 bytes

%systemroot%system32configsystemprofileLocal SettingsTemp folder emptied: 0 bytes

%systemroot%system32configsystemprofileLocal SettingsTemporary Internet Files folder emptied: 67 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 14.00 mb

 

 

OTM by OldTimer - Version 3.1.19.0 log created on 01062012_165138

All processes killed

 

OTM by OldTimer - Version 3.1.19.0 log created on 01062012_165133

Files moved on Reboot...

File C:WINDOWStempTMP00000001F30360F93810D06B not found!

Registry entries deleted on Reboot...

Share this post


Link to post
Share on other sites

Hi,

 

How is your system running? :)

Edited by jeffce

Share this post


Link to post
Share on other sites

Well, I can tell you this. I haven't seen one of those stupid Bad Image pop ups in some time now. They seemed to really shark on me whenever the computer would shut down and come back on. Like half a dozen of them or more, but with all these scans and reboots it hasn't happened once. It's running like a dream right now. I can't even begin to thank you for helping me. I want to feel smart for fixing it, but I kind of feel like the people in Men In Black. I know I did something, but it's like my brain was wiped cleaned and I can't remember "what" ha ha....Thanks again.

 

:)

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...