« previous next »
Pages: 1 [2]

Author Topic: Possible FakeAlert-FakeSpy.a Trojan  (Read 2843 times)

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Possible FakeAlert-FakeSpy.a Trojan
« Reply #20 on: July 11, 2010, 03:04:39 PM »
Download DDS and save it to your desktop from [color="#FF0000"]here[/color]
Disable any script blocker, and then right  click  on dds.scr and choose to "Run as Admin"
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to this topic.
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline jme

  • Jr. Member
  • **
  • Posts: 68
  • Karma: +0/-0
    • View Profile
Possible FakeAlert-FakeSpy.a Trojan
« Reply #21 on: July 11, 2010, 03:44:54 PM »
DDS (Ver_10-03-17.01) - NTFSx86  
Run by Jamie at 13:38:50.43 on Sun 07/11/2010
Internet Explorer: 8.0.6001.18928
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3069.2044 [GMT -7:00]

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\aestsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Electronic Arts\EADM\EACoreServer.exe
C:\Program Files\Electronic Arts\EADM\EADownloadManager\EADownloadManager.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Jamie\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://att.my.yahoo.com/p/3.html
uInternet Settings,ProxyOverride = <local>;*.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Meebo Notifier] "c:\users\jamie\appdata\local\meebo\meebo notifier\MeeboNotifier.exe" /startup
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe"  -osboot
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [Corel File Shell Monitor] c:\program files\corel\corel photo album 7\CorelIOMonitor.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [Corel Photo Downloader] "c:\program files\corel\corel photo album 7\Corel Photo Downloader.exe" -startup
StartupFolder: c:\users\jamie\appdata\roaming\micros~1\windows\startm~1\programs\startup\wkcalrem.lnk - c:\program files\common files\microsoft shared\works shared\WkCalRem.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
Trusted Zone: k12.ca.us\parentconnect.luhsd
Trusted Zone: motive.com\pattta.att
Trusted Zone: motive.com\patttbc.att
Trusted Zone: tenderfoot.com
DPF: Photobucket Publisher - hxxp://pic.photobucket.com/plugins/csve/photobucket_publisher.CAB
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} - hxxp://ea-src-cdn.systemrequirementslab.com/curi/bin/sysreqlab_srlx.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} - hxxp://simcity.ea.com/update/EARTPX.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} - hxxp://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://www.yougamers.com/systeminfo/FMSI.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-12-13 214664]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2007-11-15 73728]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-12-13 203280]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-12-13 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-12-13 144704]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-12-13 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-12-13 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-12-13 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-12-13 40552]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c994b5daf4fd90;Google Update Service (gupdate1c994b5daf4fd90);c:\program files\google\update\GoogleUpdate.exe [2009-2-21 133104]
S2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\opencase\opencase media agent\MediaAgent.exe [2008-8-29 835208]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-5-5 21504]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-12-13 34248]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-07-10 21:48:32   647168   ----a-w-   c:\windows\system32\aestecap.dll
2010-07-10 21:48:32   1601536   ----a-w-   c:\windows\system32\stlang.dll
2010-07-10 21:48:32   131072   ----a-w-   c:\windows\system32\aestacap.dll
2010-07-10 21:48:32   102400   ----a-w-   c:\windows\system32\stacsv.exe
2010-07-10 21:48:31   4947968   ----a-w-   c:\windows\system32\stacgui.cpl
2010-07-10 21:44:55   330240   ----a-w-   c:\windows\system32\drivers\stwrt.sys
2010-07-10 21:44:54   595456   ----a-w-   c:\windows\system32\stapo.dll
2010-07-10 21:44:54   328704   ----a-w-   c:\windows\system32\stcplx.dll
2010-07-10 21:44:54   299520   ----a-w-   c:\windows\system32\stapi32.dll
2010-07-10 21:44:53   146944   ----a-w-   c:\windows\system32\st325614.dll
2010-07-09 23:28:42   116840   ----a-w-   c:\windows\hpqins00.dat
2010-07-09 23:20:52   0   d-----w-   c:\program files\HP
2010-07-09 23:17:42   0   d-----w-   c:\programdata\HP
2010-07-06 04:41:29   0   dcsh--w-   C:\$RECYCLE.BIN
2010-07-06 04:28:32   77312   ----a-w-   c:\windows\MBR.exe
2010-07-06 04:28:29   98816   ----a-w-   c:\windows\sed.exe
2010-07-06 04:28:29   256512   ----a-w-   c:\windows\PEV.exe
2010-07-06 04:28:29   161792   ----a-w-   c:\windows\SWREG.exe
2010-06-29 18:50:09   0   d-----w-   c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-29 18:40:12   0   d-----w-   c:\program files\Bonjour
2010-06-29 17:23:07   0   d-----w-   c:\program files\common files\Motive
2010-06-29 17:23:02   0   d-----w-   c:\programdata\Motive
2010-06-23 10:00:24   99176   ----a-w-   c:\windows\system32\PresentationHostProxy.dll
2010-06-23 10:00:24   49472   ----a-w-   c:\windows\system32\netfxperf.dll
2010-06-23 10:00:24   297808   ----a-w-   c:\windows\system32\mscoree.dll
2010-06-23 10:00:24   295264   ----a-w-   c:\windows\system32\PresentationHost.exe
2010-06-23 10:00:24   1130824   ----a-w-   c:\windows\system32\dfshim.dll
2010-06-23 04:56:46   4240384   ----a-w-   c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-23 04:56:46   28672   ----a-w-   c:\windows\system32\Apphlpdm.dll
2010-06-13 06:17:19   0   d-----w-   c:\users\jamie\appdata\roaming\Meebo

==================== Find3M  ====================

2010-07-11 18:44:14   31871   ----a-w-   c:\programdata\nvModes.dat
2010-07-10 21:57:58   2979   ----a-w-   c:\windows\bthservsdp.dat
2010-07-10 21:48:05   51200   ----a-w-   c:\windows\inf\infpub.dat
2010-07-10 21:48:05   143360   ----a-w-   c:\windows\inf\infstrng.dat
2010-07-10 21:48:01   143360   ----a-w-   c:\windows\inf\infstor.dat
2010-07-04 07:12:42   4020   ----a-w-   c:\users\jamie\appdata\roaming\wklnhst.dat
2010-05-26 17:06:41   34304   ----a-w-   c:\windows\system32\atmlib.dll
2010-05-26 14:47:41   289792   ----a-w-   c:\windows\system32\atmfd.dll
2010-05-18 23:35:16   91424   ----a-w-   c:\windows\system32\dnssd.dll
2010-05-18 23:35:16   197920   ----a-w-   c:\windows\system32\dnssdX.dll
2010-05-18 23:35:16   107808   ----a-w-   c:\windows\system32\dns-sd.exe
2010-05-04 05:59:21   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-05-04 05:55:42   71680   ----a-w-   c:\windows\system32\iesetup.dll
2010-05-04 05:55:42   109056   ----a-w-   c:\windows\system32\iesysprep.dll
2010-05-04 04:31:05   133632   ----a-w-   c:\windows\system32\ieUnatt.exe
2010-05-01 14:13:48   2037248   ----a-w-   c:\windows\system32\win32k.sys
2010-04-23 14:13:55   2048   ----a-w-   c:\windows\system32\tzres.dll
2010-01-23 11:23:59   665600   ----a-w-   c:\windows\inf\drvindex.dat
2008-05-25 22:53:26   174   --sha-w-   c:\program files\desktop.ini
2006-11-02 12:42:02   30674   ----a-w-   c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02   30674   ----a-w-   c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02   287440   ----a-w-   c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02   287440   ----a-w-   c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21   287440   ----a-w-   c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21   287440   ----a-w-   c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19   30674   ----a-w-   c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19   30674   ----a-w-   c:\windows\inf\perflib\0000\perfc.dat
2010-03-18 23:40:11   16384   --sha-w-   c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
2010-03-18 23:40:11   16384   --sha-w-   c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
2010-03-18 23:40:11   32768   --sha-w-   c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2009-10-18 16:37:31   245760   --sha-w-   c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2007-10-19 03:13:16   8192   --sha-w-   c:\windows\users\default\NTUSER.DAT

============= FINISH: 13:40:04.35 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 10/18/2007 12:20:45 PM
System Uptime: 7/10/2010 2:58:47 PM (23 hours ago)

Motherboard: Dell Inc. |  | 0UK437
Processor: Intel(R) Core(TM)2 Duo CPU     T7250  @ 2.00GHz | Microprocessor | 2001/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 136 GiB total, 65.271 GiB free.
D: is FIXED (NTFS) - 149 GiB total, 134.859 GiB free.
E: is FIXED (NTFS) - 10 GiB total, 5.872 GiB free.
F: is CDROM (UDF)

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0027
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #4
PNP Device ID: ROOT\*ISATAP\0027
Service: tunnel

==== System Restore Points ===================

RP781: 7/8/2010 7:28:00 PM - Installed The Sims 3 Ambitions
RP782: 7/8/2010 7:29:21 PM - Installed The Sims 3
RP783: 7/9/2010 12:39:22 PM - Removed Apple Mobile Device Support
RP784: 7/9/2010 12:41:23 PM - Removed Apple Software Update
RP785: 7/9/2010 12:43:10 PM - Removed Apple Application Support
RP786: 7/9/2010 12:45:46 PM - Removed iTunes
RP787: 7/9/2010 12:50:12 PM - Removed Safari
RP788: 7/9/2010 4:21:02 PM - Device Driver Package Install: Hewlett-Packard IEEE 1284.4 compatible printer
RP789: 7/9/2010 4:21:36 PM - Device Driver Package Install: Hewlett-Packard Universal Serial Bus controllers
RP790: 7/9/2010 4:30:59 PM - Installed 32 Bit HP CIO Components Installer
RP791: 7/9/2010 4:37:43 PM - Removed Apple Mobile Device Support
RP792: 7/9/2010 5:51:47 PM - Removed HP Update
RP793: 7/10/2010 2:45:47 PM - Device Driver Package Install: SigmaTel Sound, video and game controllers
RP795: 7/10/2010 2:49:30 PM - Configured SigmaTel Audio

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.2
Adobe® Photoshop® Album Starter Edition 3.2
AT&T Yahoo! Applications
Banctec Service Agreement
Bonjour
Broadcom Management Programs
CCleaner
CleanUp!
Conexant HDA D330 MDC V.92 Modem
Corel Clip Art
Corel Photo Album 7
Coupon Printer for Windows
Dell DataSafe Online
Dell Driver Download Manager
Dell System Customization Wizard
Dell Touchpad
Dell Wireless WLAN Card
Digital Line Detect
EA Download Manager
EA Download Manager UI
Facebook Plug-In
Futuremark SystemInfo
Games, Music, & Photos Launcher
Garmin Communicator Plugin
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.480
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Jasc Paint Shop Photo Album 5
Java(TM) SE Runtime Environment 6
LiveUpdate Notice (Symantec Corporation)
Malwarebytes' Anti-Malware
McAfee SecurityCenter
MediaDirect
Meebo Notifier
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft WSE 3.0 Runtime
MobileMe Control Panel
Modem Diagnostic Tool
Move Media Player
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetWaiting
NVIDIA Drivers
OpenCASE Media Agent
OutlookAddinSetup
Pando Media Booster
Pixillion Image Converter
Product Documentation Launcher
QuickSet
QuickTime
RealPlayer
REALVIZ StitcherEZ ACD
SigmaTel Audio
Sims 3 Workshop
Smilebox
Sonic Activation Module
Spelling Dictionaries Support For Adobe Reader 8
Switch Sound File Converter
System Requirements Lab
The Sims™ 3
The Sims™ 3 Ambitions
The Sims™ 3 Create a Pattern Tool
The Sims™ 3 High-End Loft Stuff
The Sims™ 3 World Adventures
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
URL Assistant
User's Guides
WIDCOMM Bluetooth Software 6.0.1.3100
Windows Installer Clean Up
Windows Live OneCare safety scanner
WinRAR archiver
Yahoo! BrowserPlus 2.7.1

==== Event Viewer Messages From Past Week ========

7/9/2010 5:59:42 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the OpenCASE Media Agent service to connect.
7/9/2010 5:59:42 PM, Error: Service Control Manager [7000]  - The OpenCASE Media Agent service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/9/2010 5:59:09 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the McAfee SystemGuards service to connect.
7/9/2010 5:59:09 PM, Error: Service Control Manager [7000]  - The McAfee SystemGuards service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/9/2010 5:17:25 PM, Error: Microsoft-Windows-PrintSpooler [6161]  - The document Ts3 effects small - Notepad, owned by Jamie, failed to print on printer HP Photosmart 8200 Series. Try to print the document again, or restart the print spooler.  Data type: NT EMF 1.008. Size of the spool file in bytes: 5424. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\JAMIE-LAPTOP. Win32 error code returned by the print processor: 67. The network name cannot be found.
7/9/2010 5:08:34 PM, Error: Microsoft-Windows-PrintSpooler [6161]  - The document Test Page, owned by Jamie, failed to print on printer HP Photosmart 8200 Series. Try to print the document again, or restart the print spooler.  Data type: NT EMF 1.008. Size of the spool file in bytes: 114932. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\JAMIE-LAPTOP. Win32 error code returned by the print processor: 67. The network name cannot be found.
7/9/2010 5:03:36 PM, Error: Microsoft-Windows-PrintSpooler [6161]  - The document Test Page, owned by Jamie, failed to print on printer HP Photosmart 8200 Series. Try to print the document again, or restart the print spooler.  Data type: NT EMF 1.008. Size of the spool file in bytes: 114804. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\JAMIE-LAPTOP. Win32 error code returned by the print processor: 67. The network name cannot be found.
7/9/2010 4:39:30 PM, Error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/9/2010 4:36:13 PM, Error: Service Control Manager [7022]  - The HP CUE DeviceDiscovery Service service hung on starting.
7/8/2010 9:29:27 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
7/8/2010 10:37:50 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the STacSV service.
7/5/2010 9:39:15 PM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
7/5/2010 9:31:08 PM, Error: Service Control Manager [7034]  - The Dell Wireless WLAN Tray Service service terminated unexpectedly.  It has done this 1 time(s).
7/5/2010 9:30:54 PM, Error: Service Control Manager [7034]  - The XAudioService service terminated unexpectedly.  It has done this 1 time(s).
7/11/2010 11:43:54 AM, Error: BTHUSB [17]  - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
7/11/2010 1:39:28 PM, Error: Service Control Manager [7031]  - The OpenCASE Media Agent service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
7/10/2010 3:00:28 PM, Error: Service Control Manager [7000]  - The Automatic LiveUpdate Scheduler service failed to start due to the following error:  The system cannot find the file specified.

==== End Of File ===========================
« Last Edit: July 11, 2010, 09:14:35 PM by guestolo »
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Possible FakeAlert-FakeSpy.a Trojan
« Reply #22 on: July 11, 2010, 09:24:16 PM »
Can you run a couple tools,
First, Please download TFC by Old Timer and save it to your desktop.
http://oldtimer.geekstogo.com/TFC.exe
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it.
NOTE: If you are using Vista, right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately.

Back in Windows
   1. Go to [color="#4169E1"]this page[/color] and Download TDSSKiller.zip to your Desktop.
   2. Extract its contents to your desktop and drag TDSSKiller.exe on the desktop, not in the folder.
   3. Vista Start logo >All Programs> Accessories> RIGHT-click on Command Prompt and Select Run As Administrator. Copy/paste the following bolded command and hit Enter.

      "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

   4. If TDSSKiller alerts you that the system needs to reboot, please consent.
   5. When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Additionally, temporarily disasble your realtime protections with AntiVirus and Antispyware
then go to the following link
Go to the following link [color="#0000FF"]ESET Online Scanner[/color][/url]
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install    
  • Click Start    
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked    
  • Click Scan (This scan can take awhile, so please be patient)    
  • Once the scan is completed, you may close the window    
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
       
  • Copy and paste that log as a reply to this topic
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline jme

  • Jr. Member
  • **
  • Posts: 68
  • Karma: +0/-0
    • View Profile
Possible FakeAlert-FakeSpy.a Trojan
« Reply #23 on: July 12, 2010, 12:50:54 AM »
21:27:23:453 5920   TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
21:27:23:453 5920   ================================================================================
21:27:23:453 5920   SystemInfo:

21:27:23:453 5920   OS Version: 6.0.6002 ServicePack: 2.0
21:27:23:453 5920   Product type: Workstation
21:27:23:453 5920   ComputerName: JAMIE-LAPTOP
21:27:23:453 5920   UserName: Jamie
21:27:23:453 5920   Windows directory: C:\Windows
21:27:23:453 5920   System windows directory: C:\Windows
21:27:23:453 5920   Processor architecture: Intel x86
21:27:23:453 5920   Number of processors: 2
21:27:23:453 5920   Page size: 0x1000
21:27:23:453 5920   Boot type: Normal boot
21:27:23:453 5920   ================================================================================
21:27:24:092 5920   Initialize success
21:27:24:092 5920   
21:27:24:092 5920   Scanning   Services ...
21:27:25:340 5920   Raw services enum returned 464 services
21:27:25:356 5920   
21:27:25:356 5920   Scanning   Drivers ...
21:27:26:853 5920   ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
21:27:26:994 5920   adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
21:27:27:197 5920   adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
21:27:27:493 5920   adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
21:27:27:696 5920   adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
21:27:27:961 5920   AFD             (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
21:27:28:179 5920   agp440          (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
21:27:28:382 5920   aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:27:28:601 5920   aliide          (dc67a153fdb8105b25d05334b5e1d8e2) C:\Windows\system32\drivers\aliide.sys
21:27:28:772 5920   amdagp          (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
21:27:28:991 5920   amdide          (835c4c3355088298a5ebd818fa31430f) C:\Windows\system32\drivers\amdide.sys
21:27:29:303 5920   AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
21:27:29:677 5920   AmdK8           (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
21:27:29:786 5920   ApfiltrService  (36ab14bfe3dcf3c848acd1e3810f9cda) C:\Windows\system32\DRIVERS\Apfiltr.sys
21:27:30:005 5920   arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
21:27:30:395 5920   arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
21:27:30:691 5920   AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:27:30:894 5920   atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
21:27:31:190 5920   BCM43XX         (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
21:27:31:362 5920   bcm4sbxp        (cd4646067cc7dcba1907fa0acf7e3966) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
21:27:31:674 5920   Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:27:31:877 5920   bowser          (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
21:27:31:986 5920   BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:27:32:033 5920   BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:27:32:048 5920   Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:27:32:079 5920   BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:27:32:126 5920   BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:27:32:173 5920   BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:27:32:235 5920   BthEnum         (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
21:27:32:282 5920   BTHMODEM        (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
21:27:32:579 5920   BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
21:27:33:000 5920   BTHPORT         (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
21:27:33:312 5920   BTHUSB          (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
21:27:33:515 5920   btwaudio        (4a28e7bd365377d0512b7ef8c7596d2c) C:\Windows\system32\drivers\btwaudio.sys
21:27:33:733 5920   btwavdt         (5ffde57253d665067b0886612817eb11) C:\Windows\system32\drivers\btwavdt.sys
21:27:34:092 5920   btwrchid        (ab07dc8b05c31a4f95fc73019be9db15) C:\Windows\system32\DRIVERS\btwrchid.sys
21:27:34:872 5920   cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:27:34:997 5920   cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
21:27:35:059 5920   circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
21:27:35:153 5920   CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
21:27:35:574 5920   CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
21:27:35:683 5920   cmdide          (e79cbb2195e965f6e3256e2c1b23fd1c) C:\Windows\system32\drivers\cmdide.sys
21:27:36:089 5920   Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
21:27:36:806 5920   crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
21:27:36:900 5920   Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
21:27:36:962 5920   DfsC            (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
21:27:36:993 5920   disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
21:27:37:056 5920   drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:27:37:446 5920   DXGKrnl         (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
21:27:37:555 5920   e1express       (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
21:27:37:695 5920   E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:27:38:210 5920   Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
21:27:38:600 5920   elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
21:27:38:647 5920   ENTECH          (16ebd8bf1d5090923694cc972c7ce1b4) C:\Windows\system32\DRIVERS\ENTECH.sys
21:27:38:709 5920   exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
21:27:38:756 5920   fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
21:27:38:803 5920   fdc             (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
21:27:38:881 5920   FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:27:38:943 5920   Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:27:38:990 5920   flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
21:27:39:037 5920   FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
21:27:39:068 5920   Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
21:27:39:115 5920   gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
21:27:39:193 5920   GEARAspiWDM     (f2f431d1573ee632975c524418655b84) C:\Windows\system32\Drivers\GEARAspiWDM.sys
21:27:39:240 5920   HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
21:27:39:287 5920   HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:27:39:365 5920   HidBth          (fcb3f4be408f72c1bd81bcaba87fc22f) C:\Windows\system32\DRIVERS\hidbth.sys
21:27:39:396 5920   HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:27:39:443 5920   HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
21:27:39:458 5920   HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
21:27:39:521 5920   HSF_DPV         (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys
21:27:39:567 5920   HSXHWAZL        (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
21:27:39:614 5920   HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
21:27:39:692 5920   i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
21:27:39:755 5920   i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:27:39:817 5920   iaStor          (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\drivers\iastor.sys
21:27:39:848 5920   iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
21:27:39:895 5920   iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:27:39:957 5920   intelide        (0084046c084d68e494f8cf36bcf08186) C:\Windows\system32\DRIVERS\intelide.sys
21:27:40:020 5920   intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:27:40:067 5920   IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:27:40:113 5920   IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
21:27:40:160 5920   IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:27:40:223 5920   IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:27:40:254 5920   isapnp          (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
21:27:40:301 5920   iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
21:27:40:347 5920   iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:27:40:379 5920   iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:27:40:425 5920   kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:27:40:488 5920   kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
21:27:40:550 5920   klmd23          (316353165feba3d0538eaa9c2f60c5b7) C:\Windows\system32\drivers\klmd.sys
21:27:40:581 5920   KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
21:27:40:613 5920   lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:27:40:659 5920   LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
21:27:40:691 5920   LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
21:27:40:722 5920   LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
21:27:40:753 5920   luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:27:40:800 5920   mdmxsdk         (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
21:27:40:847 5920   megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
21:27:40:893 5920   mfeavfk         (bafdd5e28baea99d7f4772af2f5ec7ee) C:\Windows\system32\drivers\mfeavfk.sys
21:27:40:940 5920   mfebopk         (1d003e3056a43d881597d6763e83b943) C:\Windows\system32\drivers\mfebopk.sys
21:27:41:034 5920   mfehidk         (3f138a1c8a0659f329f242d1e389b2cf) C:\Windows\system32\drivers\mfehidk.sys
21:27:41:081 5920   mferkdk         (41fe2f288e05a6c8ab85dd56770ffbad) C:\Windows\system32\drivers\mferkdk.sys
21:27:41:112 5920   mfesmfk         (096b52ea918aa909ba5903d79e129005) C:\Windows\system32\drivers\mfesmfk.sys
21:27:41:159 5920   Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:27:41:205 5920   monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:27:41:252 5920   mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:27:41:315 5920   mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:27:41:346 5920   MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:27:41:393 5920   MPFP            (95675c3398dcc084c8d1dc35cc4e9e01) C:\Windows\system32\Drivers\Mpfp.sys
21:27:41:439 5920   mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
21:27:41:502 5920   mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:27:41:517 5920   Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:27:41:642 5920   MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
21:27:41:705 5920   mrxsmb          (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:27:41:720 5920   mrxsmb10        (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:27:41:767 5920   mrxsmb20        (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:27:41:814 5920   msahci          (d420bc42a637ac3cc4f411220549c0dc) C:\Windows\system32\drivers\msahci.sys
21:27:41:829 5920   msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
21:27:41:892 5920   Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:27:41:939 5920   msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:27:41:985 5920   MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:27:42:048 5920   MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:27:42:110 5920   MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:27:42:157 5920   MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
21:27:42:204 5920   mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:27:42:235 5920   MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:27:42:297 5920   Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
21:27:42:344 5920   NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
21:27:42:375 5920   NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
21:27:42:438 5920   NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:27:42:469 5920   Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:27:42:531 5920   NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:27:42:594 5920   NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:27:42:641 5920   NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:27:42:703 5920   netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
21:27:42:734 5920   nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:27:42:797 5920   Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
21:27:42:859 5920   nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:27:42:953 5920   Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
21:27:42:984 5920   ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:27:43:031 5920   NuidFltr        (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
21:27:43:077 5920   Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:27:43:421 5920   nvlddmkm        (8fe5350fa6a9f0b6633aee811c468954) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:27:43:577 5920   nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
21:27:43:623 5920   nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
21:27:43:655 5920   nv_agp          (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
21:27:43:717 5920   ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
21:27:43:748 5920   Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:27:43:795 5920   partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
21:27:43:811 5920   Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:27:43:842 5920   pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
21:27:43:857 5920   pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
21:27:43:904 5920   pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
21:27:43:967 5920   PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:27:44:045 5920   PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:27:44:060 5920   Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
21:27:44:107 5920   PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
21:27:44:138 5920   PxHelp20        (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys
21:27:44:185 5920   ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
21:27:44:216 5920   ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:27:44:247 5920   QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:27:44:341 5920   R300            (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
21:27:44:388 5920   RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:27:44:450 5920   Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:27:44:497 5920   RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
21:27:44:559 5920   RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
21:27:44:591 5920   rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
21:27:44:637 5920   RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:27:44:700 5920   rdpdr           (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
21:27:44:747 5920   RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:27:44:793 5920   RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
21:27:44:825 5920   RFCOMM          (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
21:27:44:856 5920   rimmptsk        (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
21:27:44:903 5920   rimsptsk        (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
21:27:44:965 5920   rismxdp         (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
21:27:45:043 5920   rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:27:45:074 5920   sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:27:45:137 5920   sdbus           (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
21:27:45:183 5920   secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:27:45:230 5920   Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
21:27:45:277 5920   Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
21:27:45:324 5920   sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:27:45:402 5920   sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
21:27:45:449 5920   sffp_mmc        (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
21:27:45:480 5920   sffp_sd         (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:27:45:511 5920   sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:27:45:558 5920   sisagp          (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
21:27:45:620 5920   SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
21:27:45:667 5920   SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
21:27:45:729 5920   Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
21:27:45:776 5920   spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:27:45:823 5920   srv             (0debafcc0e3591fca34f077cab62f7f7) C:\Windows\system32\DRIVERS\srv.sys
21:27:45:870 5920   srv2            (6b6f3658e0a58c6c50c5f7fbdf3df633) C:\Windows\system32\DRIVERS\srv2.sys
21:27:45:917 5920   srvnet          (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys
21:27:45:995 5920   STHDA           (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
21:27:46:057 5920   swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:27:46:119 5920   Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:27:46:135 5920   Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:27:46:166 5920   Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:27:46:229 5920   Tcpip           (48cbe6d53632d0067c2d6b20f90d84ca) C:\Windows\system32\drivers\tcpip.sys
21:27:46:307 5920   Tcpip6          (48cbe6d53632d0067c2d6b20f90d84ca) C:\Windows\system32\DRIVERS\tcpip.sys
21:27:46:385 5920   tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
21:27:46:463 5920   TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:27:46:509 5920   TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:27:46:572 5920   tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
21:27:46:619 5920   TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
21:27:46:681 5920   tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:27:46:743 5920   tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:27:46:775 5920   tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
21:27:46:821 5920   uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
21:27:46:884 5920   udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
21:27:46:931 5920   uliagpkx        (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
21:27:46:977 5920   uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
21:27:47:009 5920   UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:27:47:024 5920   ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:27:47:071 5920   umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:27:47:118 5920   usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
21:27:47:165 5920   usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:27:47:227 5920   usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:27:47:289 5920   usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
21:27:47:336 5920   usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
21:27:47:352 5920   usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
21:27:47:383 5920   usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
21:27:47:430 5920   usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
21:27:47:477 5920   USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:27:47:523 5920   usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:27:47:555 5920   vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
21:27:47:601 5920   VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:27:47:664 5920   viaagp          (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
21:27:47:726 5920   ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
21:27:47:789 5920   viaide          (f3b4762eb85a2aff4999401f14c3262b) C:\Windows\system32\drivers\viaide.sys
21:27:47:851 5920   volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:27:47:898 5920   volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
21:27:47:945 5920   volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
21:27:47:991 5920   vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
21:27:48:007 5920   WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:27:48:069 5920   Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:27:48:069 5920   Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:27:48:116 5920   Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
21:27:48:194 5920   Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
21:27:48:303 5920   winachsf        (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
21:27:48:366 5920   WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:27:48:428 5920   WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
21:27:48:475 5920   ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:27:48:537 5920   WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:27:48:600 5920   XAudio          (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
21:27:48:600 5920   
21:27:48:600 5920   Completed
21:27:48:600 5920   
21:27:48:600 5920   Results:
21:27:48:600 5920   Registry objects infected / cured / cured on reboot:   0 / 0 / 0
21:27:48:600 5920   File objects infected / cured / cured on reboot:   0 / 0 / 0
21:27:48:600 5920   
21:27:48:615 5920   KLMD(ARK) unloaded successfully



ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=8a2dc1eeb9650b4dac7a40e35906bb29
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-07-12 05:37:54
# local_time=2010-07-11 10:37:54 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 3742093 3742093 0 0
# compatibility_mode=5121 16776637 100 96 8678363 31742516 0 0
# compatibility_mode=5892 16776638 100 100 34069728 115516920 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=9217 16777214 25 9 85653248 85653250 0 0
# scanned=145935
# found=0
# cleaned=0
# scan_time=3681
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Possible FakeAlert-FakeSpy.a Trojan
« Reply #24 on: July 13, 2010, 04:19:34 PM »
Everything is looking good, are you still experiencing lag?
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline jme

  • Jr. Member
  • **
  • Posts: 68
  • Karma: +0/-0
    • View Profile
Possible FakeAlert-FakeSpy.a Trojan
« Reply #25 on: July 13, 2010, 06:10:10 PM »
Unfortunately, yes I am  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\':(\' />
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Possible FakeAlert-FakeSpy.a Trojan
« Reply #26 on: July 16, 2010, 10:23:36 PM »
I see remnants of Symantecs in your log

Can you do the following
Download and save to desktop the NORTON REMOVAL TOOL

Right click on the removal tool and choose to "Run as Administrator"
Follow the prompts
Reboot the computer when prompted or after the tool has completed

Open OTL.exe and run a Quick Scan, post it's new log and keep me informed how things are now running
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline jme

  • Jr. Member
  • **
  • Posts: 68
  • Karma: +0/-0
    • View Profile
Possible FakeAlert-FakeSpy.a Trojan
« Reply #27 on: July 16, 2010, 11:02:13 PM »
OTL logfile created on: 7/16/2010 8:58:03 PM - Run 3
OTL by OldTimer - Version 3.2.5.1     Folder = C:\Users\Jamie\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
9.00 Gb Paging File | 8.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): c:\pagefile.sys 6000 6000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.47 Gb Total Space | 64.10 Gb Free Space | 46.97% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 134.53 Gb Free Space | 90.26% Space Free | Partition Type: NTFS
Drive E: | 10.00 Gb Total Space | 5.87 Gb Free Space | 58.72% Space Free | Partition Type: NTFS
Drive F: | 4.60 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: JAMIE-LAPTOP
Current User Name: Jamie
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2010/05/29 14:01:07 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Jamie\Desktop\OTL.exe
PRC - [2010/03/30 01:19:07 | 002,937,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2010/02/14 02:14:54 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/08 13:04:44 | 000,203,280 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2008/08/01 21:29:20 | 000,037,888 | R--- | M] () -- C:\Program Files\Corel\Corel Photo Album 7\CorelIOMonitor.exe
PRC - [2007/09/13 14:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/09/13 14:44:48 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
PRC - [2007/08/29 14:25:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2007/04/17 21:48:18 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/04/17 20:31:58 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2006/11/03 16:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2006/11/03 15:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/11/03 15:55:48 | 001,583,920 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2006/09/08 16:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2006/09/08 16:06:08 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2006/06/05 02:18:54 | 000,021,504 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010/05/29 14:01:07 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Jamie\Desktop\OTL.exe
MOD - [2009/04/10 23:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/10/08 13:04:48 | 000,013,840 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2008/01/19 00:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] --  -- (stllssvr)
SRV - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/24 18:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/10/08 13:04:44 | 000,203,280 | ---- | M] () [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2008/08/29 18:29:14 | 000,835,208 | ---- | M] (ExtendMedia Inc.) [Auto | Stopped] -- C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe -- (OpenCASE Media Agent)
SRV - [2008/03/26 15:59:50 | 000,016,936 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe -- (GoToAssist)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/13 14:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/08/29 14:25:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2004/10/22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/16 12:32:26 | 000,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2009/06/16 14:59:00 | 009,768,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/05/09 02:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/04/10 21:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/10/18 20:13:15 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2007/10/18 20:13:15 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2007/10/18 20:13:15 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/09/13 14:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/04/12 17:02:56 | 000,157,184 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/03/21 12:33:46 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2007/02/12 14:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2006/11/27 00:48:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/27 00:48:44 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/27 00:48:44 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/21 05:25:44 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/06 18:37:16 | 000,078,128 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2006/11/06 16:13:52 | 000,016,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2006/11/06 16:13:50 | 000,080,176 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2006/11/02 19:43:30 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/11/02 19:42:18 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/11/02 19:42:08 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/11/02 02:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 02:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 02:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 02:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 02:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 02:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 02:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 02:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 02:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 02:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 02:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 02:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 02:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 02:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 02:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 02:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 02:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 02:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 00:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 00:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006/11/02 00:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/08/04 17:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/p/3.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2008/12/15 18:02:06 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2010/05/30 11:24:39 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Photo Album 7\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 7\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\Run: [ECenter] c:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Meebo Notifier] C:\Users\Jamie\AppData\Local\Meebo\Meebo Notifier\MeeboNotifier.exe (Meebo, Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Users\Jamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wkcalrem.LNK = C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe (Microsoft® Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: k12.ca.us ([parentconnect.luhsd] https in Trusted sites)
O15 - HKCU\..Trusted Domains: motive.com ([pattta.att] https in Trusted sites)
O15 - HKCU\..Trusted Domains: motive.com ([patttbc.att] https in Trusted sites)
O15 - HKCU\..Trusted Domains: tenderfoot.com ([]http in Trusted sites)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.srtest.com/srl_bin/sysreqlab_srl.cab (System Requirements Lab Class)
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} http://ea-src-cdn.systemrequirementslab.com/curi/bin/sysreqlab_srlx.cab (System Requirements Lab Class)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} http://simcity.ea.com/update/EARTPX.cab (EARTPatchX Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab (MaxisSimCity4PatcherX Control)
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://www.yougamers.com/systeminfo/FMSI.cab (Futuremark SystemInfo)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Photobucket Publisher http://pic.photobucket.com/plugins/csve/photobucket_publisher.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/04/20 13:37:17 | 000,054,544 | R--- | M] (Electronic Arts) - F:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2010/03/26 21:03:00 | 000,000,049 | R--- | M] () - F:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{87666442-7dae-11dc-adf8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{87666442-7dae-11dc-adf8-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/04/20 13:37:17 | 000,054,544 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010/07/16 20:45:07 | 000,921,512 | ---- | C] (Symantec Corporation) -- C:\Users\Jamie\Desktop\Norton_Removal_Tool.exe
[2010/07/11 21:22:57 | 001,013,584 | ---- | C] (Kaspersky Lab) -- C:\Users\Jamie\Desktop\TDSSKiller.exe
[2010/07/11 21:10:29 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Jamie\Desktop\TFC.exe
[2010/07/10 14:48:32 | 000,102,400 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
[2010/07/10 14:48:31 | 004,947,968 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stacgui.cpl
[2010/07/10 14:44:55 | 000,330,240 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\drivers\stwrt.sys
[2010/07/10 14:44:54 | 000,595,456 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stapo.dll
[2010/07/10 14:44:54 | 000,328,704 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stcplx.dll
[2010/07/10 14:44:54 | 000,299,520 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stapi32.dll
[2010/07/10 14:44:53 | 000,146,944 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\st325614.dll
[2010/07/09 16:20:52 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2010/07/09 16:17:42 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2010/07/09 16:06:23 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Roaming\HP
[2010/07/05 21:42:12 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\temp
[2010/07/05 21:41:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/07/05 21:29:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/07/05 21:28:32 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/07/05 21:28:29 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/07/05 21:28:29 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/06/29 13:00:29 | 000,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
[2010/06/29 11:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/29 11:46:17 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/06/29 11:40:12 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/29 10:25:31 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Roaming\Motive
[2010/06/29 10:23:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
[2010/06/29 10:23:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Motive
[2010/06/27 18:32:55 | 000,000,000 | ---D | C] -- C:\Users\Jamie\Desktop\Custard
[2010/06/27 12:59:25 | 000,000,000 | ---D | C] -- C:\Users\Jamie\Desktop\Sims 3 Dashboard Tool
[2010/06/25 10:01:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/06/23 13:54:29 | 000,000,000 | ---D | C] -- C:\Users\Jamie\Documents\Updater5
[2010/06/23 00:02:18 | 000,000,000 | ---D | C] -- C:\Users\Jamie\Desktop\wp-issuu
[2010/06/13 12:03:48 | 000,000,000 | ---D | C] -- C:\Users\Jamie\Desktop\CC Archived
[2010/06/12 23:17:19 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Roaming\Meebo
[2010/06/12 23:17:18 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\Meebo
[2010/06/08 18:20:01 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\Smilebox
[2010/06/08 18:16:09 | 000,000,000 | ---D | C] -- C:\Users\Jamie\Documents\My Smilebox Creations
[2010/06/08 18:15:41 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Roaming\Smilebox
[2010/06/07 15:27:29 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Roaming\gtk-2.0
[2010/06/07 15:22:55 | 000,000,000 | ---D | C] -- C:\Users\Jamie\.thumbnails
[2010/06/07 15:20:17 | 000,000,000 | ---D | C] -- C:\Users\Jamie\Documents\gegl-0.0
[2010/06/07 15:20:17 | 000,000,000 | ---D | C] -- C:\Users\Jamie\.gimp-2.6
[2010/06/02 10:49:31 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\Apple
[2010/06/01 10:56:43 | 000,000,000 | ---D | C] -- C:\Users\Jamie\Desktop\CC Packaged
[2010/05/30 11:02:58 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/05/30 10:52:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/30 10:52:30 | 000,000,000 | ---D | C] -- C:\%APPDATA%
[2010/05/29 14:01:06 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\Jamie\Desktop\OTL.exe
[2010/05/29 09:13:26 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\Apple Computer
[2010/05/28 21:15:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/05/28 21:15:01 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/05/28 14:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/27 11:28:48 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\gjqbrjexs
 
========== Files - Modified Within 90 Days ==========
 
[2010/07/16 20:59:44 | 000,000,392 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1D67BDAF-0B02-4334-907D-49C1F9885BDF}.job
[2010/07/16 20:58:43 | 004,194,304 | -HS- | M] () -- C:\Users\Jamie\ntuser.dat
[2010/07/16 20:53:32 | 000,032,068 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2010/07/16 20:52:55 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/07/16 20:52:24 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/07/16 20:52:22 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/16 20:52:08 | 000,003,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/16 20:52:07 | 000,003,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/16 20:52:02 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/16 20:52:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/16 20:51:02 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/07/16 20:50:28 | 000,524,288 | -HS- | M] () -- C:\Users\Jamie\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/07/16 20:50:28 | 000,065,536 | -HS- | M] () -- C:\Users\Jamie\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/07/16 20:50:07 | 002,417,714 | -H-- | M] () -- C:\Users\Jamie\AppData\Local\IconCache.db
[2010/07/16 20:45:09 | 000,921,512 | ---- | M] (Symantec Corporation) -- C:\Users\Jamie\Desktop\Norton_Removal_Tool.exe
[2010/07/16 20:02:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/16 18:22:53 | 000,065,536 | ---- | M] () -- C:\Users\Jamie\Desktop\SAP Judging Forms.doc
[2010/07/16 18:16:07 | 000,004,120 | ---- | M] () -- C:\Users\Jamie\AppData\Roaming\wklnhst.dat
[2010/07/15 13:10:03 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2010/07/11 21:22:57 | 001,013,584 | ---- | M] (Kaspersky Lab) -- C:\Users\Jamie\Desktop\TDSSKiller.exe
[2010/07/11 21:10:31 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Jamie\Desktop\TFC.exe
[2010/07/11 13:11:19 | 000,525,824 | ---- | M] () -- C:\Users\Jamie\Desktop\dds.scr
[2010/07/09 18:07:53 | 000,002,523 | ---- | M] () -- C:\Users\Jamie\Desktop\HiJackThis.lnk
[2010/07/09 18:03:46 | 000,703,388 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/07/09 18:03:46 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/07/09 18:03:46 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/07/09 16:30:15 | 000,116,840 | ---- | M] () -- C:\Windows\hpqins00.dat
[2010/07/05 21:39:18 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/07/05 21:26:27 | 003,726,382 | R--- | M] () -- C:\Users\Jamie\Desktop\ComboFix.exe
[2010/07/01 10:30:40 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2010/06/27 02:05:01 | 000,047,616 | ---- | M] () -- C:\Users\Jamie\Documents\Meet Brody.wps
[2010/06/24 23:44:42 | 000,000,984 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 3 Create a Pattern Tool.lnk
[2010/06/23 14:01:15 | 000,000,952 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys
[2010/06/22 20:23:01 | 000,128,281 | ---- | M] () -- C:\Users\Jamie\Desktop\Simatography Cover.jpg
[2010/06/20 00:50:57 | 000,001,672 | ---- | M] () -- C:\Users\Jamie\Desktop\CCleaner.lnk
[2010/06/12 23:17:19 | 000,001,070 | ---- | M] () -- C:\Users\Jamie\Desktop\Meebo Notifier.lnk
[2010/06/12 03:18:16 | 000,022,528 | ---- | M] () -- C:\Users\Jamie\Documents\Meet Jane.wps
[2010/06/11 10:55:35 | 000,324,088 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/06/08 19:05:20 | 000,150,895 | ---- | M] () -- C:\Users\Jamie\Desktop\RunwayMid-1.jpg
[2010/06/08 18:15:42 | 000,001,818 | ---- | M] () -- C:\Users\Jamie\Desktop\Smilebox.lnk
[2010/06/08 17:49:46 | 000,001,535 | ---- | M] () -- C:\Users\Jamie\.recently-used.xbel
[2010/06/05 13:59:45 | 000,094,208 | ---- | M] () -- C:\Users\Jamie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/01 11:38:22 | 000,000,747 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 3 Ambitions.lnk
[2010/05/30 11:24:39 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/05/30 00:46:48 | 000,000,048 | ---- | M] () -- C:\config.ini
[2010/05/29 14:01:07 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Jamie\Desktop\OTL.exe
[2010/05/29 09:10:08 | 004,194,304 | -HS- | M] () -- C:\Users\Jamie\ntuser.dat_previous
[2010/05/27 21:55:53 | 000,011,776 | ---- | M] () -- C:\Users\Jamie\Documents\SAP Finale.wps
[2010/05/18 01:27:16 | 000,009,728 | ---- | M] () -- C:\Users\Jamie\Documents\SAP Beach Bum.wps
[2010/05/13 02:05:10 | 000,013,312 | ---- | M] () -- C:\Users\Jamie\Documents\SAP Kid at heart.wps
[2010/05/08 10:01:08 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/05/04 23:32:35 | 000,012,800 | ---- | M] () -- C:\Users\Jamie\Documents\SAP Role Play Date Night.wps
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\Windows\PEV.exe
[2010/04/24 22:59:04 | 000,000,799 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 3 High-End Loft Stuff.lnk
[2010/04/22 00:23:57 | 000,009,728 | ---- | M] () -- C:\Users\Jamie\Documents\SAP Role Play Advertise Me.wps
 
========== Files Created - No Company Name ==========
 
[2010/07/16 18:22:53 | 000,065,536 | ---- | C] () -- C:\Users\Jamie\Desktop\SAP Judging Forms.doc
[2010/07/11 13:11:17 | 000,525,824 | ---- | C] () -- C:\Users\Jamie\Desktop\dds.scr
[2010/07/09 16:28:42 | 000,116,840 | ---- | C] () -- C:\Windows\hpqins00.dat
[2010/07/09 16:06:48 | 000,004,559 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/07/05 21:28:32 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/07/05 21:28:29 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/07/05 21:28:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/07/05 21:28:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/07/05 21:28:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/07/05 21:26:20 | 003,726,382 | R--- | C] () -- C:\Users\Jamie\Desktop\ComboFix.exe
[2010/06/24 23:44:42 | 000,000,984 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3 Create a Pattern Tool.lnk
[2010/06/23 00:22:28 | 000,128,281 | ---- | C] () -- C:\Users\Jamie\Desktop\Simatography Cover.jpg
[2010/06/12 23:17:19 | 000,001,070 | ---- | C] () -- C:\Users\Jamie\Desktop\Meebo Notifier.lnk
[2010/06/11 23:18:46 | 000,022,528 | ---- | C] () -- C:\Users\Jamie\Documents\Meet Jane.wps
[2010/06/08 19:05:20 | 000,150,895 | ---- | C] () -- C:\Users\Jamie\Desktop\RunwayMid-1.jpg
[2010/06/08 18:15:42 | 000,001,818 | ---- | C] () -- C:\Users\Jamie\Desktop\Smilebox.lnk
[2010/06/08 17:49:46 | 000,001,535 | ---- | C] () -- C:\Users\Jamie\.recently-used.xbel
[2010/06/01 11:38:22 | 000,000,747 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3 Ambitions.lnk
[2010/05/30 10:54:01 | 000,000,392 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{1D67BDAF-0B02-4334-907D-49C1F9885BDF}.job
[2010/05/30 00:46:48 | 000,000,048 | ---- | C] () -- C:\config.ini
[2010/05/29 23:02:55 | 000,002,523 | ---- | C] () -- C:\Users\Jamie\Desktop\HiJackThis.lnk
[2010/05/27 12:37:11 | 000,011,776 | ---- | C] () -- C:\Users\Jamie\Documents\SAP Finale.wps
[2010/05/18 01:27:16 | 000,009,728 | ---- | C] () -- C:\Users\Jamie\Documents\SAP Beach Bum.wps
[2010/05/13 02:05:10 | 000,013,312 | ---- | C] () -- C:\Users\Jamie\Documents\SAP Kid at heart.wps
[2010/05/08 10:01:08 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/05/04 23:32:35 | 000,012,800 | ---- | C] () -- C:\Users\Jamie\Documents\SAP Role Play Date Night.wps
[2010/05/01 10:42:31 | 000,001,672 | ---- | C] () -- C:\Users\Jamie\Desktop\CCleaner.lnk
[2010/04/27 19:30:29 | 003,761,255 | ---- | C] () -- C:\Users\Jamie\Desktop\CX-hair_peggyzone_hairmesh05399_fx7.package
[2010/04/24 22:59:04 | 000,000,799 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3 High-End Loft Stuff.lnk
[2010/04/22 00:23:56 | 000,009,728 | ---- | C] () -- C:\Users\Jamie\Documents\SAP Role Play Advertise Me.wps
[2010/03/10 12:38:01 | 000,000,952 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2010/02/14 02:16:27 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/07/02 14:44:59 | 000,000,737 | ---- | C] () -- C:\Windows\XMLEditor31.INI
[2009/06/01 21:21:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2009/01/03 14:00:40 | 000,000,000 | ---- | C] () -- C:\Windows\Game.INI
[2007/12/24 14:52:37 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2007/10/18 20:13:33 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/10/18 12:34:33 | 000,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2006/11/03 15:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2005/09/15 15:40:22 | 000,160,768 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2002/03/21 15:39:02 | 000,073,728 | ---- | C] () -- C:\Windows\System32\UNACEV2.DLL
[2002/02/27 18:50:00 | 000,197,120 | ---- | C] () -- C:\Windows\System32\patchw32.dll
[2001/11/14 10:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
 
========== LOP Check ==========
 
[2009/03/31 15:10:20 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\ACD Systems
[2008/04/27 01:56:25 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\CrystalSpace
[2007/12/24 15:15:14 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\DataSafeOnline
[2008/12/11 14:50:05 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\EPSON
[2010/03/07 13:53:45 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\Facebook
[2008/11/21 10:49:29 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\GARMIN
[2010/06/08 17:49:46 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\gtk-2.0
[2008/07/15 13:50:24 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\Leadertech
[2010/06/12 23:17:25 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\Meebo
[2009/06/17 16:14:05 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\NCH Swift Sound
[2010/01/22 12:21:40 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\NVD
[2008/02/10 11:23:20 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\PeerNetworking
[2010/07/12 19:31:16 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\Smilebox
[2010/01/28 11:57:02 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\SoftGrid Client
[2007/12/11 20:05:14 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\Template
[2009/05/27 16:14:52 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\Tenderfoot Games
[2010/01/22 12:21:37 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\TP
[2010/07/15 13:10:03 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2010/07/01 10:30:40 | 000,000,332 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2010/07/16 20:51:02 | 000,032,546 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/07/16 20:59:44 | 000,000,392 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{1D67BDAF-0B02-4334-907D-49C1F9885BDF}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 76 bytes -> C:\Users\Jamie\Documents\TS-L632H_D300[1]:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jamie\Documents\A103[1]:Roxio EMC Stream
@Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:2DAD076E
< End of report >
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Possible FakeAlert-FakeSpy.a Trojan
« Reply #28 on: July 16, 2010, 11:23:03 PM »
Quote
Open OTL.exe and run a Quick Scan, post it's new log and keep me informed how things are now running
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline jme

  • Jr. Member
  • **
  • Posts: 68
  • Karma: +0/-0
    • View Profile
Possible FakeAlert-FakeSpy.a Trojan
« Reply #29 on: July 17, 2010, 12:11:51 AM »
Oh my goodness, I'm so sorry I posted the log, but not how things are running, lol.....der. I noticed a huge difference! Who knew that something left over from Norton would cause that lag  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/blink.gif\' class=\'bbc_emoticon\' alt=\':blink:\' /> Thanks a heap Guestolo for all of your help and sticking with me until all of my issues were resolved.......you truly are a special person for helping complete strangers with their computer issues.  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Possible FakeAlert-FakeSpy.a Trojan
« Reply #30 on: July 17, 2010, 12:26:38 AM »
Ensure that you still have a copy of ComboFix on your desktop
Then let's properly
Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
       
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
       
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
In addition, let's remove OTL.exe
Right click on OTL.exe and choose to "Run as Admin"
When open, choose the CLEANUP option, follow the prompts and reboot if you are prompted

I'll lock this topic in a couple days if you have no further problems or questions
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: 1 [2]
« previous next »