Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91824 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Won't Boot [Solved]


  • This topic is locked This topic is locked
38 replies to this topic

#1 Shelby68GT500

Shelby68GT500

    Authentic Member

  • Authentic Member
  • PipPip
  • 82 posts

Posted 28 October 2013 - 06:41 AM

Wifes computer that has also been used by my son in the past 6 months to play an online game called Minecraft using another application called Steam. Everything was fine up until about 2 weeks ago when the computer started having problems finishing up the boot process. Initial symptoms upon booting were that somewhat random characters would show up during the process before windows would start and also random artifacts (blocking, hash, yellow vertical bands) on the display as windows would attempt to load. Sometimes it would just freeze at the windows splash screen, other times it would get to log on and lock up with a black screen with a large blue bar across the top of the screen (taking up about 20% of the top of the screen). Sensed that it might be a problem with my display driver, so I updated that, but no change. Then started to sense that maybe might be some sort of malware as I started getting messages that MCsheild.exe (McAfee File) could not start and was being shut down. Early on, the computer would boot up and work fine about 50% of the time, but now the only way I can get it to fully boot is to go into safe mode. Downloaded and ran OTL while in safe mode (hope that is OK) and have posted the results below.

Thank You for any assistance, it is greatly appreciated!

Regards, Bob

OTL.txt
OTL logfile created on: 10/28/2013 8:14:22 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Documents and Settings\Paddy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.72 Gb Available Physical Memory | 90.79% Memory free
4.84 Gb Paging File | 4.75 Gb Available in Paging File | 98.16% Paging File free
Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 465.75 Gb Total Space | 395.95 Gb Free Space | 85.01% Space Free | Partition Type: NTFS
Drive D: | 298.08 Gb Total Space | 190.27 Gb Free Space | 63.83% Space Free | Partition Type: NTFS
Drive K: | 3.73 Gb Total Space | 2.56 Gb Free Space | 68.79% Space Free | Partition Type: FAT32

Computer Name: MUDDY | User Name: Paddy | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - D:\Documents and Settings\Paddy\Desktop\OTL.exe (OldTimer Tools)
PRC - D:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - D:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - D:\Program Files\NVIDIA Corporation\nview\nvShell.dll ()


========== Services (SafeList) ==========

SRV - (Steam Client Service) -- D:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (mfevtp) -- D:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SRV - (mfefire) -- D:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV - (McAPExe) -- D:\Program Files\McAfee\MSC\McAPExe.exe (McAfee, Inc.)
SRV - (mfecore) -- D:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe (McAfee, Inc.)
SRV - (nvUpdatusService) -- D:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (McODS) -- D:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (MSK80Service) -- D:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- D:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcpltsvc) -- D:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- D:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- D:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (HomeNetSvc) -- D:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (JavaQuickStarterService) -- D:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (McAfee SiteAdvisor Service) -- D:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (IntuitUpdateServiceV4) -- D:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
SRV - (MOBKbackup) -- D:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
SRV - (PCPitstop Scheduling) -- D:\Program Files\PCPitstop\PCPitstopScheduleService.exe (PC Pitstop LLC)
SRV - (Pml Driver HPZ12) -- D:\WINDOWS\system32\HPZipm12.exe (HP)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (cerc6) -- File not found
DRV - (cfwids) -- D:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- D:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (mfehidk) -- D:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- D:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- D:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfefirek) -- D:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfebopk) -- D:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- D:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- D:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (HipShieldK) -- D:\WINDOWS\system32\drivers\HipShieldK.sys (McAfee, Inc.)
DRV - (mfencrk) -- D:\WINDOWS\system32\drivers\mfencrk.sys (McAfee, Inc.)
DRV - (mfencbdc) -- D:\WINDOWS\system32\drivers\mfencbdc.sys (McAfee, Inc.)
DRV - (McPvDrv) -- D:\WINDOWS\system32\drivers\McPvDrv.sys (McAfee, Inc.)
DRV - (MOBKFilter) -- D:\WINDOWS\system32\drivers\MOBK.sys (Mozy, Inc.)
DRV - (MSTAPE) -- D:\WINDOWS\system32\drivers\mstape.sys (Microsoft Corporation)
DRV - (AVCSTRM) -- D:\WINDOWS\system32\drivers\avcstrm.sys (Microsoft Corporation)
DRV - (scsiscan) -- D:\WINDOWS\system32\drivers\scsiscan.sys (Microsoft Corporation)
DRV - (RTLE8023xp) -- D:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (IntcAzAudAddService) -- D:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (Diag69xp) -- D:\WINDOWS\system32\drivers\diag69xp.sys (Realtek Semiconductor Corporation)
DRV - (RTLVLAN) -- D:\WINDOWS\system32\drivers\RTLVLAN.SYS (Realtek Semiconductor Corporation)
DRV - (LANPkt) -- D:\WINDOWS\system32\drivers\LANPkt.sys (Realtek Semiconductor Corporation)
DRV - (ICAM3NT5) -- D:\WINDOWS\system32\drivers\Icam3.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...amp;Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: D:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: d:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: D:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: D:\Program Files\McAfee\SiteAdvisor [2013/10/04 14:52:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: D:\Program Files\McAfee\MSK [2013/08/28 10:36:21 | 000,000,000 | ---D | M]

[2013/08/15 19:03:48 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Paddy\Application Data\Mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{g
oogle:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:ins
tantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyPar
ameter}
CHR - plugin: Shockwave Flash (Enabled) = D:\Program Files\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = D:\Program Files\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = D:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Adobe Acrobat (Enabled) = D:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = D:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = D:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = D:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = D:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U15 (Enabled) = D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = D:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Enabled) = D:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = d:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL
CHR - Extension: Docs = D:\Documents and Settings\Paddy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = D:\Documents and Settings\Paddy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = D:\Documents and Settings\Paddy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = D:\Documents and Settings\Paddy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: SiteAdvisor = D:\Documents and Settings\Paddy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_0\
CHR - Extension: TopArcadeHits = D:\Documents and Settings\Paddy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gpdgdlcjhlbaphcjmagicjhhgfnkiihp\1.0.0_0\
CHR - Extension: Wajam = D:\Documents and Settings\Paddy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\
CHR - Extension: Gmail = D:\Documents and Settings\Paddy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,734 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (TopArcadeHits Games) - {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - D:\Documents and Settings\Paddy\Local Settings\Application Data\TopArcadeHits\Toparcadehits.dll ()
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - d:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - d:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [Alcmtr] D:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] D:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [mcpltui_exe] D:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mcui_exe] D:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] D:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] D:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Nvtmru] D:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] D:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKCU..\Run: [Steam] D:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: D:\Documents and Settings\Paddy\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = D:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1353524644140 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../PCPitStop2.cab (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC33F931-3CDF-4D9B-80A0-6F6A1A87BDE7}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - D:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - d:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - d:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - d:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (D:\WINDOWS\system32\userinit.exe) - D:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: D:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: D:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/10/04 10:54:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - D:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - D:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - l3codecp.acm File not found
Drivers32: msacm.sl_anet - D:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - D:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - D:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - D:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - D:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - D:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - D:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - D:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - D:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 10

========== Files/Folders - Created Within 30 Days ==========

[2013/10/28 08:09:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\Paddy\Desktop\OTL.exe
[2013/10/25 12:36:24 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\NVIDIA Corporation
[2013/10/25 12:36:04 | 000,000,000 | ---D | C] -- D:\Program Files\AGEIA Technologies
[2013/10/25 12:35:11 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2013/10/25 12:35:02 | 015,709,984 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvcpl.dll
[2013/10/25 12:35:02 | 000,209,184 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvmctray.dll
[2013/10/25 12:35:02 | 000,054,272 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvwddi.dll
[2013/10/25 12:31:04 | 009,457,664 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvopencl.dll
[2013/10/25 12:31:04 | 001,049,888 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvdispco3233158.dll
[2013/10/25 12:31:04 | 000,893,728 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvdispgenco3233158.dll
[2013/10/25 12:18:16 | 000,000,000 | ---D | C] -- D:\NVIDIA
[2013/10/25 12:16:07 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\NVIDIA
[2013/10/17 23:19:54 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\XPSViewer
[2013/10/17 23:19:50 | 000,000,000 | ---D | C] -- D:\Program Files\MSBuild
[2013/10/17 23:19:44 | 000,000,000 | ---D | C] -- D:\Program Files\Reference Assemblies
[2013/10/17 23:19:17 | 000,597,504 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2013/10/17 23:19:17 | 000,575,488 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2013/10/17 23:19:17 | 000,117,760 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\prntvpt.dll
[2013/10/17 23:19:17 | 000,089,088 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2013/10/17 23:19:16 | 001,676,288 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\xpssvcs.dll
[2013/10/17 23:19:16 | 001,676,288 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\xpssvcs.dll
[3 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
[1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/28 08:08:11 | 000,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2013/10/28 08:07:41 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2013/10/28 08:05:00 | 000,000,830 | ---- | M] () -- D:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/10/28 08:00:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Paddy\Desktop\OTL.exe
[2013/10/27 12:49:11 | 000,000,572 | ---- | M] () -- D:\WINDOWS\System32\nvAppTimestamps
[2013/10/27 12:44:39 | 000,000,876 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/26 14:40:00 | 000,000,334 | ---- | M] () -- D:\WINDOWS\tasks\TopArcadeHits.job
[2013/10/26 14:38:56 | 000,000,880 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/25 22:00:11 | 000,503,068 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat
[2013/10/25 22:00:11 | 000,088,466 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat
[2013/10/25 12:34:49 | 001,125,540 | ---- | M] () -- D:\WINDOWS\System32\nvdrsdb0.bin
[2013/10/25 12:34:49 | 000,000,001 | ---- | M] () -- D:\WINDOWS\System32\nvdrssel.bin
[2013/10/25 12:34:46 | 001,125,540 | ---- | M] () -- D:\WINDOWS\System32\nvdrsdb1.bin
[2013/10/18 08:15:36 | 000,138,848 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2013/10/15 20:32:54 | 022,171,648 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvoglnt.dll
[2013/10/15 20:32:54 | 017,551,360 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvcompiler.dll
[2013/10/15 20:32:54 | 009,498,624 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvcuda.dll
[2013/10/15 20:32:54 | 009,457,664 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvopencl.dll
[2013/10/15 20:32:54 | 004,077,440 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\System32\nv4_disp.dll
[2013/10/15 20:32:54 | 003,555,144 | ---- | M] () -- D:\WINDOWS\System32\nvdata.data
[2013/10/15 20:32:54 | 002,951,968 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvcuvid.dll
[2013/10/15 20:32:54 | 002,747,168 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvcuvenc.dll
[2013/10/15 20:32:54 | 002,631,680 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvapi.dll
[2013/10/15 20:32:54 | 001,049,888 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvdispco3233158.dll
[2013/10/15 20:32:54 | 000,893,728 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvdispgenco3233158.dll
[2013/10/15 20:32:54 | 000,018,598 | ---- | M] () -- D:\WINDOWS\System32\nvinfo.pb
[2013/10/15 18:26:39 | 000,054,272 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvwddi.dll
[2013/10/15 18:26:37 | 015,709,984 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvcpl.dll
[2013/10/15 18:26:36 | 000,209,184 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvmctray.dll
[2013/10/09 21:33:34 | 000,001,374 | ---- | M] () -- D:\WINDOWS\imsins.BAK
[3 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
[1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/25 14:39:42 | 000,000,572 | ---- | C] () -- D:\WINDOWS\System32\nvAppTimestamps
[2013/03/14 03:18:08 | 000,234,696 | ---- | C] () -- D:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-854245398-1177238915-1417001333-1005-0.dat
[2013/03/04 22:32:28 | 000,618,407 | ---- | C] () -- D:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-854245398-1177238915-1417001333-1003-0.dat
[2013/03/04 22:32:27 | 000,146,382 | ---- | C] () -- D:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/03/04 12:02:35 | 000,000,590 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2013/01/11 15:36:42 | 000,004,608 | ---- | C] () -- D:\Documents and Settings\Paddy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/11 15:32:48 | 000,004,142 | ---- | C] () -- D:\WINDOWS\estwn323.ini
[2013/01/11 15:09:21 | 000,000,021 | ---- | C] () -- D:\WINDOWS\Epscan2.INI
[2012/12/06 15:59:39 | 000,000,128 | ---- | C] () -- D:\Documents and Settings\Paddy\Local Settings\Application Data\fusioncache.dat
[2012/12/01 13:45:42 | 000,104,194 | ---- | C] () -- D:\WINDOWS\hpoins04.dat
[2012/12/01 13:45:42 | 000,017,176 | ---- | C] () -- D:\WINDOWS\hpomdl04.dat
[2012/11/29 15:02:18 | 000,112,640 | ---- | C] () -- D:\WINDOWS\System32\ff_vfw.dll
[2012/11/21 15:13:45 | 000,003,072 | ---- | C] () -- D:\WINDOWS\System32\iacenc.dll
[2012/11/21 14:52:57 | 001,125,540 | ---- | C] () -- D:\WINDOWS\System32\nvdrsdb1.bin
[2012/11/21 14:52:57 | 001,125,540 | ---- | C] () -- D:\WINDOWS\System32\nvdrsdb0.bin
[2012/11/21 14:52:57 | 000,000,001 | ---- | C] () -- D:\WINDOWS\System32\nvdrssel.bin
[2012/11/21 14:41:08 | 000,049,152 | ---- | C] () -- D:\WINDOWS\System32\ChCfg.exe
[2012/11/21 14:31:32 | 000,876,544 | ---- | C] () -- D:\WINDOWS\System32\TEACico2.dll
[2012/02/09 23:40:00 | 003,555,144 | ---- | C] () -- D:\WINDOWS\System32\nvdata.data

========== ZeroAccess Check ==========

[2012/11/27 21:51:26 | 000,000,227 | RHS- | M] () -- D:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/08/30 16:29:36 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = D:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = D:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 08:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/11/25 20:07:47 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1(2)
[2012/11/27 15:15:19 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\install_clap
[2012/11/27 20:29:58 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\PCPitstop
[2012/11/27 15:07:06 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2012/11/27 15:15:21 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Temp
[2013/08/16 16:37:52 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\WarThunder
[2013/08/15 19:06:15 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Paddy\Application Data\OpenOffice.org

========== Purity Check ==========



========== Custom Scans ==========

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %temp%\smtmp\*.* /s > >

< MD5 for: EXPLORER.EXE >
[2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- D:\WINDOWS\explorer.exe
[2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- D:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: EXPLORER.EXE-082F38A9.PF >
[2013/10/27 12:45:26 | 000,071,326 | ---- | M] () MD5=5899337C47DED1038283EF7DD72E84DC -- D:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf

< MD5 for: EXPLORER.SCF >
[2008/04/14 08:00:00 | 000,000,080 | ---- | M] () MD5=A3975A7D2C98B30A2AE010754FFB9392 -- D:\WINDOWS\explorer.scf

< MD5 for: IEXPLORE.CHM >
[2009/02/21 02:21:24 | 000,529,818 | ---- | M] () MD5=1435F4731719DF5F57D17DC38196245D -- D:\WINDOWS\Help\iexplore.chm
[2008/04/14 08:00:00 | 000,204,810 | ---- | M] () MD5=60858526AAD1CC55F5F0055B8E3B66FE -- D:\WINDOWS\ie8\iexplore.chm

< MD5 for: IEXPLORE.EXE >
[2008/04/14 08:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=55794B97A7FAABD2910873C85274F409 -- D:\WINDOWS\ie8\iexplore.exe
[2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- D:\Program Files\Internet Explorer\iexplore.exe
[2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- D:\WINDOWS\system32\dllcache\iexplore.exe

< MD5 for: IEXPLORE.EXE.MUI >
[2009/03/08 15:21:44 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- D:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2009/03/08 15:21:44 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- D:\Program Files\Internet Explorer\iexplore.exe.mui

< MD5 for: IEXPLORE.HLP >
[2008/04/14 08:00:00 | 000,180,335 | ---- | M] () MD5=3F19AF1B745140DAFAC6F78F561A3C62 -- D:\WINDOWS\Help\iexplore.hlp

< MD5 for: SERVICES >
[2008/04/14 08:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- D:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.CFG >
[2012/09/23 20:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- D:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\services.cfg
[2013/09/05 10:04:00 | 000,559,090 | ---- | M] () MD5=8ADD48E413D05BF2E7AEC00173DDFABC -- D:\Program Files\Adobe\Reader 11.0\Reader\Services\Services.cfg

< MD5 for: SERVICES.DLL >
[2010/10/21 12:11:14 | 004,465,432 | ---- | M] (SmartSound Software Inc.) MD5=09CFB48DF9A22C5B02A249778546422C -- D:\Program Files\SmartSound Software\Quicktracks 5\Services.dll

< MD5 for: SERVICES.EXE >
[2009/02/06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- D:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/14 08:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- D:\WINDOWS\$NtUninstallKB956572$\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- D:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- D:\WINDOWS\system32\services.exe

< MD5 for: SERVICES.LNK >
[2011/10/04 11:37:05 | 000,001,602 | ---- | M] () MD5=CC092D1234B5C571FE45A25CC153F2DE -- D:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MSC >
[2008/04/14 08:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- D:\WINDOWS\system32\services.msc

< MD5 for: SERVICES.RDB >
[2012/08/13 11:51:02 | 000,178,348 | ---- | M] () MD5=039C8CFBD74EE07F38CD9E4C7D95C5C6 -- D:\Program Files\OpenOffice.org 3\Basis\program\services.rdb
[2012/08/13 11:51:02 | 000,000,453 | ---- | M] () MD5=3D2ADA15FEF5B5FF468243161543D610 -- D:\Program Files\OpenOffice.org 3\program\services.rdb
[2012/08/10 16:12:16 | 000,008,060 | ---- | M] () MD5=7CA7D7150EC46321162F932ADCF5F35B -- D:\Program Files\OpenOffice.org 3\URE\misc\services.rdb

< MD5 for: WINLOGON.EXE >
[2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- D:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- D:\WINDOWS\system32\winlogon.exe

< %SYSTEMDRIVE%\*.* >
[2013/08/15 19:03:40 | 000,000,009 | ---- | M] () -- D:\END
[2013/10/28 08:07:26 | 2145,386,496 | -HS- | M] () -- D:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- D:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- D:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- D:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- D:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2011/10/04 11:36:43 | 000,000,067 | -HS- | M] () -- D:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive D has no label.
Volume Serial Number is 14E1-8DA8
Directory of D:\WINDOWS\assembly\GAC_32\System.EnterpriseServices
10/18/2013 09:56 PM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of D:\WINDOWS\assembly\GAC_MSIL\IEExecRemote
10/18/2013 09:56 PM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of D:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices
10/25/2013 09:58 PM <JUNCTION> v4.0_4.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of D:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.ConfigUXv4
03/04/2013 12:02 PM <JUNCTION> v4.0_4.0.78.0__3ff6b78e2989595a
0 File(s) 0 bytes
Directory of D:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.Update
03/04/2013 12:02 PM <JUNCTION> v4.0_4.0.78.0__3ff6b78e2989595a
0 File(s) 0 bytes
Directory of D:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler
10/25/2013 10:00 PM <JUNCTION> v4.0_4.0.0.0__31bf3856ad364e35
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
6 Dir(s) 204,303,994,880 bytes free

< %systemroot%\System32\config\*.sav >
[2011/10/04 07:25:23 | 000,094,208 | ---- | M] () -- D:\WINDOWS\System32\config\default.sav
[2011/10/04 07:25:23 | 001,089,536 | ---- | M] () -- D:\WINDOWS\System32\config\software.sav
[2011/10/04 07:25:23 | 000,942,080 | ---- | M] () -- D:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2011/10/04 11:37:05 | 000,000,294 | -HS- | M] () -- D:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/12/06 15:59:33 | 000,000,060 | -HS- | M] () -- D:\Documents and Settings\Paddy\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2012/12/06 15:59:33 | 000,000,079 | ---- | M] () -- D:\Documents and Settings\Paddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2013/10/28 08:00:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Paddy\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2013-10-26 02:00:24

< End of report >

Extras.txt
OTL Extras logfile created on: 10/28/2013 8:14:23 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Documents and Settings\Paddy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.72 Gb Available Physical Memory | 90.79% Memory free
4.84 Gb Paging File | 4.75 Gb Available in Paging File | 98.16% Paging File free
Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 465.75 Gb Total Space | 395.95 Gb Free Space | 85.01% Space Free | Partition Type: NTFS
Drive D: | 298.08 Gb Total Space | 190.27 Gb Free Space | 63.83% Space Free | Partition Type: NTFS
Drive K: | 3.73 Gb Total Space | 2.56 Gb Free Space | 68.79% Space Free | Partition Type: FAT32

Computer Name: MUDDY | User Name: Paddy | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "c:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "c:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"D:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" = D:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
"D:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = D:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"D:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" = D:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update v4 Shared Downloads Server -- (Intuit Inc.)
"D:\Program Files\Steam\Steam.exe" = D:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"D:\Program Files\Steam\SteamApps\common\Red Faction\RedFaction.exe" = D:\Program Files\Steam\SteamApps\common\Red Faction\RedFaction.exe:*:Enabled:Red Faction -- (Volition, Inc.)
"D:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe" = D:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
"D:\Program Files\Steam\SteamApps\common\Team Fortress 2\hl2.exe" = D:\Program Files\Steam\SteamApps\common\Team Fortress 2\hl2.exe:*:Enabled:Team Fortress 2 -- ()
"D:\Program Files\Steam\SteamApps\common\raceroom racing experience\Game\RRRE.exe" = D:\Program Files\Steam\SteamApps\common\raceroom racing experience\Game\RRRE.exe:*:Enabled:RaceRoom Racing Experience -- (Simbin Studios AB)
"D:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = D:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03AD770A-1530-437E-967F-ADD4E5B23164}" = CyberLink PowerDirector 11 Content Pack Essential
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1945A4B5-73B6-4DE9-99A3-05261B7FDED0}" = Shared C Run-time for x86
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor 2
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37672760-7930-4911-9685-227E29AE2C55}" = CyberLink PowerDirector 11 Content Pack Premium
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3BE11C5A-7959-418B-90AC-1D85DE8B6E15}" = 5500
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update
"{46805428-E44F-4529-8008-867DD190D506}" = TurboTax 2012 wvaiper
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{551F492A-01B0-4DC4-866F-875EC4EDC0A8}" = CyberLink PowerDirector 11
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
"{5DE8F9B6-DAEA-4990-AB2A-F797577D88B5}" = 5500Tour
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{88253B77-33C9-4A9D-9E4C-4579E39D9158}" = Diagnostics Utility
"{89EC099E-958D-462E-972C-385591946978}" = TurboTax 2012 WinPerFedFormset
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A8B1F076-965D-4663-A9D4-C2FB58A42AE4}" = TurboTax 2012 WinPerTaxSupport
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{B08A973F-5D0C-4A09-A219-F00289BB85C0}" = 5500_Help
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 331.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 331.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.6.1.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 140.75
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.0725
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 8.3.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"{D1760DA4-A5FA-4FF1-A46A-031AB4A41345}" = 5500Trb
"{E83F5F27-43F3-4163-ABE5-F68C989286ED}" = TurboTax 2012 wrapper
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{F014B696-28C5-4554-802F-A15380418F53}" = TurboTax 2012 WinPerReleaseEngine
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"DefaultTab" = DefaultTab
"EPSON Scan! II" = EPSON Scan! II
"EPSON Scanner" = EPSON Scan
"ffdshow_is1" = ffdshow v1.2.4494 [2012-11-28]
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.1
"Google Chrome" = Google Chrome
"HaaliMkx" = Haali Media Splitter
"HP Photo & Imaging" = HP Image Zone 4.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{03AD770A-1530-437E-967F-ADD4E5B23164}" = CyberLink PowerDirector 11 Content Pack Essential
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor 2
"InstallShield_{37672760-7930-4911-9685-227E29AE2C55}" = CyberLink PowerDirector 11 Content Pack Premium
"InstallShield_{551F492A-01B0-4DC4-866F-875EC4EDC0A8}" = CyberLink PowerDirector 11
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"MSC" = McAfee Total Protection
"NewBlue Art Effects for PowerDirector" = Newblue Art Effects for PowerDirector
"PC Pitstop Driver Alert2_is1" = PC Pitstop Driver Alert2 2.0.0.0
"SnagIt7" = SnagIt 7
"Steam App 20530" = Red Faction
"Steam App 211500" = RaceRoom Racing Experience
"Steam App 440" = Team Fortress 2
"TurboTax 2012" = TurboTax 2012
"VLC media player" = VLC media player 2.0.4
"Wajam" = Wajam

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{C1C3E833-420E-4D78-9BA7-86AEBB272384}" = TopArcadeHits

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/6/2013 6:01:16 PM | Computer Name = MUDDY | Source = Application Error | ID = 1000
Description = Faulting application McSvHost.exe, version 3.1.181.0, faulting module
shell32.dll, version 6.0.2900.6242, fault address 0x00030f0e.

Error - 5/13/2013 11:02:16 AM | Computer Name = MUDDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 5/13/2013 11:02:16 AM | Computer Name = MUDDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 5/13/2013 11:02:16 AM | Computer Name = MUDDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 5/13/2013 11:02:16 AM | Computer Name = MUDDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 5/20/2013 11:12:10 AM | Computer Name = MUDDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 5/20/2013 11:12:10 AM | Computer Name = MUDDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 5/20/2013 11:12:10 AM | Computer Name = MUDDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 5/20/2013 11:12:10 AM | Computer Name = MUDDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 5/20/2013 11:15:08 AM | Computer Name = MUDDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

[ System Events ]
Error - 10/28/2013 8:09:09 AM | Computer Name = MUDDY | Source = Service Control Manager | ID = 7001
Description = The McAfee Home Network service depends on the McAfee Firewall Core
Service service which failed to start because of the following error: %%1068

Error - 10/28/2013 8:09:09 AM | Computer Name = MUDDY | Source = Service Control Manager | ID = 7001
Description = The McAfee Personal Firewall Service service depends on the McAfee
Firewall Core Service service which failed to start because of the following error:
%%1068

Error - 10/28/2013 8:09:09 AM | Computer Name = MUDDY | Source = Service Control Manager | ID = 7001
Description = The McAfee Proxy Service service depends on the McAfee Firewall Core
Service service which failed to start because of the following error: %%1068

Error - 10/28/2013 8:09:09 AM | Computer Name = MUDDY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD Fips intelppm IPSec mfehidk mfetdi2k MOBKFilter MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

Error - 10/28/2013 8:09:16 AM | Computer Name = MUDDY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 10/28/2013 8:09:16 AM | Computer Name = MUDDY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 10/28/2013 8:13:08 AM | Computer Name = MUDDY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 10/28/2013 8:13:08 AM | Computer Name = MUDDY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 10/28/2013 8:21:23 AM | Computer Name = MUDDY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 10/28/2013 8:21:35 AM | Computer Name = MUDDY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >

    Advertisements

Register to Remove


#2 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 31 October 2013 - 05:22 PM

Hi and Welcome!!   
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.
 
Having said that....   YBCQLm4.gif   Let's get going!!  
----------
 
Sorry for any delay.....since it has been a few days since your OTL log was posted, please do the following.....
----------
 

Please download DDS from either of these links
 
LINK 1
LINK 2
 
and save it to your desktop.

 

  • Disable any antivirus programs during the scan (If you have difficulty properly disabling your protective programs, refer to this link here )
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.

---------------------------------------------------
Please include the contents of the following in your next reply:
 
DDS.txt
 
Attach.txt
----------
 

weVCzW0.jpg Please download TDSSKiller

 

  • Double click TDSSKiller.exe
  • Press Start Scan but do nothing else as we are just looking for what is there. 
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Attach the log in your next reply
  • A copy of the log will be saved automatically to the root of the drive (typically C:\)

----------
 

81mYIKe.jpgAdwCleaner
 
Please download AdwCleaner by Xplode and save to your Desktop.

 

  • Double click on AdwCleaner.exe to run the tool

Vista/Windows 7/8 users right-click and select Run As Administrator.

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

----------


Posted Image
 
 

#3 Shelby68GT500

Shelby68GT500

    Authentic Member

  • Authentic Member
  • PipPip
  • 82 posts

Posted 01 November 2013 - 07:20 AM

Jeff, I can't thank you enough for taking the time to help me.  I've downloaded and run all the programs you mention above and have posted the reports below.  One thing I want to make sure you know is that I've done all of this by running in safe mode.  It is the only way I've been able to get the computer to boot, and I still get all kinds characters patterned across the screen during the inital points of the boot process (when you have effectively a dos screen).  But it does make it into safe mode.

I look forward to your response, and thank you again for your help.

 

Regards, Bob

 

DDS (Ver_2012-11-20.01) - NTFS_x86 MINIMAL
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.25.2
Run by Administrator at 8:56:14 on 2013-11-01
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3070.2783 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* 
.
============== Running Processes ================
.
D:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\wbem\wmiprvse.exe
D:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - d:\program files\java\jre7\bin\ssv.dll
BHO: TopArcadeHits Games: {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - d:\documents and settings\paddy\local settings\application data\toparcadehits\Toparcadehits.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - d:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - d:\program files\java\jre7\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - d:\program files\mcafee\siteadvisor\McIEPlg.dll
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Adobe ARM] "d:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [mcui_exe] "d:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [APSDaemon] "d:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [HP Component Manager] "d:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [mcpltui_exe] "d:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "d:\program files\common files\java\java update\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE d:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] d:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [Nvtmru] "d:\program files\nvidia corporation\nvidia update core\nvtmru.exe"
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - d:\program files\java\jre1.5.0_06\bin\npjpi150_06.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/betapit/PCPitStop.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1353524644140
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/da2/PCPitStop2.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{EC33F931-3CDF-4D9B-80A0-6F6A1A87BDE7} : DHCPNameServer = 192.168.2.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - d:\program files\mcafee\msc\McSnIePl.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - d:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - d:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - d:\program files\mcafee\siteadvisor\McIEPlg.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "d:\program files\google\chrome\application\30.0.1599.101\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 McPvDrv;McPvDrv Driver;d:\windows\system32\drivers\McPvDrv.sys [2012-11-25 66296]
R2 mcpltsvc;McAfee Platform Services;d:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-1-4 281560]
S0 cerc6;cerc6; [x]
S0 mfehidk;McAfee Inc. mfehidk;d:\windows\system32\drivers\mfehidk.sys [2012-7-17 571608]
S1 mfetdi2k;McAfee Inc. mfetdi2k;d:\windows\system32\drivers\mfetdi2k.sys [2012-7-17 91736]
S1 MOBKFilter;MOBKFilter;d:\windows\system32\drivers\MOBK.sys [2012-11-25 54776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;d:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 HomeNetSvc;McAfee Home Network;d:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-1-4 281560]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;d:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2012-8-23 13672]
S2 LANPkt;Realtek LANPkt Protocol Driver;d:\windows\system32\drivers\LANPkt.sys [2012-11-21 8960]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;d:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-11-25 167784]
S2 McAPExe;McAfee AP Service;d:\program files\mcafee\msc\McAPExe.exe [2013-1-4 145088]
S2 McMPFSvc;McAfee Personal Firewall Service;d:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-1-4 281560]
S2 McNaiAnn;McAfee VirusScan Announcer;d:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-1-4 281560]
S2 McProxy;McAfee Proxy Service;d:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-1-4 281560]
S2 mfecore;McAfee Anti-Malware Core;d:\program files\common files\mcafee\amcore\mcshield.exe [2013-1-4 638976]
S2 mfefire;McAfee Firewall Core Service;d:\program files\common files\mcafee\systemcore\mfefire.exe [2013-1-4 169320]
S2 mfevtp;McAfee Validation Trust Protection Service;d:\windows\system32\mfevtps.exe [2012-11-25 172416]
S2 MOBKbackup;McAfee Online Backup;d:\program files\mcafee online backup\MOBKbackup.exe [2010-4-13 229688]
S3 cfwids;McAfee Inc. cfwids;d:\windows\system32\drivers\cfwids.sys [2012-11-9 60920]
S3 Diag69xp;Diag69xp;d:\windows\system32\drivers\diag69xp.sys [2012-11-21 11264]
S3 HipShieldK;McAfee Inc. HipShieldK;d:\windows\system32\drivers\HipShieldK.sys [2012-11-25 147912]
S3 mfeavfk;McAfee Inc. mfeavfk;d:\windows\system32\drivers\mfeavfk.sys [2012-11-9 235488]
S3 mfebopk;McAfee Inc. mfebopk;d:\windows\system32\drivers\mfebopk.sys [2012-11-9 65928]
S3 mfefirek;McAfee Inc. mfefirek;d:\windows\system32\drivers\mfefirek.sys [2012-11-9 365256]
S3 mfencbdc;McAfee Inc. mfencbdc;d:\windows\system32\drivers\mfencbdc.sys [2012-11-2 301248]
S3 mfencrk;McAfee Inc. mfencrk;d:\windows\system32\drivers\mfencrk.sys [2012-11-2 80656]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;d:\windows\system32\drivers\mfendisk.sys [2013-8-11 85064]
S3 mfendiskmp;mfendiskmp;d:\windows\system32\drivers\mfendisk.sys [2013-8-11 85064]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;d:\windows\system32\drivers\RTLVLAN.SYS [2012-11-21 16640]
S3 scsiscan;SCSI Scanner Driver;d:\windows\system32\drivers\scsiscan.sys [2012-11-24 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;d:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S4 PCPitstop Scheduling;PCPitstop Scheduling;d:\program files\pcpitstop\PCPitstopScheduleService.exe [2012-11-27 85504]
.
=============== Created Last 30 ================
.
2013-11-01 12:55:15 -------- d-----w- d:\documents and settings\administrator\local settings\application data\McAfee File Lock
2013-11-01 12:55:06 -------- d-sh--w- d:\documents and settings\administrator\IETldCache
2013-10-25 16:35:11 -------- d-----w- d:\documents and settings\all users\application data\NVIDIA Corporation
2013-10-25 16:35:02 54272 ----a-w- d:\windows\system32\nvwddi.dll
2013-10-25 16:35:02 209184 ----a-w- d:\windows\system32\nvmctray.dll
2013-10-25 16:35:02 15709984 ----a-w- d:\windows\system32\nvcpl.dll
2013-10-25 16:35:02 156960 ----a-w- d:\windows\system32\nvsvc32.exe
2013-10-25 16:31:04 9457664 ----a-w- d:\windows\system32\nvopencl.dll
2013-10-25 16:31:04 893728 ----a-w- d:\windows\system32\nvdispgenco3233158.dll
2013-10-25 16:31:04 1049888 ----a-w- d:\windows\system32\nvdispco3233158.dll
2013-10-25 16:18:16 -------- d-----w- D:\NVIDIA
2013-10-18 03:19:54 -------- d-----w- d:\windows\system32\XPSViewer
2013-10-18 03:19:33 89088 ----a-w- d:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2013-10-18 03:19:17 89088 -c----w- d:\windows\system32\dllcache\filterpipelineprintproc.dll
2013-10-18 03:19:17 597504 -c----w- d:\windows\system32\dllcache\printfilterpipelinesvc.exe
2013-10-18 03:19:17 597504 ------w- d:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2013-10-18 03:19:17 575488 -c----w- d:\windows\system32\dllcache\xpsshhdr.dll
2013-10-18 03:19:17 575488 ------w- d:\windows\system32\xpsshhdr.dll
2013-10-18 03:19:17 117760 ------w- d:\windows\system32\prntvpt.dll
2013-10-18 03:19:16 1676288 -c----w- d:\windows\system32\dllcache\xpssvcs.dll
2013-10-18 03:19:16 1676288 ------w- d:\windows\system32\xpssvcs.dll
.
==================== Find3M  ====================
.
2013-10-25 16:34:49 1125540 ----a-w- d:\windows\system32\nvdrsdb0.bin
2013-10-25 16:34:49 1 ----a-w- d:\windows\system32\nvdrssel.bin
2013-10-25 16:34:46 1125540 ----a-w- d:\windows\system32\nvdrsdb1.bin
2013-10-16 00:32:54 9498624 ----a-w- d:\windows\system32\nvcuda.dll
2013-10-16 00:32:54 4077440 ----a-w- d:\windows\system32\nv4_disp.dll
2013-10-16 00:32:54 2951968 ----a-w- d:\windows\system32\nvcuvid.dll
2013-10-16 00:32:54 2747168 ----a-w- d:\windows\system32\nvcuvenc.dll
2013-10-16 00:32:54 2631680 ----a-w- d:\windows\system32\nvapi.dll
2013-10-16 00:32:54 22171648 ----a-w- d:\windows\system32\nvoglnt.dll
2013-10-16 00:32:54 17551360 ----a-w- d:\windows\system32\nvcompiler.dll
2013-10-16 00:32:54 12627104 ----a-w- d:\windows\system32\drivers\nv4_mini.sys
2013-09-25 00:53:24 60920 ----a-w- d:\windows\system32\drivers\cfwids.sys
2013-09-25 00:49:04 172416 ----a-w- d:\windows\system32\mfevtps.exe
2013-09-25 00:48:34 91736 ----a-w- d:\windows\system32\drivers\mfetdi2k.sys
2013-09-25 00:45:46 571608 ----a-w- d:\windows\system32\drivers\mfehidk.sys
2013-09-25 00:44:46 85064 ----a-w- d:\windows\system32\drivers\mfendisk.sys
2013-09-25 00:44:30 365256 ----a-w- d:\windows\system32\drivers\mfefirek.sys
2013-09-25 00:44:00 65928 ----a-w- d:\windows\system32\drivers\mfebopk.sys
2013-09-25 00:43:30 235488 ----a-w- d:\windows\system32\drivers\mfeavfk.sys
2013-09-25 00:42:44 133928 ----a-w- d:\windows\system32\drivers\mfeapfk.sys
2013-09-23 18:33:58 920064 ----a-w- d:\windows\system32\wininet.dll
2013-09-23 18:33:57 43520 ------w- d:\windows\system32\licmgr10.dll
2013-09-23 18:33:57 1469440 ------w- d:\windows\system32\inetcpl.cpl
2013-09-23 18:33:56 18944 ----a-w- d:\windows\system32\corpol.dll
2013-09-23 18:06:48 385024 ------w- d:\windows\system32\html.iec
2013-09-23 17:48:38 147912 ----a-w- d:\windows\system32\drivers\HipShieldK.sys
2013-09-20 13:37:40 10152 ----a-w- d:\windows\system32\drivers\mfeclnrk.sys
2013-09-20 13:37:24 80656 ----a-w- d:\windows\system32\drivers\mfencrk.sys
2013-09-20 13:37:10 301248 ----a-w- d:\windows\system32\drivers\mfencbdc.sys
2013-09-09 15:11:52 66296 ----a-w- d:\windows\system32\drivers\McPvDrv.sys
2013-08-29 01:31:44 1878656 ----a-w- d:\windows\system32\win32k.sys
2013-08-09 01:56:45 386560 ----a-w- d:\windows\system32\themeui.dll
2013-08-09 00:55:08 144128 ----a-w- d:\windows\system32\drivers\usbport.sys
2013-08-09 00:55:07 32384 ----a-w- d:\windows\system32\drivers\usbccgp.sys
2013-08-09 00:55:06 5376 ----a-w- d:\windows\system32\drivers\usbd.sys
2013-08-05 13:30:32 1289728 ----a-w- d:\windows\system32\ole32.dll
.
============= FINISH:  8:56:49.00 ===============
 
08:58:10.0093 1776  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
08:58:10.0093 1776  ============================================================
08:58:10.0093 1776  Current date / time: 2013/11/01 08:58:10.0093
08:58:10.0093 1776  SystemInfo:
08:58:10.0093 1776  
08:58:10.0093 1776  OS Version: 5.1.2600 ServicePack: 3.0
08:58:10.0093 1776  Product type: Workstation
08:58:10.0093 1776  ComputerName: MUDDY
08:58:10.0093 1776  UserName: Administrator
08:58:10.0093 1776  Windows directory: D:\WINDOWS
08:58:10.0093 1776  System windows directory: D:\WINDOWS
08:58:10.0093 1776  Processor architecture: Intel x86
08:58:10.0093 1776  Number of processors: 2
08:58:10.0093 1776  Page size: 0x1000
08:58:10.0093 1776  Boot type: Safe boot
08:58:10.0093 1776  ============================================================
08:58:11.0640 1776  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
08:58:11.0640 1776  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
08:58:11.0671 1776  Drive \Device\Harddisk6\DR12 - Size: 0xEF100000 (3.74 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
08:58:11.0687 1776  ============================================================
08:58:11.0687 1776  \Device\Harddisk0\DR0:
08:58:11.0687 1776  MBR partitions:
08:58:11.0687 1776  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1
08:58:11.0687 1776  \Device\Harddisk1\DR1:
08:58:11.0687 1776  MBR partitions:
08:58:11.0687 1776  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
08:58:11.0687 1776  \Device\Harddisk6\DR12:
08:58:11.0687 1776  MBR partitions:
08:58:11.0687 1776  \Device\Harddisk6\DR12\Partition1: MBR, Type 0xB, StartLBA 0x30, BlocksNum 0x7787D0
08:58:11.0687 1776  ============================================================
08:58:11.0718 1776  C: <-> \Device\Harddisk1\DR1\Partition1
08:58:11.0765 1776  D: <-> \Device\Harddisk0\DR0\Partition1
08:58:11.0765 1776  ============================================================
08:58:11.0765 1776  Initialize success
08:58:11.0765 1776  ============================================================
08:58:41.0156 1800  ============================================================
08:58:41.0156 1800  Scan started
08:58:41.0156 1800  Mode: Manual; 
08:58:41.0156 1800  ============================================================
08:58:42.0593 1800  ================ Scan system memory ========================
08:58:42.0593 1800  System memory - ok
08:58:42.0593 1800  ================ Scan services =============================
08:58:42.0859 1800  [ 914A9709FC3BF419AD2F85547F2A4832 ] 61883           D:\WINDOWS\system32\DRIVERS\61883.sys
08:58:42.0875 1800  61883 - ok
08:58:42.0875 1800  Abiosdsk - ok
08:58:42.0890 1800  abp480n5 - ok
08:58:42.0984 1800  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            D:\WINDOWS\system32\DRIVERS\ACPI.sys
08:58:43.0015 1800  ACPI - ok
08:58:43.0062 1800  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          D:\WINDOWS\system32\drivers\ACPIEC.sys
08:58:43.0062 1800  ACPIEC - ok
08:58:43.0218 1800  [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
08:58:43.0265 1800  AdobeFlashPlayerUpdateSvc - ok
08:58:43.0281 1800  adpu160m - ok
08:58:43.0375 1800  [ 8BED39E3C35D6A489438B8141717A557 ] aec             D:\WINDOWS\system32\drivers\aec.sys
08:58:43.0406 1800  aec - ok
08:58:43.0484 1800  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             D:\WINDOWS\System32\drivers\afd.sys
08:58:43.0515 1800  AFD - ok
08:58:43.0531 1800  Aha154x - ok
08:58:43.0531 1800  aic78u2 - ok
08:58:43.0562 1800  [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx         D:\WINDOWS\system32\DRIVERS\aic78xx.sys
08:58:43.0578 1800  aic78xx - ok
08:58:43.0625 1800  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         D:\WINDOWS\system32\alrsvc.dll
08:58:43.0640 1800  Alerter - ok
08:58:43.0687 1800  [ 8C515081584A38AA007909CD02020B3D ] ALG             D:\WINDOWS\System32\alg.exe
08:58:43.0687 1800  ALG - ok
08:58:43.0703 1800  AliIde - ok
08:58:43.0718 1800  amsint - ok
08:58:43.0796 1800  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         D:\WINDOWS\System32\appmgmts.dll
08:58:43.0828 1800  AppMgmt - ok
08:58:43.0859 1800  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         D:\WINDOWS\system32\DRIVERS\arp1394.sys
08:58:43.0875 1800  Arp1394 - ok
08:58:43.0875 1800  asc - ok
08:58:43.0890 1800  asc3350p - ok
08:58:43.0906 1800  asc3550 - ok
08:58:44.0109 1800  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
08:58:44.0109 1800  aspnet_state - ok
08:58:44.0140 1800  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        D:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:58:44.0140 1800  AsyncMac - ok
08:58:44.0187 1800  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           D:\WINDOWS\system32\DRIVERS\atapi.sys
08:58:44.0187 1800  atapi - ok
08:58:44.0187 1800  Atdisk - ok
08:58:44.0218 1800  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         D:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:58:44.0234 1800  Atmarpc - ok
08:58:44.0281 1800  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        D:\WINDOWS\System32\audiosrv.dll
08:58:44.0281 1800  AudioSrv - ok
08:58:44.0343 1800  [ D9F724AA26C010A217C97606B160ED68 ] audstub         D:\WINDOWS\system32\DRIVERS\audstub.sys
08:58:44.0343 1800  audstub - ok
08:58:44.0406 1800  [ F8E6956A614F15A0860474C5E2A7DE6B ] Avc             D:\WINDOWS\system32\DRIVERS\avc.sys
08:58:44.0421 1800  Avc - ok
08:58:44.0437 1800  [ E625773D7B950842D582F713656859C0 ] AVCSTRM         D:\WINDOWS\system32\DRIVERS\avcstrm.sys
08:58:44.0437 1800  AVCSTRM - ok
08:58:44.0484 1800  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            D:\WINDOWS\system32\drivers\Beep.sys
08:58:44.0484 1800  Beep - ok
08:58:44.0640 1800  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            D:\WINDOWS\system32\qmgr.dll
08:58:44.0734 1800  BITS - ok
08:58:44.0812 1800  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         D:\WINDOWS\System32\browser.dll
08:58:44.0828 1800  Browser - ok
08:58:44.0875 1800  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         D:\WINDOWS\system32\drivers\cbidf2k.sys
08:58:44.0890 1800  cbidf2k - ok
08:58:44.0921 1800  [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        D:\WINDOWS\system32\DRIVERS\CCDECODE.sys
08:58:44.0937 1800  CCDECODE - ok
08:58:44.0937 1800  cd20xrnt - ok
08:58:44.0968 1800  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         D:\WINDOWS\system32\drivers\Cdaudio.sys
08:58:44.0968 1800  Cdaudio - ok
08:58:45.0000 1800  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            D:\WINDOWS\system32\drivers\Cdfs.sys
08:58:45.0015 1800  Cdfs - ok
08:58:45.0046 1800  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           D:\WINDOWS\system32\DRIVERS\cdrom.sys
08:58:45.0062 1800  Cdrom - ok
08:58:45.0062 1800  cerc6 - ok
08:58:45.0140 1800  [ 5AFB043BE4B2E7E1376FC50D5153454A ] cfwids          D:\WINDOWS\system32\drivers\cfwids.sys
08:58:45.0156 1800  cfwids - ok
08:58:45.0171 1800  Changer - ok
08:58:45.0203 1800  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           D:\WINDOWS\system32\cisvc.exe
08:58:45.0203 1800  CiSvc - ok
08:58:45.0250 1800  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         D:\WINDOWS\system32\clipsrv.exe
08:58:45.0250 1800  ClipSrv - ok
08:58:45.0375 1800  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:58:45.0390 1800  clr_optimization_v2.0.50727_32 - ok
08:58:45.0500 1800  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:58:45.0531 1800  clr_optimization_v4.0.30319_32 - ok
08:58:45.0546 1800  CmdIde - ok
08:58:45.0546 1800  COMSysApp - ok
08:58:45.0578 1800  Cpqarray - ok
08:58:45.0609 1800  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        D:\WINDOWS\System32\cryptsvc.dll
08:58:45.0625 1800  CryptSvc - ok
08:58:45.0625 1800  dac2w2k - ok
08:58:45.0640 1800  dac960nt - ok
08:58:45.0796 1800  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      D:\WINDOWS\system32\rpcss.dll
08:58:45.0890 1800  DcomLaunch - ok
08:58:45.0937 1800  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            D:\WINDOWS\System32\dhcpcsvc.dll
08:58:45.0968 1800  Dhcp - ok
08:58:46.0015 1800  [ A22D5A027F397E412CBB2D97E8661BFF ] Diag69xp        D:\WINDOWS\system32\Drivers\Diag69xp.sys
08:58:46.0015 1800  Diag69xp - ok
08:58:46.0031 1800  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            D:\WINDOWS\system32\DRIVERS\disk.sys
08:58:46.0031 1800  Disk - ok
08:58:46.0046 1800  dmadmin - ok
08:58:46.0281 1800  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          D:\WINDOWS\system32\drivers\dmboot.sys
08:58:46.0484 1800  dmboot - ok
08:58:46.0562 1800  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            D:\WINDOWS\system32\drivers\dmio.sys
08:58:46.0593 1800  dmio - ok
08:58:46.0625 1800  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          D:\WINDOWS\system32\drivers\dmload.sys
08:58:46.0640 1800  dmload - ok
08:58:46.0656 1800  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        D:\WINDOWS\System32\dmserver.dll
08:58:46.0656 1800  dmserver - ok
08:58:46.0703 1800  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          D:\WINDOWS\system32\drivers\DMusic.sys
08:58:46.0718 1800  DMusic - ok
08:58:46.0765 1800  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        D:\WINDOWS\System32\dnsrslvr.dll
08:58:46.0765 1800  Dnscache - ok
08:58:46.0828 1800  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         D:\WINDOWS\System32\dot3svc.dll
08:58:46.0859 1800  Dot3svc - ok
08:58:46.0859 1800  dpti2o - ok
08:58:46.0875 1800  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         D:\WINDOWS\system32\drivers\drmkaud.sys
08:58:46.0875 1800  drmkaud - ok
08:58:46.0906 1800  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         D:\WINDOWS\System32\eapsvc.dll
08:58:46.0906 1800  EapHost - ok
08:58:46.0921 1800  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           D:\WINDOWS\System32\ersvc.dll
08:58:46.0937 1800  ERSvc - ok
08:58:47.0000 1800  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        D:\WINDOWS\system32\services.exe
08:58:47.0015 1800  Eventlog - ok
08:58:47.0140 1800  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     D:\WINDOWS\system32\es.dll
08:58:47.0203 1800  EventSystem - ok
08:58:47.0265 1800  [ 38D332A6D56AF32635675F132548343E ] Fastfat         D:\WINDOWS\system32\drivers\Fastfat.sys
08:58:47.0296 1800  Fastfat - ok
08:58:47.0406 1800  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility D:\WINDOWS\System32\shsvcs.dll
08:58:47.0437 1800  FastUserSwitchingCompatibility - ok
08:58:47.0484 1800  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             D:\WINDOWS\system32\drivers\Fdc.sys
08:58:47.0484 1800  Fdc - ok
08:58:47.0515 1800  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            D:\WINDOWS\system32\drivers\Fips.sys
08:58:47.0515 1800  Fips - ok
08:58:47.0531 1800  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        D:\WINDOWS\system32\drivers\Flpydisk.sys
08:58:47.0531 1800  Flpydisk - ok
08:58:47.0609 1800  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          D:\WINDOWS\system32\DRIVERS\fltMgr.sys
08:58:47.0640 1800  FltMgr - ok
08:58:47.0703 1800  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 D:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
08:58:47.0718 1800  FontCache3.0.0.0 - ok
08:58:47.0718 1800  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          D:\WINDOWS\system32\drivers\Fs_Rec.sys
08:58:47.0718 1800  Fs_Rec - ok
08:58:47.0765 1800  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          D:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:58:47.0796 1800  Ftdisk - ok
08:58:47.0828 1800  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             D:\WINDOWS\system32\DRIVERS\msgpc.sys
08:58:47.0843 1800  Gpc - ok
08:58:47.0953 1800  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         D:\Program Files\Google\Update\GoogleUpdate.exe
08:58:47.0984 1800  gupdate - ok
08:58:48.0015 1800  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        D:\Program Files\Google\Update\GoogleUpdate.exe
08:58:48.0015 1800  gupdatem - ok
08:58:48.0093 1800  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        D:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:58:48.0093 1800  HDAudBus - ok
08:58:48.0171 1800  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         D:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
08:58:48.0171 1800  helpsvc - ok
08:58:48.0203 1800  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         D:\WINDOWS\System32\hidserv.dll
08:58:48.0218 1800  HidServ - ok
08:58:48.0250 1800  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          D:\WINDOWS\system32\DRIVERS\hidusb.sys
08:58:48.0250 1800  hidusb - ok
08:58:48.0343 1800  [ 156765F692192EA9039A6C4A809312FD ] HipShieldK      D:\WINDOWS\system32\drivers\HipShieldK.sys
08:58:48.0390 1800  HipShieldK - ok
08:58:48.0421 1800  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          D:\WINDOWS\System32\kmsvc.dll
08:58:48.0437 1800  hkmsvc - ok
08:58:48.0609 1800  [ 5007E21208DA68F60EBF43352BDFE6D0 ] HomeNetSvc      D:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
08:58:48.0609 1800  HomeNetSvc - ok
08:58:48.0609 1800  hpn - ok
08:58:48.0687 1800  [ 5FABA4775D4C61E55EC669D643FFC71F ] HPZid412        D:\WINDOWS\system32\DRIVERS\HPZid412.sys
08:58:48.0703 1800  HPZid412 - ok
08:58:48.0718 1800  [ A3C43980EE1F1BEAC778B44EA65DBDD4 ] HPZipr12        D:\WINDOWS\system32\DRIVERS\HPZipr12.sys
08:58:48.0718 1800  HPZipr12 - ok
08:58:48.0765 1800  [ 2906949BD4E206F2BB0DD1896CE9F66F ] HPZius12        D:\WINDOWS\system32\DRIVERS\HPZius12.sys
08:58:48.0781 1800  HPZius12 - ok
08:58:48.0890 1800  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            D:\WINDOWS\system32\Drivers\HTTP.sys
08:58:48.0953 1800  HTTP - ok
08:58:49.0015 1800  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      D:\WINDOWS\System32\w3ssl.dll
08:58:49.0031 1800  HTTPFilter - ok
08:58:49.0031 1800  i2omgmt - ok
08:58:49.0046 1800  i2omp - ok
08:58:49.0078 1800  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        D:\WINDOWS\system32\drivers\i8042prt.sys
08:58:49.0093 1800  i8042prt - ok
08:58:49.0187 1800  [ 7E9DCE459BE666AB54F67E77CB7D1297 ] ICAM3NT5        D:\WINDOWS\system32\Drivers\Icam3.sys
08:58:49.0218 1800  ICAM3NT5 - ok
08:58:49.0593 1800  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:58:49.0812 1800  idsvc - ok
08:58:49.0843 1800  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           D:\WINDOWS\system32\DRIVERS\imapi.sys
08:58:49.0843 1800  Imapi - ok
08:58:49.0937 1800  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    D:\WINDOWS\system32\imapi.exe
08:58:49.0984 1800  ImapiService - ok
08:58:49.0984 1800  ini910u - ok
08:58:51.0250 1800  [ 811B31E0E0AC7BE484EFBFFC42AFCBBE ] IntcAzAudAddService D:\WINDOWS\system32\drivers\RtkHDAud.sys
08:58:52.0421 1800  IntcAzAudAddService - ok
08:58:52.0437 1800  IntelIde - ok
08:58:52.0500 1800  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        D:\WINDOWS\system32\DRIVERS\intelppm.sys
08:58:52.0515 1800  intelppm - ok
08:58:52.0609 1800  [ D9DA7B3117BF5EFF921C0CDED4D58050 ] IntuitUpdateServiceV4 D:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
08:58:52.0625 1800  IntuitUpdateServiceV4 - ok
08:58:52.0656 1800  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           D:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
08:58:52.0671 1800  Ip6Fw - ok
08:58:52.0703 1800  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  D:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:58:52.0718 1800  IpFilterDriver - ok
08:58:52.0718 1800  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          D:\WINDOWS\system32\DRIVERS\ipinip.sys
08:58:52.0734 1800  IpInIp - ok
08:58:52.0796 1800  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           D:\WINDOWS\system32\DRIVERS\ipnat.sys
08:58:52.0843 1800  IpNat - ok
08:58:52.0906 1800  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           D:\WINDOWS\system32\DRIVERS\ipsec.sys
08:58:52.0921 1800  IPSec - ok
08:58:52.0968 1800  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          D:\WINDOWS\system32\DRIVERS\irenum.sys
08:58:52.0984 1800  IRENUM - ok
08:58:53.0015 1800  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          D:\WINDOWS\system32\DRIVERS\isapnp.sys
08:58:53.0031 1800  isapnp - ok
08:58:53.0187 1800  [ 9ECF00E19736054E019C532AED8228FC ] JavaQuickStarterService D:\Program Files\Java\jre7\bin\jqs.exe
08:58:53.0234 1800  JavaQuickStarterService - ok
08:58:53.0296 1800  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        D:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:58:53.0296 1800  Kbdclass - ok
08:58:53.0312 1800  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          D:\WINDOWS\system32\DRIVERS\kbdhid.sys
08:58:53.0328 1800  kbdhid - ok
08:58:53.0375 1800  [ 692BCF44383D056AED41B045A323D378 ] kmixer          D:\WINDOWS\system32\drivers\kmixer.sys
08:58:53.0421 1800  kmixer - ok
08:58:53.0468 1800  [ B467646C54CC746128904E1654C750C1 ] KSecDD          D:\WINDOWS\system32\drivers\KSecDD.sys
08:58:53.0484 1800  KSecDD - ok
08:58:53.0546 1800  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer    D:\WINDOWS\System32\srvsvc.dll
08:58:53.0578 1800  LanmanServer - ok
08:58:53.0671 1800  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation D:\WINDOWS\System32\wkssvc.dll
08:58:53.0703 1800  lanmanworkstation - ok
08:58:53.0750 1800  [ 8F5795B166CBB50966E29982F8CDB310 ] LANPkt          D:\WINDOWS\system32\DRIVERS\LANPkt.sys
08:58:53.0750 1800  LANPkt - ok
08:58:53.0765 1800  lbrtfdc - ok
08:58:53.0796 1800  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         D:\WINDOWS\System32\lmhsvc.dll
08:58:53.0796 1800  LmHosts - ok
08:58:53.0906 1800  [ ECAB006AC6136F1307E140B633CDB8C2 ] McAfee SiteAdvisor Service D:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
08:58:53.0937 1800  McAfee SiteAdvisor Service - ok
08:58:54.0046 1800  [ C59D9F880BEA416BAB4C57AD04242A71 ] McAPExe         D:\Program Files\McAfee\MSC\McAPExe.exe
08:58:54.0078 1800  McAPExe - ok
08:58:54.0156 1800  [ 5007E21208DA68F60EBF43352BDFE6D0 ] McMPFSvc        D:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
08:58:54.0156 1800  McMPFSvc - ok
08:58:54.0234 1800  [ 5007E21208DA68F60EBF43352BDFE6D0 ] McNaiAnn        D:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
08:58:54.0234 1800  McNaiAnn - ok
08:58:54.0421 1800  [ 3A01047FFF666D33EBDE3513D20DA1F5 ] McODS           D:\Program Files\McAfee\VirusScan\mcods.exe
08:58:54.0546 1800  McODS - ok
08:58:54.0640 1800  [ 5007E21208DA68F60EBF43352BDFE6D0 ] mcpltsvc        D:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
08:58:54.0640 1800  mcpltsvc - ok
08:58:54.0718 1800  [ 5007E21208DA68F60EBF43352BDFE6D0 ] McProxy         D:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
08:58:54.0718 1800  McProxy - ok
08:58:54.0765 1800  [ 263418671C2F112C72524B6B236E7518 ] McPvDrv         D:\WINDOWS\system32\drivers\McPvDrv.sys
08:58:54.0781 1800  McPvDrv - ok
08:58:54.0796 1800  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       D:\WINDOWS\System32\msgsvc.dll
08:58:54.0812 1800  Messenger - ok
08:58:54.0890 1800  [ FA91872F88B8FA50C79F2DE733BBDE3A ] mfeapfk         D:\WINDOWS\system32\drivers\mfeapfk.sys
08:58:54.0921 1800  mfeapfk - ok
08:58:55.0031 1800  [ 0C3A5639B14CF4BF2F4DFD7560AB6303 ] mfeavfk         D:\WINDOWS\system32\drivers\mfeavfk.sys
08:58:55.0093 1800  mfeavfk - ok
08:58:55.0140 1800  [ 136E4A096FF4DC3DBEB3266C21A0EEE2 ] mfebopk         D:\WINDOWS\system32\drivers\mfebopk.sys
08:58:55.0171 1800  mfebopk - ok
08:58:55.0375 1800  [ 1F0F4B564BFFD1E5C319F39DC3EEA17F ] mfecore         D:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
08:58:55.0546 1800  mfecore - ok
08:58:55.0640 1800  [ 4C363DA2098C3A88797F21AFE80E6DB8 ] mfefire         D:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
08:58:55.0687 1800  mfefire - ok
08:58:55.0812 1800  [ CBDACF701FE37DF562B44517A4F78825 ] mfefirek        D:\WINDOWS\system32\drivers\mfefirek.sys
08:58:55.0890 1800  mfefirek - ok
08:58:56.0062 1800  [ 3347D767382EB43EA3A1003EBABD9E94 ] mfehidk         D:\WINDOWS\system32\drivers\mfehidk.sys
08:58:56.0218 1800  mfehidk - ok
08:58:56.0359 1800  [ CDDF227A0D048CB0EEA75E868D308687 ] mfencbdc        D:\WINDOWS\system32\DRIVERS\mfencbdc.sys
08:58:56.0437 1800  mfencbdc - ok
08:58:56.0484 1800  [ 4A4B3FCC03A3A924F51F26043D363A80 ] mfencrk         D:\WINDOWS\system32\DRIVERS\mfencrk.sys
08:58:56.0500 1800  mfencrk - ok
08:58:56.0546 1800  [ 0FAE0500A631FC8308D732405192AFCD ] mfendisk        D:\WINDOWS\system32\DRIVERS\mfendisk.sys
08:58:56.0578 1800  mfendisk - ok
08:58:56.0609 1800  [ 0FAE0500A631FC8308D732405192AFCD ] mfendiskmp      D:\WINDOWS\system32\DRIVERS\mfendisk.sys
08:58:56.0609 1800  mfendiskmp - ok
08:58:56.0640 1800  [ DC4AB8B971297A9C8C692E58E0DABF57 ] mfetdi2k        D:\WINDOWS\system32\drivers\mfetdi2k.sys
08:58:56.0671 1800  mfetdi2k - ok
08:58:56.0765 1800  [ 9B4C6E57156EACBDB8B4977D1948149F ] mfevtp          D:\WINDOWS\system32\mfevtps.exe
08:58:56.0796 1800  mfevtp - ok
08:58:56.0875 1800  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           D:\WINDOWS\system32\drivers\mnmdd.sys
08:58:56.0875 1800  mnmdd - ok
08:58:56.0921 1800  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         D:\WINDOWS\system32\mnmsrvc.exe
08:58:56.0921 1800  mnmsrvc - ok
08:58:57.0078 1800  [ 35176FA09A0FC58DB630991A81A0BA39 ] MOBKbackup      D:\Program Files\McAfee Online Backup\MOBKbackup.exe
08:58:57.0125 1800  MOBKbackup - ok
08:58:57.0156 1800  [ E896775837A8BCE436348DF460522394 ] MOBKFilter      D:\WINDOWS\system32\DRIVERS\MOBK.sys
08:58:57.0171 1800  MOBKFilter - ok
08:58:57.0218 1800  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           D:\WINDOWS\system32\drivers\Modem.sys
08:58:57.0218 1800  Modem - ok
08:58:57.0265 1800  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        D:\WINDOWS\system32\DRIVERS\mouclass.sys
08:58:57.0265 1800  Mouclass - ok
08:58:57.0281 1800  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          D:\WINDOWS\system32\DRIVERS\mouhid.sys
08:58:57.0296 1800  mouhid - ok
08:58:57.0328 1800  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        D:\WINDOWS\system32\drivers\MountMgr.sys
08:58:57.0343 1800  MountMgr - ok
08:58:57.0343 1800  mraid35x - ok
08:58:57.0421 1800  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          D:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:58:57.0453 1800  MRxDAV - ok
08:58:57.0609 1800  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          D:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:58:57.0718 1800  MRxSmb - ok
08:58:57.0781 1800  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           D:\WINDOWS\system32\msdtc.exe
08:58:57.0781 1800  MSDTC - ok
08:58:57.0843 1800  [ 1477849772712BAC69C144DCF2C9CE81 ] MSDV            D:\WINDOWS\system32\DRIVERS\msdv.sys
08:58:57.0859 1800  MSDV - ok
08:58:57.0875 1800  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            D:\WINDOWS\system32\drivers\Msfs.sys
08:58:57.0890 1800  Msfs - ok
08:58:57.0890 1800  MSIServer - ok
08:58:57.0984 1800  [ 5007E21208DA68F60EBF43352BDFE6D0 ] MSK80Service    D:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
08:58:57.0984 1800  MSK80Service - ok
08:58:58.0031 1800  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         D:\WINDOWS\system32\drivers\MSKSSRV.sys
08:58:58.0031 1800  MSKSSRV - ok
08:58:58.0078 1800  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        D:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:58:58.0078 1800  MSPCLOCK - ok
08:58:58.0109 1800  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           D:\WINDOWS\system32\drivers\MSPQM.sys
08:58:58.0109 1800  MSPQM - ok
08:58:58.0125 1800  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        D:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:58:58.0140 1800  mssmbios - ok
08:58:58.0156 1800  [ 5C3F9BDF4DB23B75306388FC26A0A8E5 ] MSTAPE          D:\WINDOWS\system32\DRIVERS\mstape.sys
08:58:58.0171 1800  MSTAPE - ok
08:58:58.0203 1800  [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE           D:\WINDOWS\system32\drivers\MSTEE.sys
08:58:58.0203 1800  MSTEE - ok
08:58:58.0250 1800  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             D:\WINDOWS\system32\drivers\Mup.sys
08:58:58.0281 1800  Mup - ok
08:58:58.0328 1800  [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC        D:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
08:58:58.0343 1800  NABTSFEC - ok
08:58:58.0468 1800  [ 0102140028FAD045756796E1C685D695 ] napagent        D:\WINDOWS\System32\qagentrt.dll
08:58:58.0531 1800  napagent - ok
08:58:58.0593 1800  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            D:\WINDOWS\system32\drivers\NDIS.sys
08:58:58.0640 1800  NDIS - ok
08:58:58.0656 1800  [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP          D:\WINDOWS\system32\DRIVERS\NdisIP.sys
08:58:58.0656 1800  NdisIP - ok
08:58:58.0671 1800  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        D:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:58:58.0671 1800  NdisTapi - ok
08:58:58.0687 1800  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         D:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:58:58.0687 1800  Ndisuio - ok
08:58:58.0718 1800  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         D:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:58:58.0750 1800  NdisWan - ok
08:58:58.0796 1800  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         D:\WINDOWS\system32\drivers\NDProxy.sys
08:58:58.0812 1800  NDProxy - ok
08:58:58.0828 1800  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         D:\WINDOWS\system32\DRIVERS\netbios.sys
08:58:58.0828 1800  NetBIOS - ok
08:58:58.0906 1800  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           D:\WINDOWS\system32\DRIVERS\netbt.sys
08:58:58.0953 1800  NetBT - ok
08:58:59.0000 1800  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          D:\WINDOWS\system32\netdde.exe
08:58:59.0031 1800  NetDDE - ok
08:58:59.0062 1800  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      D:\WINDOWS\system32\netdde.exe
08:58:59.0062 1800  NetDDEdsdm - ok
08:58:59.0109 1800  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        D:\WINDOWS\system32\lsass.exe
08:58:59.0109 1800  Netlogon - ok
08:58:59.0171 1800  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          D:\WINDOWS\System32\netman.dll
08:58:59.0218 1800  Netman - ok
08:58:59.0312 1800  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
08:58:59.0343 1800  NetTcpPortSharing - ok
08:58:59.0390 1800  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         D:\WINDOWS\system32\DRIVERS\nic1394.sys
08:58:59.0406 1800  NIC1394 - ok
08:58:59.0500 1800  [ 943337D786A56729263071623BBB9DE5 ] Nla             D:\WINDOWS\System32\mswsock.dll
08:58:59.0562 1800  Nla - ok
08:58:59.0578 1800  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            D:\WINDOWS\system32\drivers\Npfs.sys
08:58:59.0578 1800  Npfs - ok
08:58:59.0734 1800  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            D:\WINDOWS\system32\drivers\Ntfs.sys
08:58:59.0875 1800  Ntfs - ok
08:58:59.0890 1800  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         D:\WINDOWS\system32\lsass.exe
08:58:59.0890 1800  NtLmSsp - ok
08:59:00.0015 1800  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         D:\WINDOWS\system32\ntmssvc.dll
08:59:00.0125 1800  NtmsSvc - ok
08:59:00.0156 1800  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            D:\WINDOWS\system32\drivers\Null.sys
08:59:00.0156 1800  Null - ok
08:59:03.0468 1800  [ D2F256F9879DDCE59EFA361CBDC34F96 ] nv              D:\WINDOWS\system32\DRIVERS\nv4_mini.sys
08:59:06.0671 1800  nv - ok
08:59:06.0765 1800  [ F6590528F487FA8BDC6F53D8DFA1F7D3 ] NVSvc           D:\WINDOWS\system32\nvsvc32.exe
08:59:06.0812 1800  NVSvc - ok
08:59:07.0500 1800  [ 3F7FDF38D5F9E59B7ADF1C9E90CAEB1F ] nvUpdatusService D:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
08:59:08.0078 1800  nvUpdatusService - ok
08:59:08.0125 1800  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        D:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:59:08.0125 1800  NwlnkFlt - ok
08:59:08.0140 1800  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        D:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:59:08.0156 1800  NwlnkFwd - ok
08:59:08.0203 1800  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        D:\WINDOWS\system32\DRIVERS\ohci1394.sys
08:59:08.0218 1800  ohci1394 - ok
08:59:08.0250 1800  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         D:\WINDOWS\system32\drivers\Parport.sys
08:59:08.0265 1800  Parport - ok
08:59:08.0281 1800  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         D:\WINDOWS\system32\drivers\PartMgr.sys
08:59:08.0281 1800  PartMgr - ok
08:59:08.0328 1800  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          D:\WINDOWS\system32\drivers\ParVdm.sys
08:59:08.0343 1800  ParVdm - ok
08:59:08.0375 1800  [ A219903CCF74233761D92BEF471A07B1 ] PCI             D:\WINDOWS\system32\DRIVERS\pci.sys
08:59:08.0390 1800  PCI - ok
08:59:08.0390 1800  PCIDump - ok
08:59:08.0406 1800  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          D:\WINDOWS\system32\DRIVERS\pciide.sys
08:59:08.0406 1800  PCIIde - ok
08:59:08.0468 1800  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          D:\WINDOWS\system32\drivers\Pcmcia.sys
08:59:08.0500 1800  Pcmcia - ok
08:59:08.0562 1800  [ FD2A66E8B1A3D1483A8F6CFA3C950B9B ] PCPitstop Scheduling D:\Program Files\PCPitstop\PCPitstopScheduleService.exe
08:59:08.0578 1800  PCPitstop Scheduling - ok
08:59:08.0593 1800  PDCOMP - ok
08:59:08.0609 1800  PDFRAME - ok
08:59:08.0609 1800  PDRELI - ok
08:59:08.0625 1800  PDRFRAME - ok
08:59:08.0640 1800  perc2 - ok
08:59:08.0656 1800  perc2hib - ok
08:59:08.0718 1800  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        D:\WINDOWS\system32\services.exe
08:59:08.0734 1800  PlugPlay - ok
08:59:08.0796 1800  [ 901C43516504CBE582E4C4193E00876A ] Pml Driver HPZ12 D:\WINDOWS\system32\HPZipm12.exe
08:59:08.0812 1800  Pml Driver HPZ12 - ok
08:59:08.0828 1800  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     D:\WINDOWS\system32\lsass.exe
08:59:08.0828 1800  PolicyAgent - ok
08:59:08.0859 1800  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    D:\WINDOWS\system32\DRIVERS\raspptp.sys
08:59:08.0875 1800  PptpMiniport - ok
08:59:08.0875 1800  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage D:\WINDOWS\system32\lsass.exe
08:59:08.0875 1800  ProtectedStorage - ok
08:59:08.0906 1800  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          D:\WINDOWS\system32\DRIVERS\psched.sys
08:59:08.0921 1800  PSched - ok
08:59:08.0953 1800  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         D:\WINDOWS\system32\DRIVERS\ptilink.sys
08:59:08.0953 1800  Ptilink - ok
08:59:08.0953 1800  ql1080 - ok
08:59:08.0968 1800  Ql10wnt - ok
08:59:08.0984 1800  ql12160 - ok
08:59:08.0984 1800  ql1240 - ok
08:59:09.0000 1800  ql1280 - ok
08:59:09.0062 1800  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          D:\WINDOWS\system32\DRIVERS\rasacd.sys
08:59:09.0078 1800  RasAcd - ok
08:59:09.0125 1800  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         D:\WINDOWS\System32\rasauto.dll
08:59:09.0140 1800  RasAuto - ok
08:59:09.0187 1800  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         D:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:59:09.0203 1800  Rasl2tp - ok
08:59:09.0265 1800  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          D:\WINDOWS\System32\rasmans.dll
08:59:09.0312 1800  RasMan - ok
08:59:09.0328 1800  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        D:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:59:09.0343 1800  RasPppoe - ok
08:59:09.0359 1800  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          D:\WINDOWS\system32\DRIVERS\raspti.sys
08:59:09.0375 1800  Raspti - ok
08:59:09.0453 1800  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           D:\WINDOWS\system32\DRIVERS\rdbss.sys
08:59:09.0500 1800  Rdbss - ok
08:59:09.0531 1800  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          D:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:59:09.0531 1800  RDPCDD - ok
08:59:09.0625 1800  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           D:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:59:09.0671 1800  rdpdr - ok
08:59:09.0734 1800  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           D:\WINDOWS\system32\drivers\RDPWD.sys
08:59:09.0781 1800  RDPWD - ok
08:59:09.0843 1800  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       D:\WINDOWS\system32\sessmgr.exe
08:59:09.0875 1800  RDSessMgr - ok
08:59:09.0937 1800  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         D:\WINDOWS\system32\DRIVERS\redbook.sys
08:59:09.0953 1800  redbook - ok
08:59:10.0015 1800  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    D:\WINDOWS\System32\mprdim.dll
08:59:10.0031 1800  RemoteAccess - ok
08:59:10.0078 1800  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  D:\WINDOWS\system32\regsvc.dll
08:59:10.0093 1800  RemoteRegistry - ok
08:59:10.0250 1800  [ 9C675492B635CC1756AE4EAB3937552A ] RichVideo       D:\Program Files\Cyberlink\Shared files\RichVideo.exe
08:59:10.0312 1800  RichVideo - ok
08:59:10.0375 1800  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      D:\WINDOWS\system32\locator.exe
08:59:10.0406 1800  RpcLocator - ok
08:59:10.0531 1800  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           D:\WINDOWS\system32\rpcss.dll
08:59:10.0546 1800  RpcSs - ok
08:59:10.0593 1800  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            D:\WINDOWS\system32\rsvp.exe
08:59:10.0625 1800  RSVP - ok
08:59:10.0687 1800  [ 89619EF503F949FAE09252A8B883EE11 ] RTLE8023xp      D:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
08:59:10.0718 1800  RTLE8023xp - ok
08:59:10.0765 1800  [ B9CA69921379EA2931C4450FE975BCE7 ] RTLVLAN         D:\WINDOWS\system32\DRIVERS\RTLVLAN.SYS
08:59:10.0765 1800  RTLVLAN - ok
08:59:10.0781 1800  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           D:\WINDOWS\system32\lsass.exe
08:59:10.0781 1800  SamSs - ok
08:59:10.0875 1800  [ B244960E5A1DB8E9D5D17086DE37C1E4 ] sbp2port        D:\WINDOWS\system32\DRIVERS\sbp2port.sys
08:59:10.0890 1800  sbp2port - ok
08:59:10.0953 1800  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        D:\WINDOWS\System32\SCardSvr.exe
08:59:10.0968 1800  SCardSvr - ok
08:59:11.0062 1800  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        D:\WINDOWS\system32\schedsvc.dll
08:59:11.0109 1800  Schedule - ok
08:59:11.0156 1800  [ 089870DAB7AA277585C475AE09EE4C63 ] scsiscan        D:\WINDOWS\system32\DRIVERS\scsiscan.sys
08:59:11.0171 1800  scsiscan - ok
08:59:11.0187 1800  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          D:\WINDOWS\system32\DRIVERS\secdrv.sys
08:59:11.0203 1800  Secdrv - ok
08:59:11.0218 1800  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        D:\WINDOWS\System32\seclogon.dll
08:59:11.0218 1800  seclogon - ok
08:59:11.0234 1800  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            D:\WINDOWS\system32\sens.dll
08:59:11.0250 1800  SENS - ok
08:59:11.0296 1800  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          D:\WINDOWS\system32\drivers\Serial.sys
08:59:11.0312 1800  Serial - ok
08:59:11.0375 1800  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         D:\WINDOWS\system32\drivers\Sfloppy.sys
08:59:11.0375 1800  Sfloppy - ok
08:59:11.0531 1800  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    D:\WINDOWS\System32\ipnathlp.dll
08:59:11.0609 1800  SharedAccess - ok
08:59:11.0671 1800  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection D:\WINDOWS\System32\shsvcs.dll
08:59:11.0671 1800  ShellHWDetection - ok
08:59:11.0671 1800  Simbad - ok
08:59:11.0703 1800  [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP            D:\WINDOWS\system32\DRIVERS\SLIP.sys
08:59:11.0718 1800  SLIP - ok
08:59:11.0734 1800  Sparrow - ok
08:59:11.0781 1800  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        D:\WINDOWS\system32\drivers\splitter.sys
08:59:11.0781 1800  splitter - ok
08:59:11.0859 1800  [ 60784F891563FB1B767F70117FC2428F ] Spooler         D:\WINDOWS\system32\spoolsv.exe
08:59:11.0875 1800  Spooler - ok
08:59:11.0890 1800  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              D:\WINDOWS\system32\DRIVERS\sr.sys
08:59:11.0906 1800  sr - ok
08:59:11.0968 1800  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       D:\WINDOWS\system32\srsvc.dll
08:59:12.0000 1800  srservice - ok
08:59:12.0109 1800  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             D:\WINDOWS\system32\DRIVERS\srv.sys
08:59:12.0203 1800  Srv - ok
08:59:12.0250 1800  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         D:\WINDOWS\System32\ssdpsrv.dll
08:59:12.0281 1800  SSDPSRV - ok
08:59:12.0484 1800  [ BC76D75A372BC02831A6A6AEA66510F8 ] Steam Client Service D:\Program Files\Common Files\Steam\SteamService.exe
08:59:12.0625 1800  Steam Client Service - ok
08:59:12.0734 1800  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          D:\WINDOWS\system32\wiaservc.dll
08:59:12.0828 1800  stisvc - ok
08:59:12.0828 1800  [ 77813007BA6265C4B6098187E6ED79D2 ] streamip        D:\WINDOWS\system32\DRIVERS\StreamIP.sys
08:59:12.0843 1800  streamip - ok
08:59:12.0859 1800  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          D:\WINDOWS\system32\DRIVERS\swenum.sys
08:59:12.0859 1800  swenum - ok
08:59:12.0890 1800  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          D:\WINDOWS\system32\drivers\swmidi.sys
08:59:12.0906 1800  swmidi - ok
08:59:12.0906 1800  SwPrv - ok
08:59:12.0921 1800  symc810 - ok
08:59:12.0921 1800  symc8xx - ok
08:59:12.0937 1800  sym_hi - ok
08:59:12.0953 1800  sym_u3 - ok
08:59:12.0984 1800  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        D:\WINDOWS\system32\drivers\sysaudio.sys
08:59:13.0000 1800  sysaudio - ok
08:59:13.0046 1800  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       D:\WINDOWS\system32\smlogsvc.exe
08:59:13.0078 1800  SysmonLog - ok
08:59:13.0171 1800  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         D:\WINDOWS\System32\tapisrv.dll
08:59:13.0218 1800  TapiSrv - ok
08:59:13.0328 1800  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           D:\WINDOWS\system32\DRIVERS\tcpip.sys
08:59:13.0468 1800  Tcpip - ok
08:59:13.0500 1800  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          D:\WINDOWS\system32\drivers\TDPIPE.sys
08:59:13.0500 1800  TDPIPE - ok
08:59:13.0531 1800  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           D:\WINDOWS\system32\drivers\TDTCP.sys
08:59:13.0531 1800  TDTCP - ok
08:59:13.0546 1800  [ 88155247177638048422893737429D9E ] TermDD          D:\WINDOWS\system32\DRIVERS\termdd.sys
08:59:13.0562 1800  TermDD - ok
08:59:13.0671 1800  [ FF3477C03BE7201C294C35F684B3479F ] TermService     D:\WINDOWS\System32\termsrv.dll
08:59:13.0734 1800  TermService - ok
08:59:13.0781 1800  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          D:\WINDOWS\System32\shsvcs.dll
08:59:13.0781 1800  Themes - ok
08:59:13.0828 1800  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         D:\WINDOWS\system32\tlntsvr.exe
08:59:13.0859 1800  TlntSvr - ok
08:59:13.0859 1800  TosIde - ok
08:59:13.0890 1800  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          D:\WINDOWS\system32\trkwks.dll
08:59:13.0921 1800  TrkWks - ok
08:59:13.0953 1800  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            D:\WINDOWS\system32\drivers\Udfs.sys
08:59:13.0968 1800  Udfs - ok
08:59:13.0968 1800  ultra - ok
08:59:14.0093 1800  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          D:\WINDOWS\system32\DRIVERS\update.sys
08:59:14.0187 1800  Update - ok
08:59:14.0250 1800  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        D:\WINDOWS\System32\upnphost.dll
08:59:14.0296 1800  upnphost - ok
08:59:14.0312 1800  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             D:\WINDOWS\System32\ups.exe
08:59:14.0328 1800  UPS - ok
08:59:14.0375 1800  [ 1B611611C28D2DF25BC057D79C6F13FC ] usbccgp         D:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:59:14.0390 1800  usbccgp - ok
08:59:14.0453 1800  [ 4BAC8DF07F1D8434FC640E677A62204E ] usbehci         D:\WINDOWS\system32\DRIVERS\usbehci.sys
08:59:14.0453 1800  usbehci - ok
08:59:14.0500 1800  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          D:\WINDOWS\system32\DRIVERS\usbhub.sys
08:59:14.0515 1800  usbhub - ok
08:59:14.0562 1800  [ A717C8721046828520C9EDF31288FC00 ] usbprint        D:\WINDOWS\system32\DRIVERS\usbprint.sys
08:59:14.0562 1800  usbprint - ok
08:59:14.0609 1800  [ F8EDE2B6928970DCE3D5614C27D9E7F6 ] usbscan         D:\WINDOWS\system32\DRIVERS\usbscan.sys
08:59:14.0625 1800  usbscan - ok
08:59:14.0687 1800  [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor         D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:59:14.0687 1800  usbstor - ok
08:59:14.0703 1800  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         D:\WINDOWS\system32\DRIVERS\usbuhci.sys
08:59:14.0718 1800  usbuhci - ok
08:59:14.0734 1800  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         D:\WINDOWS\System32\drivers\vga.sys
08:59:14.0734 1800  VgaSave - ok
08:59:14.0750 1800  ViaIde - ok
08:59:14.0812 1800  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         D:\WINDOWS\system32\drivers\VolSnap.sys
08:59:14.0828 1800  VolSnap - ok
08:59:14.0906 1800  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             D:\WINDOWS\System32\vssvc.exe
08:59:14.0984 1800  VSS - ok
08:59:15.0046 1800  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         D:\WINDOWS\system32\w32time.dll
08:59:15.0078 1800  W32Time - ok
08:59:15.0109 1800  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          D:\WINDOWS\system32\DRIVERS\wanarp.sys
08:59:15.0109 1800  Wanarp - ok
08:59:15.0125 1800  WDICA - ok
08:59:15.0156 1800  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          D:\WINDOWS\system32\drivers\wdmaud.sys
08:59:15.0187 1800  wdmaud - ok
08:59:15.0218 1800  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       D:\WINDOWS\System32\webclnt.dll
08:59:15.0234 1800  WebClient - ok
08:59:15.0406 1800  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         D:\WINDOWS\system32\wbem\WMIsvc.dll
08:59:15.0437 1800  winmgmt - ok
08:59:15.0546 1800  [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN        D:\WINDOWS\system32\mspmsnsv.dll
08:59:15.0562 1800  WmdmPmSN - ok
08:59:15.0750 1800  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             D:\WINDOWS\System32\advapi32.dll
08:59:15.0890 1800  Wmi - ok
08:59:15.0953 1800  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        D:\WINDOWS\system32\wbem\wmiapsrv.exe
08:59:15.0984 1800  WmiApSrv - ok
08:59:16.0281 1800  [ 15673BD0B86150CB8E27766059C72A9B ] WPFFontCache_v0400 D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
08:59:16.0468 1800  WPFFontCache_v0400 - ok
08:59:16.0515 1800  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          D:\WINDOWS\system32\wscsvc.dll
08:59:16.0546 1800  wscsvc - ok
08:59:16.0593 1800  [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC        D:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
08:59:16.0609 1800  WSTCODEC - ok
08:59:16.0625 1800  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        D:\WINDOWS\system32\wuauserv.dll
08:59:16.0640 1800  wuauserv - ok
08:59:16.0781 1800  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          D:\WINDOWS\System32\wzcsvc.dll
08:59:16.0906 1800  WZCSVC - ok
08:59:16.0968 1800  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         D:\WINDOWS\System32\xmlprov.dll
08:59:17.0000 1800  xmlprov - ok
08:59:17.0015 1800  ================ Scan global ===============================
08:59:17.0062 1800  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] D:\WINDOWS\system32\basesrv.dll
08:59:17.0171 1800  [ 69AE2B2E6968C316536E5B10B9702E63 ] D:\WINDOWS\system32\winsrv.dll
08:59:17.0328 1800  [ 69AE2B2E6968C316536E5B10B9702E63 ] D:\WINDOWS\system32\winsrv.dll
08:59:17.0375 1800  [ 65DF52F5B8B6E9BBD183505225C37315 ] D:\WINDOWS\system32\services.exe
08:59:17.0375 1800  [Global] - ok
08:59:17.0375 1800  ================ Scan MBR ==================================
08:59:17.0421 1800  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
08:59:17.0437 1800  \Device\Harddisk0\DR0 - ok
08:59:17.0453 1800  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
08:59:17.0609 1800  \Device\Harddisk1\DR1 - ok
08:59:17.0625 1800  [ 66D0B28C8B44E531D0C19F436252ABAA ] \Device\Harddisk6\DR12
08:59:17.0625 1800  \Device\Harddisk6\DR12 - ok
08:59:17.0625 1800  ================ Scan VBR ==================================
08:59:17.0625 1800  [ 49968B3A65A97814EE7A27C366621185 ] \Device\Harddisk0\DR0\Partition1
08:59:17.0640 1800  \Device\Harddisk0\DR0\Partition1 - ok
08:59:17.0640 1800  [ 38F8B23D2A2058A4D807AC546712E621 ] \Device\Harddisk1\DR1\Partition1
08:59:17.0640 1800  \Device\Harddisk1\DR1\Partition1 - ok
08:59:17.0656 1800  [ 4D40759CA5262CE58311FB02A408911F ] \Device\Harddisk6\DR12\Partition1
08:59:17.0656 1800  \Device\Harddisk6\DR12\Partition1 - ok
08:59:17.0671 1800  ============================================================
08:59:17.0671 1800  Scan finished
08:59:17.0671 1800  ============================================================
08:59:17.0687 1784  Detected object count: 0
08:59:17.0687 1784  Actual detected object count: 0
08:59:46.0265 1768  Deinitialize success
 
 
# AdwCleaner v3.010 - Report created 01/11/2013 at 09:01:04
# Updated 20/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Administrator - MUDDY
# Running from : D:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : D:\END
Folder Found : D:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Folder Found : D:\Documents and Settings\Paddy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Folder Found D:\Documents and Settings\Bob\Application Data\DefaultTab
Folder Found D:\Documents and Settings\Bob\Local Settings\Application Data\Wajam
Folder Found D:\Documents and Settings\Bob\Start Menu\Programs\Wajam
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\Software\Default Tab
Key Found : HKLM\Software\DefaultTab
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
*************************
 
AdwCleaner[R0].txt - [1859 octets] - [01/11/2013 09:01:04]
 
########## EOF - D:\AdwCleaner\AdwCleaner[R0].txt - [1919 octets] ##########
 
 


#4 Shelby68GT500

Shelby68GT500

    Authentic Member

  • Authentic Member
  • PipPip
  • 82 posts

Posted 01 November 2013 - 07:22 AM

Jeff,  Sorry, forgot to add the Attach.txt file to the above...  It is below...

 

Regards, Bob

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 10/4/2011 11:38:16 AM
System Uptime: 11/1/2013 8:53:32 AM (0 hours ago)
.
Motherboard: Dell Inc. |  | 0J584C
Processor: Intel Pentium III Xeon processor | Socket 775 | 2992/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 395.957 GiB free.
D: is FIXED (NTFS) - 298 GiB total, 190.293 GiB free.
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is CDROM ()
J: is CDROM ()
K: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP260: 7/28/2013 10:56:28 PM - System Checkpoint
RP261: 7/30/2013 12:01:40 PM - System Checkpoint
RP262: 8/8/2013 12:30:29 PM - System Checkpoint
RP263: 8/9/2013 1:53:41 PM - System Checkpoint
RP264: 8/10/2013 6:54:11 PM - System Checkpoint
RP265: 8/12/2013 10:54:14 AM - System Checkpoint
RP266: 8/13/2013 5:39:53 PM - System Checkpoint
RP267: 8/14/2013 6:44:55 PM - System Checkpoint
RP268: 8/14/2013 11:14:13 PM - Software Distribution Service 3.0
RP269: 8/15/2013 7:04:16 PM - Installed Steam
RP270: 8/17/2013 10:43:12 AM - System Checkpoint
RP271: 8/18/2013 11:28:44 AM - System Checkpoint
RP272: 8/19/2013 12:05:41 PM - System Checkpoint
RP273: 8/22/2013 11:19:03 AM - System Checkpoint
RP274: 8/23/2013 2:51:36 PM - System Checkpoint
RP275: 8/24/2013 5:10:53 PM - System Checkpoint
RP276: 8/26/2013 10:52:09 AM - System Checkpoint
RP277: 8/27/2013 12:46:57 PM - System Checkpoint
RP278: 8/28/2013 2:13:01 PM - System Checkpoint
RP279: 8/28/2013 9:40:53 PM - Software Distribution Service 3.0
RP280: 8/30/2013 12:22:39 PM - System Checkpoint
RP281: 8/31/2013 5:00:23 PM - System Checkpoint
RP282: 9/3/2013 8:54:45 AM - System Checkpoint
RP283: 9/4/2013 6:44:37 PM - System Checkpoint
RP284: 9/6/2013 7:45:38 AM - System Checkpoint
RP285: 9/7/2013 3:14:26 PM - System Checkpoint
RP286: 9/8/2013 4:49:51 PM - System Checkpoint
RP287: 9/10/2013 1:17:15 PM - System Checkpoint
RP288: 9/11/2013 1:37:47 PM - System Checkpoint
RP289: 9/11/2013 9:39:36 PM - Software Distribution Service 3.0
RP290: 9/13/2013 12:15:28 PM - System Checkpoint
RP291: 9/14/2013 3:48:04 PM - System Checkpoint
RP292: 9/15/2013 7:41:04 PM - System Checkpoint
RP293: 9/16/2013 8:42:31 PM - System Checkpoint
RP294: 9/18/2013 8:01:10 AM - System Checkpoint
RP295: 9/19/2013 8:44:23 AM - System Checkpoint
RP296: 9/20/2013 9:58:45 AM - System Checkpoint
RP297: 9/21/2013 12:53:19 PM - System Checkpoint
RP298: 9/22/2013 1:36:01 PM - System Checkpoint
RP299: 9/23/2013 2:35:12 PM - System Checkpoint
RP300: 9/24/2013 2:40:48 PM - System Checkpoint
RP301: 9/25/2013 4:20:11 PM - System Checkpoint
RP302: 9/27/2013 6:39:42 PM - System Checkpoint
RP303: 9/28/2013 7:36:38 PM - System Checkpoint
RP304: 9/30/2013 8:48:19 AM - System Checkpoint
RP305: 10/1/2013 12:48:24 PM - System Checkpoint
RP306: 10/2/2013 3:10:48 PM - System Checkpoint
RP307: 10/3/2013 3:27:09 PM - System Checkpoint
RP308: 10/4/2013 5:24:16 PM - System Checkpoint
RP309: 10/6/2013 7:26:55 PM - System Checkpoint
RP310: 10/7/2013 8:31:43 PM - System Checkpoint
RP311: 10/9/2013 9:18:10 AM - System Checkpoint
RP312: 10/9/2013 9:24:18 PM - Software Distribution Service 3.0
RP313: 10/11/2013 8:55:30 AM - System Checkpoint
RP314: 10/13/2013 1:58:37 PM - System Checkpoint
RP315: 10/15/2013 1:52:32 PM - System Checkpoint
RP316: 10/16/2013 5:06:27 PM - System Checkpoint
RP317: 10/17/2013 9:50:23 PM - System Checkpoint
RP318: 10/17/2013 11:17:28 PM - Software Distribution Service 3.0
RP319: 10/18/2013 8:16:04 AM - Printer Driver Microsoft XPS Document Writer Installed
RP320: 10/18/2013 9:36:12 PM - Software Distribution Service 3.0
RP321: 10/21/2013 10:20:55 AM - System Checkpoint
RP322: 10/22/2013 11:23:00 AM - System Checkpoint
RP323: 10/23/2013 11:31:01 AM - System Checkpoint
RP324: 10/24/2013 12:07:48 PM - System Checkpoint
RP325: 10/25/2013 12:34:20 PM - Update to an unsigned driver
RP326: 10/25/2013 9:55:00 PM - Software Distribution Service 3.0
RP327: 10/27/2013 12:45:52 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
5500
5500_Help
5500Tour
5500Trb
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.05)
AiO_Scan
AiOSoftware
Apple Application Support
Apple Software Update
BufferChm
Copy
CreativeProjects
CreativeProjectsTemplates
CueTour
CyberLink PowerDirector 11
CyberLink PowerDirector 11 Content Pack Essential
CyberLink PowerDirector 11 Content Pack Premium
CyberLink WaveEditor 2
DefaultTab
Dell Resource CD
Destinations
Diagnostics Utility
Director
DocProc
DocumentViewer
EPSON Scan
EPSON Scan! II
Fax
ffdshow v1.2.4494 [2012-11-28]
Free M4a to MP3 Converter 7.1
Google Chrome
Google Update Helper
Haali Media Splitter
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Diagnostic Assistant
HP Image Zone 4.2
HP PSC & OfficeJet 4.2
HP Software Update
HPSystemDiagnostics
InstantShare
J2SE Runtime Environment 5.0 Update 6
Java 7 Update 25
Java Auto Updater
McAfee Online Backup
McAfee Total Protection
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Newblue Art Effects for PowerDirector
NVIDIA Control Panel 331.58
NVIDIA GeForce Experience 1.6.1.2
NVIDIA Graphics Driver 331.58
NVIDIA Install Application
NVIDIA nView 140.75
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.0725
NVIDIA Update 8.3.23
NVIDIA Update Components
OpenOffice.org 3.4.1
Overland
PC Pitstop Driver Alert2 2.0.0.0
PhotoGallery
PrintScreen
ProductContext
QFolder
QuickProjects
QuickTime
RaceRoom Racing Experience 
Readme
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Red Faction
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2803821-v2)
Security Update for Windows Media Player (KB2803821)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2744842)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Shared C Run-time for x86
SkinsHP1
SmartSound Quicktracks 5
SnagIt 7
Steam
Team Fortress 2
TrayApp
TurboTax 2012
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wrapper
TurboTax 2012 wvaiper
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973815)
VLC media player 2.0.4
Wajam
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
.
==== Event Viewer Messages From Past Week ========
.
10/28/2013 8:09:16 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
10/28/2013 8:09:09 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD Fips intelppm IPSec mfehidk mfetdi2k MOBKFilter MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
10/28/2013 8:09:09 AM, error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:  A device attached to the system is not functioning.
10/28/2013 8:09:09 AM, error: Service Control Manager [7001]  - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error:  A device attached to the system is not functioning.
10/28/2013 8:09:09 AM, error: Service Control Manager [7001]  - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error:  The dependency service or group failed to start.
10/28/2013 8:09:09 AM, error: Service Control Manager [7001]  - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error:  The dependency service or group failed to start.
10/28/2013 8:09:09 AM, error: Service Control Manager [7001]  - The McAfee Home Network service depends on the McAfee Firewall Core Service service which failed to start because of the following error:  The dependency service or group failed to start.
10/28/2013 8:09:09 AM, error: Service Control Manager [7001]  - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error:  The dependency service or group failed to start.
10/28/2013 8:09:09 AM, error: Service Control Manager [7001]  - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error:  The dependency service or group failed to start.
10/28/2013 8:09:09 AM, error: Service Control Manager [7001]  - The McAfee Anti-Malware Core service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error:  The dependency service or group failed to start.
10/28/2013 8:09:09 AM, error: Service Control Manager [7001]  - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:  A device attached to the system is not functioning.
10/28/2013 8:09:09 AM, error: Service Control Manager [7001]  - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
10/28/2013 8:09:09 AM, error: Service Control Manager [7001]  - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:  A device attached to the system is not functioning.
10/28/2013 8:08:26 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/28/2013 8:08:25 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
10/28/2013 8:07:54 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
10/28/2013 8:07:54 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {C90134D2-4AE9-407A-919A-4A2EF09C6C51}
10/27/2013 12:45:35 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
10/27/2013 12:45:35 PM, error: Service Control Manager [7000]  - The IMAPI CD-Burning COM Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
10/26/2013 9:37:11 AM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
10/26/2013 9:22:04 AM, error: nv [108]  - The driver nv4_disp for the display device \Device\Video0 got stuck in an infinite loop. This usually indicates a problem with the device itself or with the device driver programming the hardware incorrectly. Please check with your hardware device vendor for any driver updates.
10/26/2013 9:20:03 AM, error: atapi [9]  - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
10/26/2013 9:20:03 AM, error: atapi [9]  - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
10/25/2013 8:38:39 AM, error: Service Control Manager [7031]  - The McAfee Anti-Malware Core service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
10/25/2013 6:33:53 PM, error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee Proxy Service service, but this action failed with the following error:  An instance of the service is already running.
10/25/2013 6:32:53 PM, error: Service Control Manager [7031]  - The McAfee Proxy Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/25/2013 12:39:56 PM, error: Service Control Manager [7005]  - The LoadUserProfile call failed with the following error:  The parameter is incorrect.
.
==== End Of File ===========================


#5 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 01 November 2013 - 08:00 AM

Hi Bob,
 
For the time being if you need to run these tools in Safe Mode that is fine.   :)
 
Please read through these instructions to familarize yourself with what to expect when this tool runs
 
Download ComboFix from one of these locations:
 
Link 1
Link 2
 
* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.  Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
 


RCUpdate1.png

 
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
 
RC2-1.png
 
Click on Yes, to continue scanning for malware.
 
When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.
 
Notes:
 
1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. CF disconnects your machine from the internet.  The connection is automatically restored before CF completes its run.  If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
4. If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.
----------


Posted Image
 
 

#6 Shelby68GT500

Shelby68GT500

    Authentic Member

  • Authentic Member
  • PipPip
  • 82 posts

Posted 01 November 2013 - 08:21 AM

Jeff,  Combo Fix made it as far as Stage 5 that I saw, before I got the blue screen of death.  Basic info from the BSOD is below. Computer sitting in that stage as we speak...

 

Regards, Bob

 

Plug and Play detected an error most likely caused by a faulty driver

Techinical information:

***STOP:  0x000000CA (0x0000004, 0x8A818A88, 0x00000000, 0x00000000)

Beginning dump of physical memory

Physical memory dump complete

Contact your system administrator



#7 Shelby68GT500

Shelby68GT500

    Authentic Member

  • Authentic Member
  • PipPip
  • 82 posts

Posted 01 November 2013 - 09:17 AM

Jeff, Attempted this again after realizing that I had booted into safe mode, not safe mode with networking as well as running the ComboFix from the thumbdrive versus the desktop.  The first time I tried this the microsoft recovery console wasn't installed due to no networking.  It did get installed this time around.  ComboFix just finished running and completed all 50 stages.  Log file posted below...

 

Thanks, Bob

 

ComboFix 13-11-01.01 - Administrator 11/01/2013  11:08:42.1.2 - x86 NETWORK
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3070.2748 [GMT -4:00]
Running from: d:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
d:\documents and settings\All Users\Application Data\TEMP
d:\documents and settings\All Users\Application Data\TEMP\{03AD770A-1530-437E-967F-ADD4E5B23164}\PostBuild.exe
d:\documents and settings\All Users\Application Data\TEMP\{03AD770A-1530-437E-967F-ADD4E5B23164}\Setup.exe
d:\documents and settings\All Users\Application Data\TEMP\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}\PostBuild.exe
d:\documents and settings\All Users\Application Data\TEMP\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}\Setup.exe
d:\documents and settings\All Users\Application Data\TEMP\{37672760-7930-4911-9685-227E29AE2C55}\PostBuild.exe
d:\documents and settings\All Users\Application Data\TEMP\{37672760-7930-4911-9685-227E29AE2C55}\Setup.exe
d:\documents and settings\All Users\Application Data\TEMP\{551F492A-01B0-4DC4-866F-875EC4EDC0A8}\PostBuild.exe
d:\documents and settings\All Users\Application Data\TEMP\{551F492A-01B0-4DC4-866F-875EC4EDC0A8}\Setup.exe
d:\documents and settings\Bob\WINDOWS
d:\documents and settings\Paddy\Local Settings\Application Data\TopArcadeHits
d:\documents and settings\Paddy\Local Settings\Application Data\TopArcadeHits\tah.config
d:\documents and settings\Paddy\Local Settings\Application Data\TopArcadeHits\ToPArcadehits.dll
d:\documents and settings\Paddy\Local Settings\Application Data\TopArcadeHits\uninstaller.exe
d:\documents and settings\Paddy\Local Settings\Application Data\TopArcadeHits\updater.exe
d:\documents and settings\Paddy\WINDOWS
D:\END
d:\windows\Tasks\TopArcadeHits.job
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-01 to 2013-11-01  )))))))))))))))))))))))))))))))
.
.
2013-11-01 13:00 . 2013-11-01 13:01 -------- d-----w- D:\AdwCleaner
2013-11-01 12:54 . 2013-11-01 12:55 -------- d-----w- d:\documents and settings\Administrator
2013-10-25 16:36 . 2013-10-25 16:36 -------- d-----w- d:\program files\AGEIA Technologies
2013-10-25 16:35 . 2013-10-25 16:35 -------- d-----w- d:\documents and settings\UpdatusUser
2013-10-25 16:35 . 2013-10-25 16:37 -------- d-----w- d:\documents and settings\All Users\Application Data\NVIDIA Corporation
2013-10-25 16:35 . 2013-10-15 22:26 54272 ----a-w- d:\windows\system32\nvwddi.dll
2013-10-25 16:35 . 2013-10-15 22:26 156960 ----a-w- d:\windows\system32\nvsvc32.exe
2013-10-25 16:35 . 2013-10-15 22:26 15709984 ----a-w- d:\windows\system32\nvcpl.dll
2013-10-25 16:35 . 2013-10-15 22:26 209184 ----a-w- d:\windows\system32\nvmctray.dll
2013-10-25 16:31 . 2013-10-16 00:32 9457664 ----a-w- d:\windows\system32\nvopencl.dll
2013-10-25 16:31 . 2013-10-16 00:32 893728 ----a-w- d:\windows\system32\nvdispgenco3233158.dll
2013-10-25 16:31 . 2013-10-16 00:32 1049888 ----a-w- d:\windows\system32\nvdispco3233158.dll
2013-10-25 16:18 . 2013-10-25 16:18 -------- d-----w- D:\NVIDIA
2013-10-25 16:16 . 2013-10-25 16:35 -------- d-----w- d:\documents and settings\All Users\Application Data\NVIDIA
2013-10-18 03:19 . 2013-10-19 01:39 -------- d-----w- d:\windows\system32\XPSViewer
2013-10-18 03:19 . 2013-10-18 03:19 -------- d-----w- d:\program files\MSBuild
2013-10-18 03:19 . 2013-10-18 03:19 -------- d-----w- d:\program files\Reference Assemblies
2013-10-18 03:19 . 2008-07-06 12:06 89088 ----a-w- d:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2013-10-18 03:19 . 2008-07-06 12:06 89088 -c----w- d:\windows\system32\dllcache\filterpipelineprintproc.dll
2013-10-18 03:19 . 2008-07-06 12:06 575488 -c----w- d:\windows\system32\dllcache\xpsshhdr.dll
2013-10-18 03:19 . 2008-07-06 12:06 575488 ------w- d:\windows\system32\xpsshhdr.dll
2013-10-18 03:19 . 2008-07-06 12:06 117760 ------w- d:\windows\system32\prntvpt.dll
2013-10-18 03:19 . 2008-07-06 10:50 597504 -c----w- d:\windows\system32\dllcache\printfilterpipelinesvc.exe
2013-10-18 03:19 . 2008-07-06 10:50 597504 ------w- d:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2013-10-18 03:19 . 2008-07-06 12:06 1676288 -c----w- d:\windows\system32\dllcache\xpssvcs.dll
2013-10-18 03:19 . 2008-07-06 12:06 1676288 ------w- d:\windows\system32\xpssvcs.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-16 00:32 . 2012-02-10 03:40 9498624 ----a-w- d:\windows\system32\nvcuda.dll
2013-10-16 00:32 . 2012-02-10 03:40 4077440 ----a-w- d:\windows\system32\nv4_disp.dll
2013-10-16 00:32 . 2012-02-10 03:40 2951968 ----a-w- d:\windows\system32\nvcuvid.dll
2013-10-16 00:32 . 2012-02-10 03:40 2747168 ----a-w- d:\windows\system32\nvcuvenc.dll
2013-10-16 00:32 . 2012-02-10 03:40 2631680 ----a-w- d:\windows\system32\nvapi.dll
2013-10-16 00:32 . 2012-02-10 03:40 22171648 ----a-w- d:\windows\system32\nvoglnt.dll
2013-10-16 00:32 . 2012-02-10 03:40 17551360 ----a-w- d:\windows\system32\nvcompiler.dll
2013-10-16 00:32 . 2012-02-10 03:40 12627104 ----a-w- d:\windows\system32\drivers\nv4_mini.sys
2013-09-25 00:53 . 2012-11-09 11:56 60920 ----a-w- d:\windows\system32\drivers\cfwids.sys
2013-09-25 00:49 . 2012-11-26 02:25 172416 ----a-w- d:\windows\system32\mfevtps.exe
2013-09-25 00:48 . 2012-07-17 20:09 91736 ----a-w- d:\windows\system32\drivers\mfetdi2k.sys
2013-09-25 00:45 . 2012-07-17 20:07 571608 ----a-w- d:\windows\system32\drivers\mfehidk.sys
2013-09-25 00:44 . 2013-08-11 16:55 85064 ----a-w- d:\windows\system32\drivers\mfendisk.sys
2013-09-25 00:44 . 2012-11-09 11:50 365256 ----a-w- d:\windows\system32\drivers\mfefirek.sys
2013-09-25 00:44 . 2012-11-09 11:50 65928 ----a-w- d:\windows\system32\drivers\mfebopk.sys
2013-09-25 00:43 . 2012-11-09 11:49 235488 ----a-w- d:\windows\system32\drivers\mfeavfk.sys
2013-09-25 00:42 . 2012-11-09 11:49 133928 ----a-w- d:\windows\system32\drivers\mfeapfk.sys
2013-09-23 18:33 . 2008-04-14 12:00 920064 ----a-w- d:\windows\system32\wininet.dll
2013-09-23 18:33 . 2008-04-14 12:00 43520 ------w- d:\windows\system32\licmgr10.dll
2013-09-23 18:33 . 2008-04-14 12:00 1469440 ------w- d:\windows\system32\inetcpl.cpl
2013-09-23 18:33 . 2008-04-14 12:00 18944 ----a-w- d:\windows\system32\corpol.dll
2013-09-23 18:06 . 2008-04-14 12:00 385024 ------w- d:\windows\system32\html.iec
2013-09-23 17:48 . 2012-11-26 02:33 147912 ----a-w- d:\windows\system32\drivers\HipShieldK.sys
2013-09-20 13:37 . 2012-11-02 06:46 10152 ----a-w- d:\windows\system32\drivers\mfeclnrk.sys
2013-09-20 13:37 . 2012-11-02 06:46 80656 ----a-w- d:\windows\system32\drivers\mfencrk.sys
2013-09-20 13:37 . 2012-11-02 06:46 301248 ----a-w- d:\windows\system32\drivers\mfencbdc.sys
2013-09-09 15:11 . 2012-11-26 02:33 66296 ----a-w- d:\windows\system32\drivers\McPvDrv.sys
2013-08-29 01:31 . 2008-04-14 12:00 1878656 ----a-w- d:\windows\system32\win32k.sys
2013-08-09 01:56 . 2008-04-14 12:00 386560 ----a-w- d:\windows\system32\themeui.dll
2013-08-09 00:55 . 2008-04-14 12:00 144128 ----a-w- d:\windows\system32\drivers\usbport.sys
2013-08-09 00:55 . 2008-04-14 12:00 32384 ----a-w- d:\windows\system32\drivers\usbccgp.sys
2013-08-09 00:55 . 2008-04-14 12:00 5376 ----a-w- d:\windows\system32\drivers\usbd.sys
2013-08-05 13:30 . 2008-04-14 12:00 1289728 ----a-w- d:\windows\system32\ole32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-14 01:11 2872120 ----a-w- d:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-14 01:11 2872120 ----a-w- d:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-14 01:11 2872120 ----a-w- d:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-12-20 16860672]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"mcui_exe"="d:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 516912]
"APSDaemon"="d:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="d:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"mcpltui_exe"="d:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 516912]
"SunJavaUpdateSched"="d:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2013-10-15 15709984]
"nwiz"="d:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-10-16 2602784]
"NvMediaCenter"="NvMCTray.dll" [2013-10-15 209184]
"Nvtmru"="d:\program files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-09-19 1028896]
.
d:\documents and settings\Paddy\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - d:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
d:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe -s [2004-5-29 53248]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"d:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"d:\\Program Files\\Steam\\Steam.exe"=
"d:\\Program Files\\Steam\\SteamApps\\common\\Red Faction\\RedFaction.exe"=
"d:\\Program Files\\Common Files\\Mcafee\\Platform\\McSvcHost\\McSvHost.exe"=
"d:\\Program Files\\Steam\\SteamApps\\common\\Team Fortress 2\\hl2.exe"=
"d:\\Program Files\\Steam\\SteamApps\\common\\raceroom racing experience\\Game\\RRRE.exe"=
"d:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
.
R0 McPvDrv;McPvDrv Driver;d:\windows\system32\drivers\McPvDrv.sys [11/25/2012 10:33 PM 66296]
R1 mfetdi2k;McAfee Inc. mfetdi2k;d:\windows\system32\drivers\mfetdi2k.sys [7/17/2012 4:09 PM 91736]
R2 McMPFSvc;McAfee Personal Firewall Service;"d:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [1/4/2013 2:11 PM 281560]
R2 mcpltsvc;McAfee Platform Services;"d:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [1/4/2013 2:11 PM 281560]
R2 mfefire;McAfee Firewall Core Service;d:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [1/4/2013 2:11 PM 169320]
R2 mfevtp;McAfee Validation Trust Protection Service;d:\windows\system32\mfevtps.exe [11/25/2012 10:25 PM 172416]
R3 cfwids;McAfee Inc. cfwids;d:\windows\system32\drivers\cfwids.sys [11/9/2012 7:56 AM 60920]
R3 mfefirek;McAfee Inc. mfefirek;d:\windows\system32\drivers\mfefirek.sys [11/9/2012 7:50 AM 365256]
R3 mfendiskmp;mfendiskmp;d:\windows\system32\drivers\mfendisk.sys [8/11/2013 12:55 PM 85064]
S0 cerc6;cerc6; [x]
S1 MOBKFilter;MOBKFilter;d:\windows\system32\drivers\MOBK.sys [11/25/2012 10:33 PM 54776]
S2 HomeNetSvc;McAfee Home Network;"d:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [1/4/2013 2:11 PM 281560]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;d:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/23/2012 1:37 PM 13672]
S2 LANPkt;Realtek LANPkt Protocol Driver;d:\windows\system32\drivers\LANPkt.sys [11/21/2012 2:43 PM 8960]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"d:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [11/25/2012 10:32 PM 167784]
S2 McAPExe;McAfee AP Service;d:\program files\McAfee\MSC\McAPExe.exe [1/4/2013 2:12 PM 145088]
S2 McNaiAnn;McAfee VirusScan Announcer;"d:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [1/4/2013 2:11 PM 281560]
S2 mfecore;McAfee Anti-Malware Core;d:\program files\Common Files\Mcafee\AMCore\mcshield.exe [1/4/2013 2:12 PM 638976]
S2 MOBKbackup;McAfee Online Backup;d:\program files\McAfee Online Backup\MOBKbackup.exe [4/13/2010 9:11 PM 229688]
S3 Diag69xp;Diag69xp;d:\windows\system32\drivers\diag69xp.sys [11/21/2012 2:43 PM 11264]
S3 HipShieldK;McAfee Inc. HipShieldK;d:\windows\system32\drivers\HipShieldK.sys [11/25/2012 10:33 PM 147912]
S3 mfencbdc;McAfee Inc. mfencbdc;d:\windows\system32\drivers\mfencbdc.sys [11/2/2012 2:46 AM 301248]
S3 mfencrk;McAfee Inc. mfencrk;d:\windows\system32\drivers\mfencrk.sys [11/2/2012 2:46 AM 80656]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;d:\windows\system32\drivers\mfendisk.sys [8/11/2013 12:55 PM 85064]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;d:\windows\system32\drivers\RTLVLAN.SYS [11/21/2012 2:43 PM 16640]
S3 scsiscan;SCSI Scanner Driver;d:\windows\system32\drivers\scsiscan.sys [11/24/2012 6:47 PM 11520]
S4 PCPitstop Scheduling;PCPitstop Scheduling;d:\program files\PCPitstop\PCPitstopScheduleService.exe [11/27/2012 8:29 PM 85504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-18 17:38 1185744 ----a-w- d:\program files\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-28 d:\windows\Tasks\Adobe Flash Player Updater.job
- d:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-26 20:41]
.
2013-08-15 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2013-10-27 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2012-11-25 15:03]
.
2013-10-26 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2012-11-25 15:03]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Wajam - d:\program files\Wajam\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-01 11:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@d:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="d:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(932)
d:\windows\system32\msv1_0.dll
.
Completion time: 2013-11-01  11:15:47
ComboFix-quarantined-files.txt  2013-11-01 15:15
.
Pre-Run: 204,251,254,784 bytes free
Post-Run: 204,601,995,264 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(1)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 14251CB50F31088BF4997592FAE7EA4D
8F558EB6672622401DA993E1E865C861


#8 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 01 November 2013 - 08:02 PM

81mYIKe.jpgAdwCleaner
 
Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

------------
 
Post the new log and also let me know how your system is running now.   :)


Posted Image
 
 

#9 Shelby68GT500

Shelby68GT500

    Authentic Member

  • Authentic Member
  • PipPip
  • 82 posts

Posted 01 November 2013 - 08:24 PM

Jeff,  Ok, scanned and cleaned with no issues, but upon reboot (not safe mode), I still had all the corrupted characters and then the windows splash screen came up, then just went to a black screen with nothing.  Had to hold down the power button to bring it back up, but still would only fully boot in safe mode.  Still also having lots of artifacting in the safe mode screen as well.

Last cleaner log below..  Thanks again for your help...

 

Regards, Bob

 

# AdwCleaner v3.010 - Report created 01/11/2013 at 22:13:55
# Updated 20/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Administrator - MUDDY
# Running from : D:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : D:\Documents and Settings\Bob\Local Settings\Application Data\Wajam
Folder Deleted : D:\Documents and Settings\Bob\Application Data\DefaultTab
Folder Deleted : D:\Documents and Settings\Bob\Start Menu\Programs\Wajam
Folder Deleted : D:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Folder Deleted : D:\Documents and Settings\Paddy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
*************************
 
AdwCleaner[R0].txt - [3786 octets] - [01/11/2013 09:01:04]
AdwCleaner[S0].txt - [1742 octets] - [01/11/2013 22:13:55]
 
########## EOF - D:\AdwCleaner\AdwCleaner[S0].txt - [1802 octets] ##########


#10 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 02 November 2013 - 10:02 AM

Just out of curiosity, how long have you had this particular operating system on the computer....I mean without reinstalling or anything?

 

=============================

 

Go ahead and run a new scan this time with OTL and post the new OTL.txt log.  


Posted Image
 
 

    Advertisements

Register to Remove


#11 Shelby68GT500

Shelby68GT500

    Authentic Member

  • Authentic Member
  • PipPip
  • 82 posts

Posted 02 November 2013 - 10:47 AM

Jeff,  This was a clean install about 20 months ago.  I've pulled the cover and vacuumed out the inside, cleaning up the heat sinks for the CPU and also the fan assys.  I also removed the video card and cleaned that up and resinstalled.  This video card has 2 DVI ports on it, so I figured that I'd try the 2nd port to see if some of this problem is with the video port.  The computer booted up just fine using the 2nd DVI port on the video card and with no artifacting at all.  It seems to be running fine at this point, but will repost again later if I run across anything.  Ran the OTL again and the log is below.  Can you tell me if you found anything from all the scans that we've done?

Thank you again for all of your assistance!

Bob

 

OTL logfile created on: 11/2/2013 12:39:10 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Documents and Settings\Bob\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 71.90% Memory free
4.84 Gb Paging File | 4.06 Gb Available in Paging File | 83.98% Paging File free
Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 465.75 Gb Total Space | 395.99 Gb Free Space | 85.02% Space Free | Partition Type: NTFS
Drive D: | 298.08 Gb Total Space | 190.04 Gb Free Space | 63.76% Space Free | Partition Type: NTFS
Drive K: | 3.73 Gb Total Space | 2.56 Gb Free Space | 68.56% Space Free | Partition Type: FAT32
 
Computer Name: MUDDY | User Name: Bob | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Documents and Settings\Bob\Desktop\OTL.exe (OldTimer Tools)
PRC - D:\Program Files\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe (NVIDIA Corporation)
PRC - D:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe (McAfee, Inc.)
PRC - D:\Program Files\McAfee\MAT\McPvTray.exe (McAfee, Inc.)
PRC - d:\Program Files\McAfee\VirusScan\McVsShld.exe (McAfee, Inc.)
PRC - D:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - D:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - D:\WINDOWS\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - D:\Program Files\NVIDIA Corporation\nview\nvShell.dll ()
MOD - d:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_eb65db0e\mscorlib.dll ()
MOD - d:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_2981c1b9\system.drawing.dll ()
MOD - d:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_f8922d30\system.xml.dll ()
MOD - d:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_c16dc11d\system.windows.forms.dll ()
MOD - d:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_d724ad5e\system.dll ()
MOD - d:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - d:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()
MOD - d:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
MOD - d:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()
MOD - d:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll ()
MOD - d:\windows\assembly\gac\hpqcprsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqcprsc.resources.dll ()
MOD - d:\windows\assembly\gac\hpqietpz\3.0.0.0__a53cf5803f4c3827\hpqietpz.dll ()
MOD - d:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll ()
MOD - d:\windows\assembly\gac\lead.wrapper\13.0.0.66__9cf889f53ea9b907\lead.wrapper.dll ()
MOD - d:\windows\assembly\gac\lead\13.0.0.66__9cf889f53ea9b907\lead.dll ()
MOD - d:\windows\assembly\gac\lead.windows.forms\13.0.0.66__9cf889f53ea9b907\lead.windows.forms.dll ()
MOD - d:\windows\assembly\gac\lead.drawing\13.0.0.66__9cf889f53ea9b907\lead.drawing.dll ()
MOD - d:\windows\assembly\gac\hpqtray\3.0.0.0__a53cf5803f4c3827\hpqtray.dll ()
MOD - d:\windows\assembly\gac\hpqtray.resources\3.0.0.0_en_a53cf5803f4c3827\hpqtray.resources.dll ()
MOD - d:\windows\assembly\gac\hpqimgrc\3.0.0.0__a53cf5803f4c3827\hpqimgrc.dll ()
MOD - d:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll ()
MOD - d:\windows\assembly\gac\hpqiface\3.0.0.0__a53cf5803f4c3827\hpqiface.dll ()
MOD - d:\windows\assembly\gac\interop.hpqimgr\1.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll ()
MOD - d:\windows\assembly\gac\hpqgldlg\3.0.0.0__a53cf5803f4c3827\hpqgldlg.dll ()
MOD - d:\windows\assembly\gac\hpqfmrsc\3.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll ()
MOD - d:\windows\assembly\gac\hpqasset\3.0.0.0__a53cf5803f4c3827\hpqasset.dll ()
MOD - d:\windows\assembly\gac\hpqfmrsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqfmrsc.resources.dll ()
MOD - d:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll ()
MOD - d:\windows\assembly\gac\hpqptfnd\3.0.0.0__a53cf5803f4c3827\hpqptfnd.dll ()
MOD - d:\windows\assembly\gac\hpqcmctl\3.0.0.0__a53cf5803f4c3827\hpqcmctl.dll ()
MOD - d:\windows\assembly\gac\hpqccrsc\3.0.0.0__a53cf5803f4c3827\hpqccrsc.dll ()
MOD - d:\windows\assembly\gac\hpqutils\3.0.0.0__a53cf5803f4c3827\hpqutils.dll ()
MOD - d:\windows\assembly\gac\hpqgskin\3.0.0.0__a53cf5803f4c3827\hpqgskin.dll ()
MOD - d:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll ()
MOD - D:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (nvUpdatusService) -- D:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Steam Client Service) -- D:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (mfevtp) -- D:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SRV - (mfefire) -- D:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV - (McAPExe) -- D:\Program Files\McAfee\MSC\McAPExe.exe (McAfee, Inc.)
SRV - (mfecore) -- D:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe (McAfee, Inc.)
SRV - (McODS) -- D:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (0076631383409549mcinstcleanup) -- D:\WINDOWS\temp\0076631383409549mcinst.exe (McAfee, Inc.)
SRV - (MSK80Service) -- D:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- D:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcpltsvc) -- D:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- D:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- D:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (HomeNetSvc) -- D:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (JavaQuickStarterService) -- D:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (McAfee SiteAdvisor Service) -- D:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (IntuitUpdateServiceV4) -- D:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
SRV - (MOBKbackup) -- D:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
SRV - (PCPitstop Scheduling) -- D:\Program Files\PCPitstop\PCPitstopScheduleService.exe (PC Pitstop LLC)
SRV - (WmiApRpl) -- D:\WINDOWS\system32\wbem\wmiaprpl.dll (Microsoft Corporation)
SRV - (Pml Driver HPZ12) -- D:\WINDOWS\system32\HPZipm12.exe (HP)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (cerc6) --  File not found
DRV - (catchme) -- D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys File not found
DRV - (cfwids) -- D:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- D:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (mfehidk) -- D:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- D:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- D:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfefirek) -- D:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfebopk) -- D:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- D:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- D:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (HipShieldK) -- D:\WINDOWS\system32\drivers\HipShieldK.sys (McAfee, Inc.)
DRV - (mfencrk) -- D:\WINDOWS\system32\drivers\mfencrk.sys (McAfee, Inc.)
DRV - (mfencbdc) -- D:\WINDOWS\system32\drivers\mfencbdc.sys (McAfee, Inc.)
DRV - (McPvDrv) -- D:\WINDOWS\system32\drivers\McPvDrv.sys (McAfee, Inc.)
DRV - (MOBKFilter) -- D:\WINDOWS\system32\drivers\MOBK.sys (Mozy, Inc.)
DRV - (WmiApRpl) -- D:\WINDOWS\system32\wbem\wmiaprpl.dll (Microsoft Corporation)
DRV - (MSTAPE) -- D:\WINDOWS\system32\drivers\mstape.sys (Microsoft Corporation)
DRV - (AVCSTRM) -- D:\WINDOWS\system32\drivers\avcstrm.sys (Microsoft Corporation)
DRV - (scsiscan) -- D:\WINDOWS\system32\drivers\scsiscan.sys (Microsoft Corporation)
DRV - (RTLE8023xp) -- D:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (IntcAzAudAddService) -- D:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (Diag69xp) -- D:\WINDOWS\system32\drivers\diag69xp.sys (Realtek Semiconductor Corporation)
DRV - (RTLVLAN) -- D:\WINDOWS\system32\drivers\RTLVLAN.SYS (Realtek Semiconductor Corporation)
DRV - (LANPkt) -- D:\WINDOWS\system32\drivers\LANPkt.sys (Realtek Semiconductor Corporation)
DRV - (ICAM3NT5) -- D:\WINDOWS\system32\drivers\Icam3.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - d:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{47A309B5-FE29-45EE-91B3-3F59E3FCC545}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: D:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: d:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: D:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: D:\Program Files\McAfee\SiteAdvisor [2013/10/04 14:52:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: D:\Program Files\McAfee\MSK [2013/11/02 12:25:55 | 000,000,000 | ---D | M]
 
[2013/08/15 18:51:55 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Bob\Application Data\Mozilla\Extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: McAfee (Enabled)
CHR - default_search_provider: search_url = http://us.yhs4.searc...p={searchTerms}
CHR - default_search_provider: suggest_url = ,
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = D:\Program Files\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = D:\Program Files\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = D:\Program Files\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = D:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = D:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = D:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = D:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = D:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = D:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: iTunes Application Detector (Enabled) = D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = D:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = d:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL
CHR - Extension: YouTube = D:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = D:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: SiteAdvisor = D:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.3.1271_0\
CHR - Extension: TopArcadeHits = D:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gpdgdlcjhlbaphcjmagicjhhgfnkiihp\1.0.0_0\
CHR - Extension: Chrome In-App Payments service = D:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Gmail = D:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013/11/01 11:14:31 | 000,000,027 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - d:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - d:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [APSDaemon] D:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [mcpltui_exe] D:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mcui_exe] D:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] D:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] D:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Nvtmru] D:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] D:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: D:\Documents and Settings\Bob\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = D:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1353524644140 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../PCPitStop2.cab (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC33F931-3CDF-4D9B-80A0-6F6A1A87BDE7}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - D:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - d:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - d:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - d:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (D:\WINDOWS\system32\userinit.exe) - D:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: D:\Documents and Settings\Bob\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: D:\Documents and Settings\Bob\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/10/04 10:54:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/11/02 12:38:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\Bob\Desktop\OTL.exe
[2013/11/02 12:35:55 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Bob\Local Settings\Application Data\NVIDIA
[2013/11/02 12:34:08 | 000,000,000 | -HSD | C] -- D:\RECYCLER
[2013/11/02 12:24:27 | 000,000,000 | ---D | C] -- D:\WINDOWS\LastGood
[2013/11/01 11:15:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\temp
[2013/11/01 11:04:10 | 000,000,000 | -HSD | C] -- D:\WINDOWS\CSC
[2013/11/01 10:06:25 | 000,518,144 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWREG.exe
[2013/11/01 10:06:25 | 000,406,528 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWSC.exe
[2013/11/01 10:06:25 | 000,212,480 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWXCACLS.exe
[2013/11/01 10:06:25 | 000,060,416 | ---- | C] (NirSoft) -- D:\WINDOWS\NIRCMD.exe
[2013/11/01 10:06:18 | 000,000,000 | ---D | C] -- D:\Qoobox
[2013/11/01 10:05:59 | 000,000,000 | ---D | C] -- D:\WINDOWS\erdnt
[2013/11/01 09:00:57 | 000,000,000 | ---D | C] -- D:\AdwCleaner
[2013/10/25 12:36:24 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\NVIDIA Corporation
[2013/10/25 12:36:04 | 000,000,000 | ---D | C] -- D:\Program Files\AGEIA Technologies
[2013/10/25 12:35:11 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2013/10/25 12:35:02 | 015,709,984 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvcpl.dll
[2013/10/25 12:35:02 | 000,209,184 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvmctray.dll
[2013/10/25 12:35:02 | 000,054,272 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvwddi.dll
[2013/10/25 12:31:04 | 009,457,664 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvopencl.dll
[2013/10/25 12:31:04 | 001,049,888 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvdispco3233158.dll
[2013/10/25 12:31:04 | 000,893,728 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvdispgenco3233158.dll
[2013/10/25 12:18:16 | 000,000,000 | ---D | C] -- D:\NVIDIA
[2013/10/25 12:16:07 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\NVIDIA
[2013/10/17 23:19:54 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\XPSViewer
[2013/10/17 23:19:50 | 000,000,000 | ---D | C] -- D:\Program Files\MSBuild
[2013/10/17 23:19:44 | 000,000,000 | ---D | C] -- D:\Program Files\Reference Assemblies
[2013/10/17 23:19:17 | 000,117,760 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\prntvpt.dll
[2013/10/17 23:19:16 | 001,676,288 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\xpssvcs.dll
[3 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
[1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/11/02 12:38:50 | 000,000,880 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/02 12:36:59 | 000,001,006 | ---- | M] () -- D:\WINDOWS\System32\nvAppTimestamps
[2013/11/02 12:34:46 | 000,000,876 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/02 12:27:34 | 000,503,068 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat
[2013/11/02 12:27:34 | 000,088,466 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat
[2013/11/02 12:12:48 | 000,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2013/11/02 12:12:25 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2013/11/01 11:14:31 | 000,000,027 | ---- | M] () -- D:\WINDOWS\System32\drivers\etc\hosts
[2013/10/28 08:05:00 | 000,000,830 | ---- | M] () -- D:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/10/28 08:00:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Bob\Desktop\OTL.exe
[2013/10/25 15:06:46 | 000,020,257 | ---- | M] () -- D:\Documents and Settings\Bob\My Documents\Medical Assistant.odt
[2013/10/25 12:34:49 | 001,125,540 | ---- | M] () -- D:\WINDOWS\System32\nvdrsdb0.bin
[2013/10/25 12:34:49 | 000,000,001 | ---- | M] () -- D:\WINDOWS\System32\nvdrssel.bin
[2013/10/25 12:34:46 | 001,125,540 | ---- | M] () -- D:\WINDOWS\System32\nvdrsdb1.bin
[2013/10/18 08:15:36 | 000,138,848 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2013/10/15 20:32:54 | 022,171,648 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvoglnt.dll
[2013/10/15 20:32:54 | 017,551,360 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvcompiler.dll
[2013/10/15 20:32:54 | 009,498,624 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvcuda.dll
[2013/10/15 20:32:54 | 009,457,664 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvopencl.dll
[2013/10/15 20:32:54 | 004,077,440 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\System32\nv4_disp.dll
[2013/10/15 20:32:54 | 003,555,144 | ---- | M] () -- D:\WINDOWS\System32\nvdata.data
[2013/10/15 20:32:54 | 002,951,968 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvcuvid.dll
[2013/10/15 20:32:54 | 002,747,168 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvcuvenc.dll
[2013/10/15 20:32:54 | 002,631,680 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvapi.dll
[2013/10/15 20:32:54 | 001,049,888 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvdispco3233158.dll
[2013/10/15 20:32:54 | 000,893,728 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvdispgenco3233158.dll
[2013/10/15 20:32:54 | 000,018,598 | ---- | M] () -- D:\WINDOWS\System32\nvinfo.pb
[2013/10/15 18:26:39 | 000,054,272 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvwddi.dll
[2013/10/15 18:26:37 | 015,709,984 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvcpl.dll
[2013/10/15 18:26:36 | 000,209,184 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvmctray.dll
[2013/10/09 21:33:34 | 000,001,374 | ---- | M] () -- D:\WINDOWS\imsins.BAK
[2013/10/06 09:30:26 | 000,021,504 | ---- | M] () -- D:\Documents and Settings\Bob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[3 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
[1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/11/01 10:06:25 | 000,256,000 | ---- | C] () -- D:\WINDOWS\PEV.exe
[2013/11/01 10:06:25 | 000,208,896 | ---- | C] () -- D:\WINDOWS\MBR.exe
[2013/11/01 10:06:25 | 000,098,816 | ---- | C] () -- D:\WINDOWS\sed.exe
[2013/11/01 10:06:25 | 000,080,412 | ---- | C] () -- D:\WINDOWS\grep.exe
[2013/11/01 10:06:25 | 000,068,096 | ---- | C] () -- D:\WINDOWS\zip.exe
[2013/10/25 14:39:42 | 000,001,006 | ---- | C] () -- D:\WINDOWS\System32\nvAppTimestamps
[2013/10/25 11:28:34 | 000,020,257 | ---- | C] () -- D:\Documents and Settings\Bob\My Documents\Medical Assistant.odt
[2013/03/04 12:02:35 | 000,000,590 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2013/01/11 15:32:48 | 000,004,142 | ---- | C] () -- D:\WINDOWS\estwn323.ini
[2013/01/11 15:09:21 | 000,000,021 | ---- | C] () -- D:\WINDOWS\Epscan2.INI
[2012/12/02 17:59:03 | 000,000,126 | ---- | C] () -- D:\Documents and Settings\Bob\Local Settings\Application Data\fusioncache.dat
[2012/12/01 13:45:42 | 000,104,194 | ---- | C] () -- D:\WINDOWS\hpoins04.dat
[2012/12/01 13:45:42 | 000,017,176 | ---- | C] () -- D:\WINDOWS\hpomdl04.dat
[2012/11/29 15:02:18 | 000,112,640 | ---- | C] () -- D:\WINDOWS\System32\ff_vfw.dll
[2012/11/25 10:42:47 | 000,021,504 | ---- | C] () -- D:\Documents and Settings\Bob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/21 15:13:45 | 000,003,072 | ---- | C] () -- D:\WINDOWS\System32\iacenc.dll
[2012/11/21 14:52:57 | 001,125,540 | ---- | C] () -- D:\WINDOWS\System32\nvdrsdb1.bin
[2012/11/21 14:52:57 | 001,125,540 | ---- | C] () -- D:\WINDOWS\System32\nvdrsdb0.bin
[2012/11/21 14:52:57 | 000,000,001 | ---- | C] () -- D:\WINDOWS\System32\nvdrssel.bin
[2012/11/21 14:41:08 | 000,049,152 | ---- | C] () -- D:\WINDOWS\System32\ChCfg.exe
[2012/11/21 14:31:32 | 000,876,544 | ---- | C] () -- D:\WINDOWS\System32\TEACico2.dll
[2012/02/09 23:40:00 | 003,555,144 | ---- | C] () -- D:\WINDOWS\System32\nvdata.data
 
========== ZeroAccess Check ==========
 
[2012/11/27 21:51:26 | 000,000,227 | RHS- | M] () -- D:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/08/30 16:29:36 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 08:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
< End of report >


#12 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 02 November 2013 - 01:08 PM

Hi,

 

Ok thanks for letting me know.  Go ahead and run it for a while and see how it is going and then let me know later.  If all is good we can remove our tools.  :)


Posted Image
 
 

#13 Shelby68GT500

Shelby68GT500

    Authentic Member

  • Authentic Member
  • PipPip
  • 82 posts

Posted 02 November 2013 - 01:20 PM

Jeff,  will do.. it still seems to be running fine currently and my son has been on there running Steam and Minecraft for over an hour now.  Did you find any malware from the scans that we ran though?  I'll keep you appraised and thank you again for your help!

 

Regards, Bob



#14 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 03 November 2013 - 07:06 AM

Sounds great!! Let's check for anything else that might be hiding in there before you go. :)

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

-------------------

GUZVCQN.jpg Please download Malwarebytes Anti-Malware to your desktop.

  • Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan as shown below.

    A3npGzM.jpg
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.

The log can also be found here:

Windows 2000 & Windows XP:
C:\Documents and Settings\<USERNAME>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs

Windows Vista & Win7:
C:\Users\<USERNAME>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs
----------

ESET Online Scanner

Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.

----------


Posted Image
 
 

#15 Shelby68GT500

Shelby68GT500

    Authentic Member

  • Authentic Member
  • PipPip
  • 82 posts

Posted 04 November 2013 - 10:35 AM

Jeff,  Well it ran fine for about 1 day, then back to all the same symptoms again.  I can now only start the computer in safe mode again.  I did replace the DVI cable, just in case it might have been causing some of these issues, but the new cable does not change anything.  I have run the JRT, Malwarebytes and the ESET scanner and have pasted the results below.  I could not run the Malwarebytes as administrator in safe mode though.  Upon reboot (normal) from Malwarebytes, the computer black-screened and I had to bring it back up in safe mode again.  Once in safe mode, after a few minutes, my screen all of a sudden just changed to a much lower resolution (ie 640x480), but I was able to get onto the eset site for its scan.  I still have ESET open currenly to the page of all the threats.  I look forward to hearing from you and thanks again for your help.

 

Regards, Bob

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Microsoft Windows XP x86
Ran by Paddy on Mon 11/04/2013 at  9:34:29.56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "D:\Documents and Settings\Paddy\start menu\programs\toparcadehits"
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] D:\Documents and Settings\Paddy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gpdgdlcjhlbaphcjmagicjhhgfnkiihp
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 11/04/2013 at  9:36:29.09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.11.04.05
 
Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Paddy :: MUDDY [administrator]
 
11/4/2013 9:39:32 AM
mbam-log-2013-11-04 (09-39-32).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 277020
Time elapsed: 7 minute(s), 45 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CF190686-9E72-403C-B99D-682ABDB63C5B} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 11
D:\Documents and Settings\Bob\Start Menu\Programs\TopArcadeHits (Adware.GameVance) -> Quarantined and deleted successfully.
D:\Documents and Settings\Bob\Local Settings\Application Data\TopArcadeHits (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
D:\Documents and Settings\Bob\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
D:\Documents and Settings\Bob\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
D:\Documents and Settings\Bob\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome\content (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
D:\Documents and Settings\Bob\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\skin (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
D:\Documents and Settings\Paddy\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
D:\Documents and Settings\Paddy\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
D:\Documents and Settings\Paddy\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome\content (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
D:\Documents and Settings\Paddy\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\skin (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
D:\Documents and Settings\Bob\Local Settings\Temp\ct3298573 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
 
Files Detected: 32
D:\Documents and Settings\Bob\Local Settings\Temp\checktbexist.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
D:\Documents and Settings\Bob\Local Settings\Temp\mconduitinstaller.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
D:\Documents and Settings\Bob\Local Settings\Temp\ct3298573\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
D:\Documents and Settings\Bob\Local Settings\Temp\ct3298573\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
D:\Documents and Settings\Bob\Local Settings\Temp\ct3298573\stub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
D:\Documents and Settings\Bob\Local Settings\Temp\nswBE.tmp\13\wajam_ch_7102013.exe (PUP.Optional.Wajam) -> Quarantined and deleted successfully.
D:\Documents and Settings\Bob\Local Settings\Application Data\TopArcadeHits\uninstaller.exe (Adware.GameVance) -> Quarantined and deleted successfully.
D:\Documents and Settings\Bob\Local Settings\Application Data\TopArcadeHits\updater.exe (Adware.GameVance) -> Quarantined and deleted successfully.
D:\Documents and Settings\Bob\Local Settings\Temporary Internet Files\Content.IE5\AK0GO619\statisticsstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
D:\Documents and Settings\Bob\Local Settings\Temporary Internet Files\Content.IE5\CM1WKKGT\conduitinstaller[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
D:\Documents and Settings\Bob\Local Settings\Temporary Internet Files\Content.IE5\M3UC63A3\checktbexist[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
D:\Documents and Settings\Bob\Local Settings\Temporary Internet Files\Content.IE5\MQJ75HIR\conduitinstaller[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
D:\Documents and Settings\Bob\Start Menu\Programs\TopArcadeHits\Play Toparcadehits Online.url (Adware.GameVance) -> Quarantined and deleted successfully.
D:\Documents and Settings\Bob\Start Menu\Programs\TopArcadeHits\Uninstall Toparcadehits.lnk (Adware.GameVance) -> Quarantined and deleted successfully.
D:\Documents and Settings\Bob\Local Settings\Application Data\TopArcadeHits\tah.config (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
D:\Documents and Settings\Bob\Local Settings\Application Data\TopArcadeHits\Toparcadehits.dll (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
D:\Documents and Settings\Bob\Local Settings\Application Data\TopArcadeHits\uninstaller.exe (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
D:\Documents and Settings\Bob\Local Settings\Application Data\TopArcadeHits\updater.exe (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
D:\Documents and Settings\Bob\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome.manifest (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
D:\Documents and Settings\Bob\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\icon.png (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
D:\Documents and Settings\Bob\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\install.rdf (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
D:\Documents and Settings\Bob\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome\content\browser.xul (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
D:\Documents and Settings\Bob\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome\content\toparcadehits.js (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
D:\Documents and Settings\Bob\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\skin\style.css (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
D:\Documents and Settings\Paddy\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome.manifest (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
D:\Documents and Settings\Paddy\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\icon.png (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
D:\Documents and Settings\Paddy\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\install.rdf (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
D:\Documents and Settings\Paddy\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome\content\browser.xul (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
D:\Documents and Settings\Paddy\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome\content\toparcadehits.js (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
D:\Documents and Settings\Paddy\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\skin\style.css (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
D:\Documents and Settings\Bob\Local Settings\Temp\ct3298573\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
D:\Documents and Settings\Bob\Local Settings\Temp\ct3298573\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
 
(end)
 
ESET Scan:
 
C:\Downloads\cbsidlm-tr1_14-Steam-SEO-97526.exe Win32/DownloadAdmin.G application
C:\Downloads\playalotgames_d146490.exe a variant of Win32/InstallIQ.A application
C:\Software\AVStoDVD_251_Install.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Software\dvdburning_d165404.exe a variant of Win32/InstallIQ.A application
C:\Software\m4a-to-mp3-converter.exe a variant of Win32/Bundled.Toolbar.Ask application
D:\AdwCleaner\Quarantine\D\Documents and Settings\Bob\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll.vir Win32/Toolbar.DefaultTab.A application
D:\AdwCleaner\Quarantine\D\Documents and Settings\Bob\Application Data\DefaultTab\DefaultTab\DefaultTabStart.exe.vir Win32/Toolbar.DefaultTab.A application
D:\AdwCleaner\Quarantine\D\Documents and Settings\Bob\Application Data\DefaultTab\DefaultTab\DefaultTabStart64.exe.vir Win64/Toolbar.DefaultTab.A application
D:\AdwCleaner\Quarantine\D\Documents and Settings\Bob\Application Data\DefaultTab\DefaultTab\DefaultTabWrap.dll.vir Win32/Toolbar.DefaultTab.A application
D:\AdwCleaner\Quarantine\D\Documents and Settings\Bob\Application Data\DefaultTab\DefaultTab\DefaultTabWrap64.dll.vir Win64/Toolbar.DefaultTab.A application
D:\AdwCleaner\Quarantine\D\Documents and Settings\Bob\Application Data\DefaultTab\DefaultTab\DTUpdate.exe.vir Win32/Toolbar.DefaultTab.A application
D:\Documents and Settings\Bob\Local Settings\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application
D:\Software\m4a-to-mp3-converter.exe a variant of Win32/Bundled.Toolbar.Ask application
D:\System Volume Information\_restore{0057B4D1-9638-4B91-BCBB-696F88877159}\RP327\A0062533.dll Win32/Toolbar.DefaultTab.A application
D:\System Volume Information\_restore{0057B4D1-9638-4B91-BCBB-696F88877159}\RP327\A0062534.exe Win32/Toolbar.DefaultTab.A application
D:\System Volume Information\_restore{0057B4D1-9638-4B91-BCBB-696F88877159}\RP327\A0062535.exe Win64/Toolbar.DefaultTab.A application
D:\System Volume Information\_restore{0057B4D1-9638-4B91-BCBB-696F88877159}\RP327\A0062537.dll Win32/Toolbar.DefaultTab.A application
D:\System Volume Information\_restore{0057B4D1-9638-4B91-BCBB-696F88877159}\RP327\A0062538.dll Win64/Toolbar.DefaultTab.A application
D:\System Volume Information\_restore{0057B4D1-9638-4B91-BCBB-696F88877159}\RP327\A0062540.exe Win32/Toolbar.DefaultTab.A application
 
 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users