0

I have been trying to remove this virus without having to pay a further £60 to either Norton or McAfee. I have run GMER and DDS scans as well as running Malwarebytes anti-malware. All the detials are attached. I have followed the instructions on various web pages but nothing seems to work. I cannot even find a HOST directory in C:\Windows\System32\drivers\etc to check if ther are any modified entries below 127.0.0.1 localhost

Please help


EDIT by jholland1964
We prefer that logs be copy/pasted and not attached. This saves helpers from possibly opening files containing infections.

Edited by jholland1964: n/a

3
Contributors
16
Replies
17
Views
6 Years
Discussion Span
Last Post by ajcb
0

We would prefer that logs be copy/pasted and not attached. Have done this with your attached logs and removed the attachments.


DDS (Ver_10-12-12.02) - NTFSx86
Run by Adrian at 18:11:07.71 on 18/12/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2558.1661 [GMT 0:00]

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled*

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee\VirusScan\mcods.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE
C:\Program Files\Norton Utilities 14\nu.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\DriverHive\DriverHiveTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Documents and Settings\Adrian\Desktop\dds.scr
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101127105800.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - No File
TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [EPSON Stylus DX4800 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /M "Stylus DX4800" /EF "HKCU"
uRun: [NortonUtilities] c:\program files\norton utilities 14\nu.exe /H
uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [EPSON Stylus DX4800 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiade.exe /f "c:\windows\temp\E_SB4.tmp" /EF "HKLM"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [%FP%Friendly fts.exe] "c:\program files\voyagertest\fts.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [EPSON Stylus DX4800 Series (Copy 1)] c:\windows\system32\spool\drivers\w32x86\3\e_fatiade.exe /f "c:\windows\temp\E_S6C.tmp" /EF "HKLM"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Nikon Message Center 2] c:\program files\nikon\nikon message center 2\NkMC2.exe -s
mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35[1].exe" /scan:boot
mRun: [DriverHiveTray] c:\program files\driverhive\DriverHiveTray.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\adrian\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} - hxxp://www.miniclip.com/igloader/igloader.CAB
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\adrian\applic~1\mozilla\firefox\profiles\umdc79jm.default\
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1591.6512\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-13 386840]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2010-10-3 59240]
R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [2010-10-14 3026]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-11-27 84072]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 RapportCerberus_19917;RapportCerberus_19917;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\19917\RapportCerberus_19917.sys [2010-10-3 34792]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-10-3 169320]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-11-27 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-11-27 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-11-27 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-11-27 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-11-27 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-11-27 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-11-27 141792]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\PfModNT.sys [2007-3-22 15840]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-10-3 767208]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
R2 WTService;WTService;c:\windows\system32\atwtusb.exe -s --> c:\windows\system32\atwtusb.exe -s [?]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-11-27 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-11-27 152960]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-11-27 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-11-27 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-11-27 88544]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-11-27 84264]
S2 gupdate1c9b9d3a7644858;Google Update Service (gupdate1c9b9d3a7644858);c:\program files\google\update\GoogleUpdate.exe [2009-4-10 133104]
S3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys --> c:\windows\system32\drivers\bcgame.sys [?]
S3 bfastfao;bfastfao;\??\c:\docume~1\alex\locals~1\temp\bfastfao.sys --> c:\docume~1\alex\locals~1\temp\bfastfao.sys [?]
S3 cpuz132;cpuz132;\??\c:\docume~1\adrian\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\adrian\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-11-27 88544]
S4 m5287;m5287;c:\windows\system32\drivers\m5287.sys [2005-11-25 85888]
S4 m5289;m5289;c:\windows\system32\drivers\m5289.sys [2005-11-25 51840]

=============== Created Last 30 ================

2010-12-17 20:37:14 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{8985c3ad-a2b5-46cf-8381-6c4070569962}\mpengine.dll
2010-12-17 20:37:06 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-17 20:29:07 -------- d-----w- c:\program files\Microsoft Security Client
2010-12-17 19:18:23 77912 ----a-w- c:\windows\system32\drivers\klmdb.sys
2010-12-17 18:55:30 -------- d-----w- c:\docume~1\alluse~1\applic~1\BSD
2010-12-17 18:55:30 -------- d-----w- c:\docume~1\adrian\applic~1\BSD
2010-12-17 18:55:11 2226176 ----a-w- c:\windows\bsdsetup.dll
2010-12-17 18:55:11 -------- d-----w- c:\program files\DriverHive
2010-12-17 18:47:32 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-12-17 18:35:34 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-12-17 18:34:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2010-12-17 18:32:28 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2010-12-16 19:30:10 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-16 19:27:05 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-13 13:55:06 -------- d-----w- C:\DeusEx
2010-12-11 21:07:25 2829 ----a-w- c:\windows\War3Unin.pif
2010-12-11 21:07:25 126976 ----a-w- c:\windows\War3Unin.exe
2010-12-11 20:48:32 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-12-11 20:48:14 -------- d-----w- c:\docume~1\adrian\applic~1\DAEMON Tools Lite
2010-12-11 18:48:51 -------- d-----w- c:\program files\common files\Blizzard Entertainment
2010-12-11 18:48:49 -------- d-----w- c:\program files\World of Warcraft
2010-12-11 18:47:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\Blizzard Entertainment
2010-12-01 22:28:31 -------- d-----w- c:\docume~1\adrian\applic~1\Malwarebytes
2010-12-01 22:28:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-01 22:28:16 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-12-01 22:28:13 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-01 22:28:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-29 22:18:48 -------- d-----w- c:\program files\Karen's Power Tools
2010-11-29 22:18:02 -------- d-----w- c:\docume~1\alluse~1\applic~1\Karen's Power Tools
2010-11-28 19:52:08 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{6DAA3B20-D487-4FA2-81D5-50404CCB868D}
2010-11-28 19:51:40 -------- d-----w- c:\docume~1\adrian\locals~1\applic~1\PackageAware
2010-11-28 15:43:12 -------- d-----w- c:\docume~1\alluse~1\applic~1\Percussion Kit
2010-11-28 15:43:11 -------- d-----w- c:\docume~1\alluse~1\applic~1\Organs
2010-11-28 15:43:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\Multipressor
2010-11-27 18:33:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\Citrix
2010-11-27 18:19:15 -------- d-----w- c:\program files\Citrix
2010-11-27 18:19:05 -------- d-----w- c:\docume~1\adrian\locals~1\applic~1\Citrix
2010-11-27 18:12:25 -------- d-----w- c:\docume~1\adrian\applic~1\McAfee
2010-11-27 12:57:18 -------- d-----w- c:\program files\Support Tools
2010-11-27 10:58:00 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2010-11-27 10:57:58 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-11-27 10:57:45 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-11-27 10:57:45 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-11-27 10:57:45 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-11-27 10:57:45 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-11-27 10:57:45 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-11-27 10:57:45 313288 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-11-27 10:57:45 152960 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-11-27 10:57:36 -------- d-----w- c:\program files\common files\Mcafee
2010-11-27 10:57:34 -------- d-----w- c:\program files\McAfee.com
2010-11-27 10:57:23 -------- d-----w- c:\program files\McAfee
2010-11-27 10:36:40 141792 ----a-w- c:\windows\system32\mfevtps.exe
2010-11-18 18:12:44 81920 -c----w- c:\windows\system32\dllcache\isign32.dll

==================== Find3M ====================

2010-12-13 18:02:38 240592 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-12-13 18:02:38 240592 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-12-13 18:02:38 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-11-28 15:39:12 106496 ----a-w- c:\windows\system32\ATL71.DLL
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-16 18:55:00 888424 ----a-w- c:\windows\system32\nvdispco32.dll
2010-10-16 18:55:00 813672 ----a-w- c:\windows\system32\nvgenco32.dll
2010-10-16 18:55:00 6359552 ----a-w- c:\windows\system32\nv4_disp.dll
2010-10-16 18:55:00 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-10-16 18:55:00 4882432 ----a-w- c:\windows\system32\nvcuda.dll
2010-10-16 18:55:00 2932840 ----a-w- c:\windows\system32\nvcuvid.dll
2010-10-16 18:55:00 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-10-16 18:55:00 2293194 ----a-w- c:\windows\system32\nvdata.bin
2010-10-16 18:55:00 1462272 ----a-w- c:\windows\system32\nvapi.dll
2010-10-16 18:55:00 14532608 ----a-w- c:\windows\system32\nvoglnt.dll
2010-10-16 18:55:00 13012992 ----a-w- c:\windows\system32\nvcompiler.dll
2010-10-16 11:04:22 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-10-16 11:04:16 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-10-16 11:04:16 13851752 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 11:04:16 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-16 11:04:14 156776 ----a-w- c:\windows\system32\nvsvc32.exe
2010-10-16 11:04:14 145000 ----a-w- c:\windows\system32\nvcolor.exe

============= FINISH: 18:13:03.12 ===============

*********

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 03/04/2007 19:25:57
System Uptime: 17/12/2010 11:32:47 (31 hours ago)

Motherboard: ASUSTeK Computer INC. | | M2N-SLI DELUXE
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ | Socket AM2 | 2009/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 186 GiB total, 61.978 GiB free.
D: is CDROM ()
E: is CDROM ()
G: is CDROM ()
H: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: ASUS 802.11b/g Wireless LAN Card
Device ID: PCI\VEN_1814&DEV_0201&SUBSYS_130F1043&REV_01\4&2BE4B97F&0&3030
Manufacturer: ASUSTeK Computer Inc.
Name: ASUS 802.11b/g Wireless LAN Card
PNP Device ID: PCI\VEN_1814&DEV_0201&SUBSYS_130F1043&REV_01\4&2BE4B97F&0&3030
Service: RT2500

==== System Restore Points ===================

RP678: 23/09/2010 19:44:13 - System Checkpoint
RP679: 24/09/2010 20:58:58 - System Checkpoint
RP680: 26/09/2010 15:35:55 - System Checkpoint
RP681: 27/09/2010 21:37:57 - Software Distribution Service 3.0
RP682: 27/09/2010 22:07:38 - Software Distribution Service 3.0
RP683: 02/10/2010 09:25:23 - Software Distribution Service 3.0
RP684: 02/10/2010 11:17:09 - VRQTool v5.0.2.10
RP685: 03/10/2010 17:57:50 - System Checkpoint
RP686: 04/10/2010 21:08:18 - System Checkpoint
RP687: 06/10/2010 20:24:02 - System Checkpoint
RP688: 07/10/2010 20:38:46 - System Checkpoint
RP689: 08/10/2010 00:27:26 - Software Distribution Service 3.0
RP690: 09/10/2010 13:03:38 - Removed Adobe Reader 8.2.4
RP691: 09/10/2010 13:04:57 - Installed Adobe Reader 9.4.0.
RP692: 09/10/2010 13:07:37 - Made by Norton Utilities O
RP693: 09/10/2010 16:03:15 - Unsigned driver install
RP694: 09/10/2010 17:56:01 - Restore Operation
RP695: 09/10/2010 17:56:33 - Unsigned driver install
RP696: 09/10/2010 18:01:17 - Restore Operation
RP697: 09/10/2010 18:07:02 - Unsigned driver install
RP698: 09/10/2010 18:43:34 - Unsigned driver install
RP699: 10/10/2010 16:44:50 - Update to an unsigned driver
RP700: 10/10/2010 17:00:07 - Update to an unsigned driver
RP701: 10/10/2010 22:45:16 - Made by Norton Utilities O
RP702: 10/10/2010 22:52:10 - Installed EPSON EasyPrintModule
RP703: 10/10/2010 22:52:46 - Installed Adobe ICC Profile Setup
RP704: 10/10/2010 22:53:26 - Configured EPSON Easy Photo Print
RP705: 10/10/2010 22:54:38 - Installed InstallShield Restore Point
RP706: 10/10/2010 22:55:54 - Configured EPSON Attach To Email
RP707: 10/10/2010 22:56:27 - Installed EPSON Image Clip Palette
RP708: 10/10/2010 22:57:05 - Installed EPSON Scan Assistant
RP709: 10/10/2010 22:57:29 - Configured EPSON File Manager
RP710: 10/10/2010 23:17:45 - Unsigned printer driver EPSON Stylus DX4800 Series installed.
RP711: 11/10/2010 07:36:50 - Unsigned driver install
RP712: 11/10/2010 08:09:29 - Installed EPSON EasyPrintModule
RP713: 11/10/2010 08:10:20 - Installed Adobe ICC Profile Setup
RP714: 11/10/2010 08:11:43 - Configured EPSON Easy Photo Print
RP715: 11/10/2010 08:12:06 - Installed InstallShield Restore Point
RP716: 11/10/2010 08:13:22 - Configured EPSON Attach To Email
RP717: 11/10/2010 08:14:16 - Configured EPSON File Manager
RP718: 12/10/2010 20:19:52 - System Checkpoint
RP719: 13/10/2010 02:01:04 - Installed MSM2MSI_gstudio
RP720: 16/10/2010 08:31:00 - Installed Rapport
RP721: 16/10/2010 08:35:09 - Software Distribution Service 3.0
RP722: 16/10/2010 11:18:42 - Software Distribution Service 3.0
RP723: 17/10/2010 12:40:39 - System Checkpoint
RP724: 18/10/2010 21:17:59 - System Checkpoint
RP725: 22/10/2010 10:17:55 - System Checkpoint
RP726: 22/10/2010 16:26:40 - Installed Java(TM) 6 Update 22
RP727: 25/10/2010 15:58:21 - System Checkpoint
RP728: 25/10/2010 20:02:07 - Installed RuneScape Launcher 1.0.4
RP729: 26/10/2010 20:08:24 - System Checkpoint
RP730: 27/10/2010 20:21:17 - System Checkpoint
RP731: 30/10/2010 11:17:30 - Made by Norton Utilities O
RP732: 30/10/2010 11:27:07 - Made by Norton Utilities O
RP733: 31/10/2010 17:23:53 - System Checkpoint
RP734: 03/11/2010 18:43:42 - System Checkpoint
RP735: 04/11/2010 22:01:37 - System Checkpoint
RP736: 10/11/2010 08:18:59 - Software Distribution Service 3.0
RP737: 11/11/2010 03:00:32 - Software Distribution Service 3.0
RP738: 13/11/2010 11:49:11 - System Checkpoint
RP739: 14/11/2010 15:22:05 - System Checkpoint
RP740: 14/11/2010 17:07:48 - Installed "ViewNX 2"
RP741: 14/11/2010 17:33:30 - Removed ViewNX 2.
RP742: 14/11/2010 17:45:02 - Installed "ViewNX 2"
RP743: 15/11/2010 18:53:39 - System Checkpoint
RP744: 16/11/2010 20:06:54 - System Checkpoint
RP745: 19/11/2010 09:15:20 - System Checkpoint
RP746: 20/11/2010 12:22:26 - System Checkpoint
RP747: 21/11/2010 13:49:44 - System Checkpoint
RP748: 27/11/2010 11:52:24 - System Checkpoint
RP749: 27/11/2010 12:56:13 - Installed Windows Support Tools
RP750: 28/11/2010 13:07:54 - System Checkpoint
RP751: 28/11/2010 13:38:48 - Removed ViewNX 2.
RP752: 28/11/2010 13:39:44 - Removed Nikon File Uploader 2.
RP753: 28/11/2010 13:42:07 - Removed Nikon Message Center 2.
RP754: 28/11/2010 13:55:23 - Installed NEF Codec
RP755: 28/11/2010 15:38:47 - Installed "ViewNX 2"
RP756: 28/11/2010 17:56:09 - Installed "ViewNX 2"
RP757: 29/11/2010 22:02:26 - Removed Driver Detective.
RP758: 30/11/2010 22:30:20 - System Checkpoint
RP759: 01/12/2010 08:10:30 - Cleaned registry with Windows Live OneCare safety scanner
RP760: 05/12/2010 17:38:06 - System Checkpoint
RP761: 11/12/2010 18:25:38 - System Checkpoint
RP762: 11/12/2010 20:48:54 - SPTD setup V1.62
RP763: 13/12/2010 16:18:10 - System Checkpoint
RP764: 16/12/2010 22:27:54 - Software Distribution Service 3.0
RP765: 17/12/2010 20:13:48 - Software Distribution Service 3.0
RP766: 17/12/2010 20:15:47 - Software Distribution Service 3.0
RP767: 17/12/2010 20:37:05 - Software Distribution Service 3.0

==== Installed Programs ======================


7-Zip 4.58 beta
Adobe AIR
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 2.0
Adobe Photoshop Elements 4.0
Adobe Premiere Elements 2.0
Adobe Reader 9.4.1
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BlackBerry Desktop Software 5.0.1
BlackBerry Desktop Software 6.0
Bonjour
BT Voyager 105 ADSL Modem
BT Voyager Modem AOL Test
Compatibility Pack for the 2007 Office system
Creative MediaSource
Creative System Information
Critical Update for Windows Media Player 11 (KB959772)
Delta Force
Deus Ex
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
DriverHive
DVD Suite
EA Download Manager
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Easy Photo Print
EPSON File Manager
EPSON Image Clip Palette
EPSON Printer Software
EPSON Scan
EPSON Scan Assistant
EPSON Web-To-Page
ESDX4800_4200 User's Guide
Far Cry (Patch 1.4)
Favorit
Final Fantasy VII - Ultima Edition
Final Fantasy VII XP Patch
GameSpy Arcade
Gamestudio A8
gmax
Google Earth
Google Update Helper
Half-Life 2
Half-Life 2: Episode One
Half-Life 2: Episode Two
Half-Life 2: Lost Coast
Highlight Viewer (Windows Live Toolbar)
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
Hitman Pro 3.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
iTunes
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Karen's Cookie Viewer
Learn2 Player (Uninstall Only)
LG ODD Auto Firmware Update
Lite-C
Logic3 12-button with vibration (Ver. 3.0)
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
McAfee AntiVirus Plus
McAfee Security Scan Plus
McAfee Virtual Technician
MediaShow 3.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Age of Empires II
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Standard Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft WSE 3.0 Runtime
MobileMe Control Panel
Mozilla Firefox (3.0.8)
MSM2MSI_gstudio
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NEF Codec
Nikon File Uploader 2
Nikon Message Center 2
Norton Security Scan
Norton Utilities
NortonVRQ
NVIDIA Control Panel 260.99
NVIDIA Drivers
NVIDIA Graphics Driver 260.99
NVIDIA Install Application
NVIDIA nView 135.36
NVIDIA nView Desktop Manager
NVIDIA PhysX
OpenAL
OpenOffice.org Installer 1.0
PCI SoftV92 Modem
Pen Pad Driver with Macro Key Manager
Picture Control Utility
PIF DESIGNER
Portal
Power2Go 4.0
PowerBackup 1.0
PowerCinema 4.0
PowerDirector Express
PowerDVD
PowerDVD Copy 1.0
PowerProducer
Project64 1.6
QuickTime
Rapport
Real-Draw PRO 4.0
RealOne Player
RT2500 Wireless LAN Card
RuneScape Launcher 1.0.4
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shogun - Total War - Gold Edition
Skype Toolbars
Skype™ 4.2
Smart Menus (Windows Live Toolbar)
Sound Blaster Audigy 2 ZS
Speedy Eggbert
Steam
System Requirements Lab
TAGAP
Team Fortress 2
The Sims 2
The Sims 2 Glamour Life Stuff
The Sims 2 Nightlife
The Sims 2 Pets
The Sims 2 University
The Sims™ 2 Bon Voyage
The Sims™ 2 Celebration! Stuff
The Sims™ 2 H&M® Fashion Stuff
The Sims™ 2 Seasons
The Sims™ 3
TomTom HOME 2.7.3.1894
TomTom HOME Visual Studio Merge Modules
Uniblue RegistryBooster
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982664)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
ViewNX 2
Viewpoint Media Player
Warcraft III
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Support Tools
Windows XP Service Pack 3
WinRAR archiver
WinZip 11.1
WinZip Self-Extractor
World of Warcraft
Xfire (remove only)
Xilisoft DVD Ripper Standard 5

==== Event Viewer Messages From Past Week ========

12/12/2010 21:52:21, error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
12/12/2010 21:51:52, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.
12/12/2010 21:50:28, error: Service Control Manager [7000] - The PfModNT service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================


*******

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5347

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

18/12/2010 17:48:15
mbam-log-2010-12-18 (17-48-15).txt

Scan type: Full scan (C:\|)
Objects scanned: 331713
Time elapsed: 5 hour(s), 1 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

0

Your host file seems fine, it doesn't show in the logs and would likely show if there were a problem.

You are running TWO anti virus programs, McAfee and Microsoft Security Essentials. An absolute NO-NO. Doing this definitely lessens your protection does not add protection at all. Neither will work correctly. Uninstall one of these immediately. You also mention Norton but the program showing in your installed program list is for Norton Security Scan which is a FREE online scanner, there is no reason you would be paying for it.Norton Utilities is a Registry Cleaner, a totally unnecessary program and yes, it's paid. But there is no reason you need to clean the registry. Good security tools like MBA-M WILL clean infected registry entries if found, along with some other tools too, but regularly cleaning the registry is most definitely not needed.
In this same area you also have the Uniblue RegistryBooster installed and running, another totally worthless tool. There is truly no way to "boost" the registry. It should be removed alone with that Norton Registry Cleaner.

The NortonVRQ tool is also showing in your programs list. I don't know why you would have this unless you work for Symantec. The tool is not intended for public use but rather for use by trained Symantec personnel.Do you work for Sysmantec? If not then why do you have it on your computer?

I refer to this information from
Tony Weiss
Norton Forums Global Community Manager
Symantec Corporation

The VRQ Tool is an internal tool used to probe for potential infections. It does not use any virus definitions nor can it detect threats heuristically, and is intended for the sole use of a trained Symantec staff person in conjunction with an internal knowledgebase and other tools. This tool is not intended for general public use and has no documentation to support it.

WHY do you have this tool on your computer? If you do work for Symantec then I suggest that you consult with your own company for assistance in this matter. If you do not work for Symantec then I suggest you get this off your computer ASAP because this is not for use by the general public.

I will offer no other assistance until I receive the answers concerning this NortonVRQ tool.

0

Please find below the text results of the tests I ran before I had run ComboFix. ComboFix removed some files which appeared to have the term 'a lot' in their root.

DDS - followed by GMER

DDS (Ver_10-12-12.02) - NTFSx86
Run by Adrian at 18:11:07.71 on 18/12/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2558.1661 [GMT 0:00]

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled*

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee\VirusScan\mcods.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE
C:\Program Files\Norton Utilities 14\nu.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\DriverHive\DriverHiveTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Documents and Settings\Adrian\Desktop\dds.scr
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101127105800.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - No File
TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [EPSON Stylus DX4800 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /M "Stylus DX4800" /EF "HKCU"
uRun: [NortonUtilities] c:\program files\norton utilities 14\nu.exe /H
uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [EPSON Stylus DX4800 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiade.exe /f "c:\windows\temp\E_SB4.tmp" /EF "HKLM"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [%FP%Friendly fts.exe] "c:\program files\voyagertest\fts.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [EPSON Stylus DX4800 Series (Copy 1)] c:\windows\system32\spool\drivers\w32x86\3\e_fatiade.exe /f "c:\windows\temp\E_S6C.tmp" /EF "HKLM"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Nikon Message Center 2] c:\program files\nikon\nikon message center 2\NkMC2.exe -s
mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35[1].exe" /scan:boot
mRun: [DriverHiveTray] c:\program files\driverhive\DriverHiveTray.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\adrian\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} - hxxp://www.miniclip.com/igloader/igloader.CAB
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\adrian\applic~1\mozilla\firefox\profiles\umdc79jm.default\
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1591.6512\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-13 386840]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2010-10-3 59240]
R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [2010-10-14 3026]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-11-27 84072]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 RapportCerberus_19917;RapportCerberus_19917;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\19917\RapportCerberus_19917.sys [2010-10-3 34792]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-10-3 169320]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-11-27 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-11-27 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-11-27 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-11-27 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-11-27 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-11-27 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-11-27 141792]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\PfModNT.sys [2007-3-22 15840]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-10-3 767208]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
R2 WTService;WTService;c:\windows\system32\atwtusb.exe -s --> c:\windows\system32\atwtusb.exe -s [?]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-11-27 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-11-27 152960]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-11-27 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-11-27 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-11-27 88544]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-11-27 84264]
S2 gupdate1c9b9d3a7644858;Google Update Service (gupdate1c9b9d3a7644858);c:\program files\google\update\GoogleUpdate.exe [2009-4-10 133104]
S3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys --> c:\windows\system32\drivers\bcgame.sys [?]
S3 bfastfao;bfastfao;\??\c:\docume~1\alex\locals~1\temp\bfastfao.sys --> c:\docume~1\alex\locals~1\temp\bfastfao.sys [?]
S3 cpuz132;cpuz132;\??\c:\docume~1\adrian\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\adrian\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-11-27 88544]
S4 m5287;m5287;c:\windows\system32\drivers\m5287.sys [2005-11-25 85888]
S4 m5289;m5289;c:\windows\system32\drivers\m5289.sys [2005-11-25 51840]

=============== Created Last 30 ================

2010-12-17 20:37:14 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{8985c3ad-a2b5-46cf-8381-6c4070569962}\mpengine.dll
2010-12-17 20:37:06 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-17 20:29:07 -------- d-----w- c:\program files\Microsoft Security Client
2010-12-17 19:18:23 77912 ----a-w- c:\windows\system32\drivers\klmdb.sys
2010-12-17 18:55:30 -------- d-----w- c:\docume~1\alluse~1\applic~1\BSD
2010-12-17 18:55:30 -------- d-----w- c:\docume~1\adrian\applic~1\BSD
2010-12-17 18:55:11 2226176 ----a-w- c:\windows\bsdsetup.dll
2010-12-17 18:55:11 -------- d-----w- c:\program files\DriverHive
2010-12-17 18:47:32 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-12-17 18:35:34 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-12-17 18:34:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2010-12-17 18:32:28 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2010-12-16 19:30:10 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-16 19:27:05 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-13 13:55:06 -------- d-----w- C:\DeusEx
2010-12-11 21:07:25 2829 ----a-w- c:\windows\War3Unin.pif
2010-12-11 21:07:25 126976 ----a-w- c:\windows\War3Unin.exe
2010-12-11 20:48:32 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-12-11 20:48:14 -------- d-----w- c:\docume~1\adrian\applic~1\DAEMON Tools Lite
2010-12-11 18:48:51 -------- d-----w- c:\program files\common files\Blizzard Entertainment
2010-12-11 18:48:49 -------- d-----w- c:\program files\World of Warcraft
2010-12-11 18:47:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\Blizzard Entertainment
2010-12-01 22:28:31 -------- d-----w- c:\docume~1\adrian\applic~1\Malwarebytes
2010-12-01 22:28:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-01 22:28:16 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-12-01 22:28:13 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-01 22:28:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-29 22:18:48 -------- d-----w- c:\program files\Karen's Power Tools
2010-11-29 22:18:02 -------- d-----w- c:\docume~1\alluse~1\applic~1\Karen's Power Tools
2010-11-28 19:52:08 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{6DAA3B20-D487-4FA2-81D5-50404CCB868D}
2010-11-28 19:51:40 -------- d-----w- c:\docume~1\adrian\locals~1\applic~1\PackageAware
2010-11-28 15:43:12 -------- d-----w- c:\docume~1\alluse~1\applic~1\Percussion Kit
2010-11-28 15:43:11 -------- d-----w- c:\docume~1\alluse~1\applic~1\Organs
2010-11-28 15:43:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\Multipressor
2010-11-27 18:33:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\Citrix
2010-11-27 18:19:15 -------- d-----w- c:\program files\Citrix
2010-11-27 18:19:05 -------- d-----w- c:\docume~1\adrian\locals~1\applic~1\Citrix
2010-11-27 18:12:25 -------- d-----w- c:\docume~1\adrian\applic~1\McAfee
2010-11-27 12:57:18 -------- d-----w- c:\program files\Support Tools
2010-11-27 10:58:00 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2010-11-27 10:57:58 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-11-27 10:57:45 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-11-27 10:57:45 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-11-27 10:57:45 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-11-27 10:57:45 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-11-27 10:57:45 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-11-27 10:57:45 313288 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-11-27 10:57:45 152960 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-11-27 10:57:36 -------- d-----w- c:\program files\common files\Mcafee
2010-11-27 10:57:34 -------- d-----w- c:\program files\McAfee.com
2010-11-27 10:57:23 -------- d-----w- c:\program files\McAfee
2010-11-27 10:36:40 141792 ----a-w- c:\windows\system32\mfevtps.exe
2010-11-18 18:12:44 81920 -c----w- c:\windows\system32\dllcache\isign32.dll

==================== Find3M ====================

2010-12-13 18:02:38 240592 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-12-13 18:02:38 240592 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-12-13 18:02:38 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-11-28 15:39:12 106496 ----a-w- c:\windows\system32\ATL71.DLL
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-16 18:55:00 888424 ----a-w- c:\windows\system32\nvdispco32.dll
2010-10-16 18:55:00 813672 ----a-w- c:\windows\system32\nvgenco32.dll
2010-10-16 18:55:00 6359552 ----a-w- c:\windows\system32\nv4_disp.dll
2010-10-16 18:55:00 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-10-16 18:55:00 4882432 ----a-w- c:\windows\system32\nvcuda.dll
2010-10-16 18:55:00 2932840 ----a-w- c:\windows\system32\nvcuvid.dll
2010-10-16 18:55:00 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-10-16 18:55:00 2293194 ----a-w- c:\windows\system32\nvdata.bin
2010-10-16 18:55:00 1462272 ----a-w- c:\windows\system32\nvapi.dll
2010-10-16 18:55:00 14532608 ----a-w- c:\windows\system32\nvoglnt.dll
2010-10-16 18:55:00 13012992 ----a-w- c:\windows\system32\nvcompiler.dll
2010-10-16 11:04:22 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-10-16 11:04:16 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-10-16 11:04:16 13851752 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 11:04:16 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-16 11:04:14 156776 ----a-w- c:\windows\system32\nvsvc32.exe
2010-10-16 11:04:14 145000 ----a-w- c:\windows\system32\nvcolor.exe

============= FINISH: 18:13:03.12 ===============


GMER STARTS HERE

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-17 21:38:45
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-17 Maxtor_6B200M0 rev.BANC1BY0
Running: bnm67m7p.exe; Driver: C:\DOCUME~1\Adrian\LOCALS~1\Temp\pwliapog.sys


---- System - GMER 1.0.15 ----

SSDT spgu.sys ZwEnumerateKey [0xB7ECDDA4]
SSDT spgu.sys ZwEnumerateValueKey [0xB7ECE132]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB7DCA174]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB7DCA0A4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB7DCA0B8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xB7DCA14A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB7DCA18A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xB7DCA15E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdePort0 [B7E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [B7E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B7E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B7E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [B7E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [B7E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort4 [B7E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort5 [B7E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort6 [B7E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort7 [B7E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort8 [B7E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort9 [B7E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 [B7E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\akai8kiq \Device\Scsi\akai8kiq1PortaPath0Target0Lun0 8B2BF500
Device \Driver\akai8kiq \Device\Scsi\akai8kiq1 8B2BF500
Device 8B5451F8
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device 8A91F500
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----

'GMER SECOND FILE STARTS HERE'

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-18 12:42:43
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-17 Maxtor_6B200M0 rev.BANC1BY0
Running: bnm67m7p.exe; Driver: C:\DOCUME~1\Adrian\LOCALS~1\Temp\pwliapog.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwAssignProcessToJobObject [0xB3BEEFE4]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwCreateFile [0xB3BEF996]
SSDT spgu.sys ZwCreateKey [0xB7EB50E0]
SSDT \??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys (RapportCerberus/Trusteer Ltd.) ZwCreateThread [0xB83BB864]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteFile [0xB3BEFAF6]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteKey [0xB3BF336C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteValueKey [0xB3BF339E]
SSDT spgu.sys ZwEnumerateKey [0xB7ECDDA4]
SSDT spgu.sys ZwEnumerateValueKey [0xB7ECE132]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwLoadKey [0xB3BF3500]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenFile [0xB3BEFA5A]
SSDT spgu.sys ZwOpenKey [0xB7EB50C0]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenProcess [0xB3BEF128]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenThread [0xB3BEF31A]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwProtectVirtualMemory [0xB3BEF44C]
SSDT spgu.sys ZwQueryKey [0xB7ECE20A]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwQueryValueKey [0xB3BF3476]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwRenameKey [0xB3BF33E0]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwReplaceKey [0xB3BF3412]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwRestoreKey [0xB3BF3444]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetContextThread [0xB3BEEF8A]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetInformationFile [0xB3BEFB56]
SSDT \??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys (RapportCerberus/Trusteer Ltd.) ZwSetValueKey [0xB83BB82E]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSuspendThread [0xB3BEEF26]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwTerminateProcess [0xB3BEEE7A]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwTerminateThread [0xB3BEEEC2]

INT 0x62 ? 8B546BF8
INT 0x63 ? 8B546BF8
INT 0x73 ? 8B546BF8
INT 0x73 ? 8B546BF8
INT 0x73 ? 8B344BF8
INT 0x73 ? 8B546BF8
INT 0x83 ? 8B546BF8
INT 0x83 ? 8B546BF8
INT 0x83 ? 8B546BF8
INT 0x94 ? 8B344BF8
INT 0xB4 ? 8B546BF8
INT 0xB4 ? 8B546BF8
INT 0xB4 ? 8B546BF8

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB7DCA174]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB7DCA0A4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB7DCA0B8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xB7DCA14A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB7DCA18A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xB7DCA15E]

---- Devices - GMER 1.0.15 ----

Device 8B5451F8
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device 8A91F500
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Driver\usbohci \Device\USBPDO-0 8B3431F8
Device \Driver\usbehci \Device\USBPDO-1 8B342500
Device \Driver\sptd \Device\578383352 spgu.sys

AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8B4D81F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8B4D81F8
Device \Driver\Cdrom \Device\CdRom0 8B3351F8
Device \Driver\atapi \Device\Ide\IdePort0 [B7E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [B7E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B7E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B7E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [B7E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [B7E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort4 [B7E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort5 [B7E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort6 [B7E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort7 [B7E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort8 [B7E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort9 [B7E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 [B7E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 8B3351F8
Device \Driver\USBSTOR \Device\000000b1 8AA41380
Device \Driver\Cdrom \Device\CdRom2 8B3351F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A92F500
Device \Driver\NetBT \Device\NetbiosSmb 8A92F500
Device \Driver\NetBT \Device\NetBT_Tcpip_{F0BE1629-5FCF-48C9-B460-66846D85D3FC} 8A92F500

AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Driver\NetBT \Device\NetBT_Tcpip_{DCA58F5B-3B51-4270-BC0B-898179B2FB3F} 8A92F500
Device \Driver\usbohci \Device\USBFDO-0 8B3431F8
Device \Driver\PCI_PNP2102 \Device\0000006d spgu.sys
Device \Driver\usbehci \Device\USBFDO-1 8B342500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8AA1E500
Device 8AA1E500
Device \Driver\Ftdisk \Device\FtControl 8B4D81F8
Device \Driver\USBSTOR \Device\000000af 8AA41380
Device \Driver\akai8kiq \Device\Scsi\akai8kiq1PortaPath0Target0Lun0 8B2BF500
Device \Driver\akai8kiq \Device\Scsi\akai8kiq1 8B2BF500

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs 8A855500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x31 0xF2 0x49 0x14 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFC 0x9B 0x0F 0x85 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8F 0xFB 0x45 0x80 ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ???6????? ?????????????????????Q?????? ?|?$? ??????riv??C:\Program Files\Common Files\McAfee\SystemCore\\naievent.dll????????6???5??????????se???????????????????s?????????????????????????????????????????6????? ?????????????????????Q?????? ???Z??????k??C:\Program Files\Common Files\McAfee\SystemCore\mfehidk_messages.dll?????????????y???????????????????????????????d??? ?????????????6??????????????????????????????????????????r??6?????????????????????????????????????????????????????????????????????????N\N??????????????:\???#?????????????????????????6?????,???:???\???????????????????????????"?#?(?)?6?6?6?6?s??? ?????????????6???????????????????????????????????6?????????????????????????????????????????????????????????????????????6??????????? ???????6??????????????????????????????????? ???????6??????????????????????????????0C??? ???????6???????????????????????????????????????????8???????e???6??????????? ???????6??????????????????????????????dd??? ???????6?????????????????????????????????????6?&?6?&?6?&?6?&?6?&?6?&?
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 2001608577
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -465381795
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0D 0x70 0x60 0x37 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFC 0x9B 0x0F 0x85 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8F 0xFB 0x45 0x80 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x20 0xB3 0x27 0xFD ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFC 0x9B 0x0F 0x85 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x30 0xC0 0x66 0x8B ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x20 0xB3 0x27 0xFD ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFC 0x9B 0x0F 0x85 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x30 0xC0 0x66 0x8B ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.+\OpenWithProgids@\24\5\x2514_auto_file

---- EOF - GMER 1.0.15 ----

I have been trying to remove this virus without having to pay a further £60 to either Norton or McAfee. I have run GMER and DDS scans as well as running Malwarebytes anti-malware. All the detials are attached. I have followed the instructions on various web pages but nothing seems to work. I cannot even find a HOST directory in C:\Windows\System32\drivers\etc to check if ther are any modified entries below 127.0.0.1 localhost

Please help


EDIT by jholland1964
We prefer that logs be copy/pasted and not attached. This saves helpers from possibly opening files containing infections.

0

Tony,

Thank you for your reply. I had Norton Internet Security 2011 loaded on to the computer but took it off having had to pay £180 to remove two viruses from my computer through Norton who would not remove the viruses otherwise. I recently switched to McAfee as I thought it might be better and it was free with my bank. I now have this third virus which McAfee will also not remove unless I shell out more money. I am hoping to go solo as I cannot afford to pay £60 pounds every three months to fix my computer. I loaded up Microsoft Security Essentials last week but have now removed it. I have also removed Uniblue RegistryBooster. I have now removed Norton Utilities too. The Norton VRQ tool was placed on my computer when Norton removed the first virus I had on the computer. They did not remove it so I just left it there. I do not work for Symantec. Is it a useful tool or should I remove it?

Norton VRQ tool also removed.

Your host file seems fine, it doesn't show in the logs and would likely show if there were a problem.

You are running TWO anti virus programs, McAfee and Microsoft Security Essentials. An absolute NO-NO. Doing this definitely lessens your protection does not add protection at all. Neither will work correctly. Uninstall one of these immediately. You also mention Norton but the program showing in your installed program list is for Norton Security Scan which is a FREE online scanner, there is no reason you would be paying for it.Norton Utilities is a Registry Cleaner, a totally unnecessary program and yes, it's paid. But there is no reason you need to clean the registry. Good security tools like MBA-M WILL clean infected registry entries if found, along with some other tools too, but regularly cleaning the registry is most definitely not needed.
In this same area you also have the Uniblue RegistryBooster installed and running, another totally worthless tool. There is truly no way to "boost" the registry. It should be removed alone with that Norton Registry Cleaner.

The NortonVRQ tool is also showing in your programs list. I don't know why you would have this unless you work for Symantec. The tool is not intended for public use but rather for use by trained Symantec personnel.Do you work for Sysmantec? If not then why do you have it on your computer?

I refer to this information from
Tony Weiss
Norton Forums Global Community Manager
Symantec Corporation

The VRQ Tool is an internal tool used to probe for potential infections. It does not use any virus definitions nor can it detect threats heuristically, and is intended for the sole use of a trained Symantec staff person in conjunction with an internal knowledgebase and other tools. This tool is not intended for general public use and has no documentation to support it.

WHY do you have this tool on your computer? If you do work for Symantec then I suggest that you consult with your own company for assistance in this matter. If you do not work for Symantec then I suggest you get this off your computer ASAP because this is not for use by the general public.

I will offer no other assistance until I receive the answers concerning this NortonVRQ tool.

Edited by ajcb: n/a

0

Tony,

I notice that you work for Norton so you should be able to verify through your own records that I have had to pay for two viruses to be removed. Also, I removed Norton Internet Security which was for 2011 when I loaded up McAfee. Has not helped much either.

Tony,

Thank you for your reply. I had Norton Internet Security 2011 loaded on to the computer but took it off having had to pay £180 to remove two viruses from my computer through Norton who would not remove the viruses otherwise. I recently switched to McAfee as I thought it might be better and it was free with my bank. I now have this third virus which McAfee will also not remove unless I shell out more money. I am hoping to go solo as I cannot afford to pay £60 pounds every three months to fix my computer. I loaded up Microsoft Security Essentials last week but have now removed it. I have also removed Uniblue RegistryBooster. I have now removed Norton Utilities too. The Norton VRQ tool was placed on my computer when Norton removed the first virus I had on the computer. They did not remove it so I just left it there. I do not work for Symantec. Is it a useful tool or should I remove it?

Norton VRQ tool also removed.

0

Further to my last I have also run ComboFix and the results are below


ComboFix 10-12-18.02 - Adrian 19/12/2010 16:38:51.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2558.1969 [GMT 0:00]
Running from: c:\documents and settings\Adrian\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Adrian\Desktop\cfscript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\program files\AdvancedVirusRemover\PAVRM.exe"
"c:\windows\system32\AVR09.exe"
"c:\windows\system32\winhelper.dll"
"c:\windows\system32\winupdate.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Adrian\Application Data\alot
c:\documents and settings\Adrian\Application Data\alot\Resources\BrowserSearch\alot_search_defend.html
c:\documents and settings\Adrian\Application Data\alot\Resources\Button_0\images\alot_logo_button.bmp
c:\documents and settings\Adrian\Application Data\alot\Resources\Button_0\images\alot_logo_button.png
c:\documents and settings\Adrian\Application Data\alot\Resources\Button_0\images\Thumbs.db
c:\documents and settings\Adrian\Application Data\alot\Resources\Button_1\images\alot_search_button.bmp
c:\documents and settings\Adrian\Application Data\alot\Resources\Button_1\images\alot_search_button.png
c:\documents and settings\Adrian\Application Data\alot\Resources\Button_1\images\Thumbs.db
c:\documents and settings\Adrian\Application Data\alot\Resources\Button_2\images\alot_configure.bmp
c:\documents and settings\Adrian\Application Data\alot\Resources\Button_2\images\alot_configure.png
c:\documents and settings\Adrian\Application Data\alot\Resources\Button_2\images\Thumbs.db
c:\documents and settings\Adrian\Application Data\alot\Resources\Button_3\images\2384_icon.png
c:\documents and settings\Adrian\Application Data\alot\Resources\Button_3\images\Thumbs.db
c:\documents and settings\Adrian\Application Data\alot\Resources\Button_4\images\default_1476_alot_qui_trivia.bmp
c:\documents and settings\Adrian\Application Data\alot\Resources\Button_4\images\default_1476_alot_qui_trivia.png
c:\documents and settings\Adrian\Application Data\alot\Resources\Button_4\images\Thumbs.db
c:\documents and settings\Adrian\Application Data\alot\Resources\Button_5\images\default_1477_alot_qui_entertainment.bmp
c:\documents and settings\Adrian\Application Data\alot\Resources\Button_5\images\default_1477_alot_qui_entertainment.png
c:\documents and settings\Adrian\Application Data\alot\Resources\Button_5\images\Thumbs.db
c:\documents and settings\Adrian\Application Data\alot\Resources\Button_6\images\default_1478_alot_qui_lifestyle.bmp
c:\documents and settings\Adrian\Application Data\alot\Resources\Button_6\images\default_1478_alot_qui_lifestyle.png
c:\documents and settings\Adrian\Application Data\alot\Resources\Button_7\images\2658_icon.png
c:\documents and settings\Adrian\Application Data\alot\Resources\Button_8\images\2071_icon.png
c:\documents and settings\Adrian\Application Data\alot\Resources\Button_9\images\2825_icon.png
c:\documents and settings\Adrian\Application Data\alot\Resources\contextMenu\images\alot_logo_button.bmp
c:\documents and settings\Adrian\Application Data\alot\Resources\contextMenu\images\alot_logo_button.png
c:\documents and settings\Adrian\Application Data\alot\Resources\Shared\domains.dat
c:\documents and settings\Adrian\Application Data\alot\Resources\Shared\images\alot_brand.png
c:\documents and settings\Adrian\Application Data\alot\Resources\Shared\images\alot_configure.bmp
c:\documents and settings\Adrian\Application Data\alot\Resources\Shared\images\alot_configure.png
c:\documents and settings\Adrian\Application Data\alot\Resources\Shared\images\alot_splitter.png
c:\documents and settings\Adrian\Application Data\alot\Resources\Shared\images\discover.png
c:\documents and settings\Adrian\Application Data\alot\Resources\Shared\images\spinner.bmp
c:\documents and settings\Adrian\Application Data\alot\Resources\Shared\images\Thumbs.db
c:\documents and settings\Adrian\Application Data\alot\Resources\Shared\images\widget_bottom.bmp
c:\documents and settings\Adrian\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp
c:\documents and settings\Adrian\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp
c:\documents and settings\Adrian\Application Data\alot\Resources\Shared\images\widget_caption.bmp
c:\documents and settings\Adrian\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp
c:\documents and settings\Adrian\Application Data\alot\Resources\Shared\images\widget_error_close.bmp
c:\documents and settings\Adrian\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp
c:\documents and settings\Adrian\Application Data\alot\toolbar.xml
C:\install.exe
c:\windows\system32\drivers\hwinterface.sys
c:\windows\system32\images
c:\windows\system32\images\3models.gif
c:\windows\system32\images\but3_off.gif
c:\windows\system32\images\but3_on.gif
c:\windows\system32\images\main_bot.gif
c:\windows\system32\images\main_mid.gif
c:\windows\system32\images\main_top.gif
c:\windows\system32\images\model1.gif
c:\windows\system32\images\panel_bot.gif
c:\windows\system32\images\panel_top.gif
c:\windows\system32\images\pc.gif
c:\windows\system32\images\pcw_award_cover.gif
c:\windows\system32\images\pcwcover.gif
c:\windows\system32\images\Thumbs.db
c:\windows\system32\images\topoff.gif
c:\windows\system32\images\topon.gif
c:\windows\system32\images\webscreen.gif
c:\windows\system32\Thumbs.db
c:\windows\system32\win.ini

c:\windows\regedit.exe . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_USNJSVC
-------\Service_usnjsvc
-------\Legacy_hwinterface
-------\Service_hwinterface


((((((((((((((((((((((((( Files Created from 2010-11-19 to 2010-12-19 )))))))))))))))))))))))))))))))
.

2010-12-18 21:45 . 2010-12-18 21:45 -------- d-----w- c:\documents and settings\Administrator.FAMILYC-B\Application Data\Malwarebytes
2010-12-18 20:37 . 2010-12-18 20:37 -------- d-----w- c:\program files\CCleaner
2010-12-17 20:37 . 2010-11-09 20:33 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8985C3AD-A2B5-46CF-8381-6C4070569962}\mpengine.dll
2010-12-17 20:37 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-17 20:29 . 2010-12-17 20:29 -------- d-----w- c:\program files\Microsoft Security Client
2010-12-17 18:55 . 2010-12-17 18:55 -------- d-----w- c:\documents and settings\All Users\Application Data\BSD
2010-12-17 18:55 . 2010-12-17 18:55 -------- d-----w- c:\documents and settings\Adrian\Application Data\BSD
2010-12-17 18:55 . 2010-12-09 00:42 2226176 ----a-w- c:\windows\bsdsetup.dll
2010-12-17 18:47 . 2010-12-17 18:47 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-12-17 18:35 . 2010-12-18 20:21 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-12-17 18:34 . 2010-12-17 18:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-12-17 18:32 . 2010-12-17 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-12-16 19:30 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-16 19:27 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-13 13:55 . 2010-12-13 13:56 -------- d-----w- C:\DeusEx
2010-12-11 21:07 . 2010-12-11 21:07 2829 ----a-w- c:\windows\War3Unin.pif
2010-12-11 21:07 . 2010-12-11 21:07 126976 ----a-w- c:\windows\War3Unin.exe
2010-12-11 21:05 . 2010-12-11 22:26 -------- d-----w- c:\program files\Warcraft III
2010-12-11 20:48 . 2010-12-11 20:48 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-12-11 20:48 . 2010-12-12 21:54 -------- d-----w- c:\documents and settings\Adrian\Application Data\DAEMON Tools Lite
2010-12-11 18:48 . 2010-12-11 19:34 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-12-11 18:48 . 2010-12-13 18:11 -------- d-----w- c:\program files\World of Warcraft
2010-12-11 18:47 . 2010-12-11 20:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-12-01 22:28 . 2010-12-01 22:28 -------- d-----w- c:\documents and settings\Adrian\Application Data\Malwarebytes
2010-12-01 22:28 . 2010-12-01 22:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-01 22:28 . 2010-11-29 17:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-01 22:28 . 2010-12-01 22:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-01 22:28 . 2010-11-29 17:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-30 23:51 . 2010-11-30 23:58 -------- d-----w- c:\program files\Windows Live Safety Center
2010-11-29 22:18 . 2010-11-29 22:18 -------- d-----w- c:\program files\Karen's Power Tools
2010-11-29 22:18 . 2010-11-29 22:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Karen's Power Tools
2010-11-28 19:52 . 2010-12-18 19:46 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~0
2010-11-28 19:51 . 2010-11-28 19:51 -------- d-----w- c:\documents and settings\Adrian\Local Settings\Application Data\PackageAware
2010-11-28 15:43 . 2010-11-28 15:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Percussion Kit
2010-11-28 15:43 . 2010-11-28 15:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Organs
2010-11-28 15:43 . 2010-11-28 15:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Multipressor
2010-11-27 18:33 . 2010-11-27 18:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2010-11-27 18:19 . 2010-11-27 18:19 -------- d-----w- c:\program files\Citrix
2010-11-27 18:19 . 2010-11-27 18:19 -------- d-----w- c:\documents and settings\Adrian\Local Settings\Application Data\Citrix
2010-11-27 18:12 . 2010-11-27 18:12 -------- d-----w- c:\documents and settings\Adrian\Application Data\McAfee
2010-11-27 12:57 . 2010-11-27 12:57 -------- d-----w- c:\program files\Support Tools
2010-11-27 10:58 . 2010-10-13 22:28 24376 ----a-w- c:\program files\Mozilla Firefox\components\Scriptff.dll
2010-11-27 10:57 . 2010-10-13 22:28 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-11-27 10:57 . 2010-10-13 22:28 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-11-27 10:57 . 2010-10-13 22:28 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-11-27 10:57 . 2010-10-13 22:28 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-11-27 10:57 . 2010-10-13 22:28 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-11-27 10:57 . 2010-10-13 22:28 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-11-27 10:57 . 2010-10-13 22:28 313288 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-11-27 10:57 . 2010-10-13 22:28 152960 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-11-27 10:57 . 2010-11-27 10:58 -------- d-----w- c:\program files\Common Files\Mcafee
2010-11-27 10:57 . 2010-12-18 19:28 -------- d-----w- c:\program files\McAfee
2010-11-27 10:36 . 2010-10-13 22:28 141792 ----a-w- c:\windows\system32\mfevtps.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-28 17:57 . 2010-11-14 17:15 57344 ----a-r- c:\documents and settings\Adrian\Application Data\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2010-11-28 15:39 . 2003-03-18 19:05 106496 ----a-w- c:\windows\system32\ATL71.DLL
2010-11-18 18:12 . 2005-11-25 08:59 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26 . 2005-09-09 22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2005-09-09 22:03 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2005-09-09 22:03 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2005-09-09 22:03 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2005-09-09 22:03 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2005-09-09 22:03 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2005-09-09 22:03 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-24 21:25 . 2010-10-24 21:25 165264 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2010-10-16 18:55 . 2010-10-30 11:34 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-10-16 18:55 . 2010-10-30 11:34 888424 ----a-w- c:\windows\system32\nvdispco32.dll
2010-10-16 18:55 . 2010-10-30 11:34 813672 ----a-w- c:\windows\system32\nvgenco32.dll
2010-10-16 18:55 . 2010-10-30 11:34 2932840 ----a-w- c:\windows\system32\nvcuvid.dll
2010-10-16 18:55 . 2010-10-30 11:34 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-10-16 18:55 . 2010-10-30 11:34 13012992 ----a-w- c:\windows\system32\nvcompiler.dll
2010-10-16 18:55 . 2008-05-03 04:46 4882432 ----a-w- c:\windows\system32\nvcuda.dll
2010-10-16 18:55 . 2005-10-10 21:49 9623680 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-10-16 18:55 . 2005-10-10 21:49 6359552 ----a-w- c:\windows\system32\nv4_disp.dll
2010-10-16 18:55 . 2005-10-10 21:49 1462272 ----a-w- c:\windows\system32\nvapi.dll
2010-10-16 18:55 . 2005-10-10 21:49 14532608 ----a-w- c:\windows\system32\nvoglnt.dll
2010-10-16 11:04 . 2010-10-16 11:04 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-10-16 11:04 . 2010-10-16 11:04 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-10-16 11:04 . 2010-10-16 11:04 13851752 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 11:04 . 2010-10-16 11:04 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-16 11:04 . 2010-10-16 11:04 156776 ----a-w- c:\windows\system32\nvsvc32.exe
2010-10-16 11:04 . 2010-10-16 11:04 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-10-13 22:28 . 2010-10-13 22:28 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-10-13 22:28 . 2010-10-13 22:28 386840 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-10-03 22:43 . 2010-10-03 22:43 59240 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2010-10-13 22:28 . 2010-11-27 10:58 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

------- Sigcheck -------

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys

[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2004-08-03 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys

[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll

[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-04-28 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll
[-] 2004-08-04 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB894391$\rpcss.dll

[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2004-08-04 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll

[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974_0$\es.dll
[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2004-08-04 12:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll

[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\$NtUninstallKB935839$\kernel32.dll
[-] 2004-08-04 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917422$\kernel32.dll

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
[-] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll

[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2004-08-04 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2004-08-04 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
[-] 2002-10-14 16:04 . 83170BD54C3867DA178F9612C2746C6A . 277776 . . [5.00.7303] . . c:\windows\OEMdriver\23\PROGRAM\32\msvcrt.dll

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
[-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\mswsock.dll

[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe

[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
[-] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll

[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll

[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2004-08-04 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[-] 2004-08-04 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll

[-] 2004-08-04 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys
[-] 2004-08-03 22:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
[-] 2004-08-03 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\agp440.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll

[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2005-01-28 13:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2005-01-28 13:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-08-04 12:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll

[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-04 12:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
[-] 2004-08-04 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931261$\upnphost.dll

[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2004-08-04 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll
[-] 2004-07-09 03:27 . 5BFA0676E082D4DD2CC0B376BB6210A9 . 363520 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dsound.dll
[-] 2004-07-09 03:27 . 5BFA0676E082D4DD2CC0B376BB6210A9 . 363520 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\system32\dllcache\dsound.dll

[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2004-08-04 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll

[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2004-08-04 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll
[-] 2004-07-09 03:27 . 9D9B4A7F83F1240F15876F45F5757887 . 265728 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ddraw.dll
[-] 2004-07-09 03:27 . 9D9B4A7F83F1240F15876F45F5757887 . 265728 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\system32\dllcache\ddraw.dll

[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2004-08-04 12:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll
[-] 2002-10-14 16:04 . 52D36AE89A6E6C5FEF146A85073B4684 . 114960 . . [5.0.4118] . . c:\windows\OEMdriver\23\PROGRAM\32\olepro32.dll

[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2004-08-04 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll

[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2004-08-04 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll

[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[-] 2004-08-04 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll

[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2006-12-19 . D9F097AA3B97034D3358A01B43E635B2 . 333824 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB927802\SP2QFE\wiaservc.dll
[-] 2006-12-19 . B6763F8534AC547CF1AF98AFDFF2EDC8 . 333824 . . [5.1.2600.3051] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll
[-] 2004-08-04 . D9F6C4F6B1E188ADAFC42B561D9BC2E6 . 333312 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB927802$\wiaservc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus DX4800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE" [2005-02-02 98304]
"NortonUtilities"="c:\program files\Norton Utilities 14\nu.exe" [2010-08-12 4093288]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
"%FP%Friendly fts.exe"="c:\program files\VoyagerTest\fts.exe" [2003-05-06 72192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-11-25 151597]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-25 1753192]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Adrian\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-9-9 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Loadout Manager.lnk]
backup=c:\windows\pss\Loadout Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk]
backup=c:\windows\pss\LUMIX Simple Viewer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RaConfig2500.lnk]
backup=c:\windows\pss\RaConfig2500.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-09-09 00:18 57344 ----a-w- c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 15:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsioReg]
2003-06-20 03:36 118784 ----a-w- c:\windows\system32\CTASIO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2010-03-10 21:32 648536 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
2003-06-18 01:00 45056 ----a-w- c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2003-06-20 03:55 24576 ----a-w- c:\windows\system32\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
2003-07-02 10:03 57344 ----a-w- c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLAGENTEXE]
2005-01-12 16:36 16384 ------w- c:\program files\BT Voyager 105 ADSL Modem\dslagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLSTATEXE]
2005-01-12 16:36 1658965 ------w- c:\program files\BT Voyager 105 ADSL Modem\dslstat.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-08 21:17 52256 ------w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
2009-10-27 13:11 557056 ----a-w- c:\program files\lg_fwupdate\fwupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MacrokeyManager]
2007-09-19 10:17 1969824 ----a-w- c:\windows\system32\WTMKM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-10-16 11:04 110696 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2005-01-14 18:21 110744 ----a-w- c:\program files\CyberLink\PowerCinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
2005-03-23 14:34 1630303 ----a-w- c:\program files\CyberLink\Power2Go\Power2GoExpress.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ptipbmf]
2003-06-20 14:06 118784 ----a-w- c:\windows\system32\ptipbmf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 21:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteCenter]
2003-10-08 15:35 139264 ----a-w- c:\program files\Creative\MediaSource\RemoteControl\RcMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-03-14 20:01 71216 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBDrvDet]
2002-12-03 18:06 45056 ----a-w- c:\program files\Creative\SB Drive Det\SBDrvDet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 16:57 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2005-11-25 09:19 151597 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-11-13 11:31 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 01:00 90112 ----a-w- c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VRQ Uploader]
2010-06-11 16:10 1337712 ----a-r- c:\program files\NortonVRQ\Engine\5.0.2.10\VRQUploadFiles.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{1290A33C-85F5-4164-A1BE-7DD299D4986A}]
2004-06-08 18:33 69721 ----a-w- c:\program files\CyberLink\PowerBackup\PBKScheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=

R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [03/10/2010 22:43 59240]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [27/11/2010 10:57 84072]
R1 RapportCerberus_19917;RapportCerberus_19917;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys [03/10/2010 22:54 34792]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [03/10/2010 22:43 169320]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [27/11/2010 10:57 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [27/11/2010 10:57 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [27/11/2010 10:57 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [27/11/2010 10:58 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [27/11/2010 10:36 141792]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\PfModNT.sys [22/03/2007 11:56 15840]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [03/10/2010 22:43 767208]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 11:31 92008]
R2 WTService;WTService;c:\windows\system32\atwtusb.exe -s --> c:\windows\system32\atwtusb.exe -s [?]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [27/11/2010 10:57 55840]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [27/11/2010 10:57 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [27/11/2010 10:57 88544]
S2 gupdate1c9b9d3a7644858;Google Update Service (gupdate1c9b9d3a7644858);c:\program files\Google\Update\GoogleUpdate.exe [10/04/2009 11:58 133104]
S3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys --> c:\windows\system32\drivers\bcgame.sys [?]
S3 bfastfao;bfastfao;\??\c:\docume~1\Alex\LOCALS~1\Temp\bfastfao.sys --> c:\docume~1\Alex\LOCALS~1\Temp\bfastfao.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 12:49 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [27/11/2010 10:57 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [27/11/2010 10:57 84264]
S4 m5287;m5287;c:\windows\system32\drivers\m5287.sys [25/11/2005 16:44 85888]
S4 m5289;m5289;c:\windows\system32\drivers\m5289.sys [25/11/2005 16:44 51840]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder

2010-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-10 11:57]

2010-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-10 11:57]

2010-12-19 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 12:26]

2010-12-19 c:\windows\Tasks\User_Feed_Synchronization-{693AF836-FF67-4256-ACF0-92EA4BC07B2E}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]

2010-12-19 c:\windows\Tasks\vtscheduletask.job
- c:\program files\McAfee\Supportability\MVT\MvtApp.exe [2010-11-27 14:25]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
Trusted Zone: internet
Trusted Zone: mcafee.com
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
Notify-WgaLogon - (no file)
SafeBoot-klmdb.sys
MSConfigStartUp-nwiz - nwiz.exe
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
AddRemove-Final Fantasy VII - c:\program files\Final Fantasy VII\Uninst.isu
AddRemove-Final Fantasy VII XP Patch - c:\program files\Square Soft

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-19 16:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2035760995-1434106794-2598792877-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-2035760995-1434106794-2598792877-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.***%\OpenWithList]
@Class="Shell"
"a"="PhotoshopElementsEditor.exe"
"MRUList"="a"

[HKEY_USERS\S-1-5-21-2035760995-1434106794-2598792877-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.***%\OpenWithProgids]
"+_auto_file"=hex(0):

[HKEY_USERS\S-1-5-21-2035760995-1434106794-2598792877-1006\Software\SecuROM\License information*]
"datasecu"=hex:34,4c,f2,ee,07,59,66,11,16,90,f3,57,3b,e4,c8,0a,33,58,31,0b,f4,
07,e3,6c,e9,c1,b7,82,97,18,22,e3,f5,48,74,0f,3d,6a,b6,26,a7,55,c2,7c,f8,5d,\
"rkeysecu"=hex:0d,78,4e,76,30,df,ec,68,3d,52,0c,e3,7d,c3,64,17

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3400)
c:\windows\system32\WININET.dll
c:\program files\Trusteer\Rapport\bin\rooksbas.dll
c:\windows\system32\ieframe.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\atwtusb.exe
c:\windows\system32\atwtusb.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\Real\Update_OB\rnathchk.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-12-19 16:55:35 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-19 16:55

Pre-Run: 67,860,377,600 bytes free
Post-Run: 67,777,789,952 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - B47FC78C538AEBE87B9FAD80190049FF

I have been trying to remove this virus without having to pay a further £60 to either Norton or McAfee. I have run GMER and DDS scans as well as running Malwarebytes anti-malware. All the detials are attached. I have followed the instructions on various web pages but nothing seems to work. I cannot even find a HOST directory in C:\Windows\System32\drivers\etc to check if ther are any modified entries below 127.0.0.1 localhost

Please help


EDIT by jholland1964
We prefer that logs be copy/pasted and not attached. This saves helpers from possibly opening files containing infections.

0

First of all I am not Tony Weiss, I am jholland64, a helper here at daniweb. I was merely citing information given by Tony Wiess from Symantec/Norton concerning this Norton VRQ tool from the Norton website.

It seems to me that you may be a bit confused about both Norton and McAfee:

Neither of these programs are free, both must be purchased to use. Many computers come with free TRIAL versions of one or the other installed on them when the computer is purchased. There are also other Trial offers for the programs but all work the same. For the trial period the programs are fully working but at the end of that trial period (which usually is 90 days) then in order to continue to use which ever one you have you must PURCHASE a full license to continue to use them and continue for them to have the ability to stop and/or remove infections. If you do not pay for them then they no longer work and must be Uninstalled.

That is the reason you had to pay Norton is because Norton Internet Security 2011 is a PAID program. The license for it must be purchased in order for it to work.

The same goes for the McAfee program, it is a PAID program and the license must be purchased in order for the program to work. What you likely received from your bank was a Trial version and therefore would have to be paid for to use or it may be offered by your bank at a reduced rate. You need to look at the fine print in the offer to fully see what exactly the offer says.

With either program, once the license is purchased then the program can continue to be updated and used until the license expires. Usually a minimum of one year and for the amount the Norton license cost you it would appear to me that you probably purchased a three year license.

Both Norton and McAfee are available for download and install at their respective websites BUT in order to actually USE the programs and have them work you must PAY for them. Otherwise they do not work.

There are several excellent FREE anti-virus programs available, Avira Free and Avast Free are two of the best. But neither Norton nor McAfee are ever free programs to use indefinitely.

So I hope that is cleared up. Now you just said this:
"Please find below the text results of the tests I ran before I had run ComboFix. ComboFix removed some files which appeared to have the term 'a lot' in their root."

Who
told you to run Combofix? You didn't mention this in your original post which clearly says:

"I have run GMER and DDS scans as well as running Malwarebytes anti-malware. I have followed the instructions on various web pages but nothing seems to work."

No where on this thread has combofix been recommended by me and I am the helper on this thread. So I say again, WHO told you to run Combofix? I quote to you now the very clear instructions given concerning the running of combofix from bleepingcomputer combofix usage:
You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer

Bleeping Computer and sUBs will not be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Used in untrained hands this tool can disable your computer and in some cases can make it unbootable.

There are very specific instructions that are given to somebody when telling them to run combofix. Did you follow each and every instruction exactly as given? If not then that could also cause major problems.

By omitting this information about running combofix from your original post you very well could have caused me to recommend something that could have caused damage to your computer. I honestly can't say if the use of combofix on your own didn't damage the computer.

Edited by jholland1964: n/a

0

Make sure to use Internet Explorer for this

Please go to VirSCAN.org FREE on-line scan service

Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
c:\windows\system32\userinit.exe


Click on the Upload button

If a pop-up appears saying the file has been scanned already, please select the ReScan button.

Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.

Paste the contents of the Clipboard in your next reply.

Also scan these,
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
c:\windows\regedit.exe

0

Thanks for offering to help.

I bought Norton Internet Security 2010 from PCWorld sometime towards the end of 2009. I cannot remember the exact date. It cost about £50. I had a virus and contacted their support service. I then paid £114.99 for EMEA NortonLive VSS Bundle on 27 Dec 2009 and was told that my licence would be valid for 12 months from that date. I then had another virus and piad £69.99 on 2 Oct 2010. again I was told that my licence would be valid for another 12 months. Shortly after this I contracted the Google Redirect Virus. I removed the Norton software and uploaded the McAfee software which came free for 12 months as it was a special deal with HSBC. I had confirmation from McAfee on 27 Nov 11 informing me that I was entitled to updates and upgrades.

Both sets of anti-virus software are bona fide but I am pretty sure that the Norton software did not protect me from the google redirect virus. I am unsure if the McAfee software is any better. I loaded up the microsoft software in desperation but have now removed it on advice from Toy Wiess, along withthe VRQ Tool which Norton employees left on my computer when they fixed the second virus I had.

As for ComboFix it was advised as a method to remove google redirect virus on www.personalcomputerfixes.spyware/how-to-remove-google-redirect-virus. so I gave it a go but it has nto solved the problem.

First of all I am not Tony Weiss, I am jholland64, a helper here at daniweb. I was merely citing information given by Tony Wiess from Symantec/Norton concerning this Norton VRQ tool from the Norton website.

It seems to me that you may be a bit confused about both Norton and McAfee:

Neither of these programs are free, both must be purchased to use. Many computers come with free TRIAL versions of one or the other installed on them when the computer is purchased. There are also other Trial offers for the programs but all work the same. For the trial period the programs are fully working but at the end of that trial period (which usually is 90 days) then in order to continue to use which ever one you have you must PURCHASE a full license to continue to use them and continue for them to have the ability to stop and/or remove infections. If you do not pay for them then they no longer work and must be Uninstalled.

That is the reason you had to pay Norton is because Norton Internet Security 2011 is a PAID program. The license for it must be purchased in order for it to work.

The same goes for the McAfee program, it is a PAID program and the license must be purchased in order for the program to work. What you likely received from your bank was a Trial version and therefore would have to be paid for to use or it may be offered by your bank at a reduced rate. You need to look at the fine print in the offer to fully see what exactly the offer says.

With either program, once the license is purchased then the program can continue to be updated and used until the license expires. Usually a minimum of one year and for the amount the Norton license cost you it would appear to me that you probably purchased a three year license.

Both Norton and McAfee are available for download and install at their respective websites BUT in order to actually USE the programs and have them work you must PAY for them. Otherwise they do not work.

There are several excellent FREE anti-virus programs available, Avira Free and Avast Free are two of the best. But neither Norton nor McAfee are ever free programs to use indefinitely.

So I hope that is cleared up. Now you just said this:
"Please find below the text results of the tests I ran before I had run ComboFix. ComboFix removed some files which appeared to have the term 'a lot' in their root."

Who
told you to run Combofix? You didn't mention this in your original post which clearly says:

"I have run GMER and DDS scans as well as running Malwarebytes anti-malware. I have followed the instructions on various web pages but nothing seems to work."

No where on this thread has combofix been recommended by me and I am the helper on this thread. So I say again, WHO told you to run Combofix? I quote to you now the very clear instructions given concerning the running of combofix from bleepingcomputer combofix usage:
You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer

Bleeping Computer and sUBs will not be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Used in untrained hands this tool can disable your computer and in some cases can make it unbootable.

There are very specific instructions that are given to somebody when telling them to run combofix. Did you follow each and every instruction exactly as given? If not then that could also cause major problems.

By omitting this information about running combofix from your original post you very well could have caused me to recommend something that could have caused damage to your computer. I honestly can't say if the use of combofix on your own didn't damage the computer.

0

Well here is some info about the website you used for instruction. It is well known as an extremely, untrustworthy website. One of the major comments against it is :"Recommends running Combofix willy nilly and then pushes purchase of it's registry cleaner on users" It has also been noted for malicious content, spyware and malware installs. Persons using the Web Of Trust warning add on for their browser will also receive the advanced warning shown in my attachment. I realize none of this helps you but I post this mainly for others reading this, especially concerning the use of combofix which should never be used without the advice of a helper. It is generally a one time only tool and has to be used in a specific way.

I ask that you please follow the instructions given to you by crunchie and post back here with the results.

Edited by jholland1964: n/a

Attachments wot_warning.jpg 42.35 KB
0

Crunchie,

Thanks for helping. Here are the results of the VirSCAN on the four files

---REGEDIT-------------------------

VirSCAN.org Scanned Report :
Scanned time : 2010/12/21 15:06:28 (GMT)
Scanner results: Scanners did not find malware!
File Name : regedit.exe
File Size : 146432 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 058710b720282ca82b909912d3ef28db
SHA1 : 48f4612efeb713a5860726fdb999ceceff07557d
Online report : http://virscan.org/report/b93bf121bd2850c9935f5057c27a8fcf.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.2 20101221040708 2010-12-21 7.03 -
AhnLab V3 2010.12.17.05 2010.12.17 2010-12-17 2.02 -
AntiVir 8.2.4.131 7.11.0.118 2010-12-21 0.27 -
Antiy 2.0.18 20101221.6716246 2010-12-21 0.12 -
Arcavir 2010 201012212151 2010-12-21 1.05 -
Authentium 5.1.1 201012202235 2010-12-20 1.67 -
AVAST! 4.7.4 101221-0 2010-12-21 0.02 -
AVG 8.5.850 271.1.1/3328 2010-12-21 0.26 -
BitDefender 7.90123.6467645 7.35258 2010-12-21 6.15 -
ClamAV 0.96.3 12423 2010-12-21 0.04 -
Comodo 4.0 7135 2010-12-21 1.43 -
CP Secure 1.3.0.5 2010.12.21 2010-12-21 0.07 -
Dr.Web 5.0.2.3300 2010.12.21 2010-12-21 10.10 -
F-Prot 4.4.4.56 20101220 2010-12-20 1.70 -
F-Secure 7.02.73807 2010.12.20.02 2010-12-20 0.23 -
Fortinet 4.2.254 12.696 2010-12-20 0.19 -
GData 21.1347/21.555 20101221 2010-12-21 8.17 -
ViRobot 20101221 2010.12.21 2010-12-21 0.41 -
Ikarus T3.1.32.15.0 2010.12.21.77393 2010-12-21 5.21 -
JiangMin 13.0.900 2010.12.21 2010-12-21 2.07 -
Kaspersky 5.5.10 2010.12.21 2010-12-21 0.14 -
KingSoft 2009.2.5.15 2010.12.21.18 2010-12-21 0.74 -
McAfee 5400.1158 6203 2010-12-20 17.83 -
Microsoft 1.6402 2010.12.21 2010-12-21 3.83 -
Norman 6.06.12 6.06.00 2010-12-19 8.01 -
Panda 9.05.01 2010.12.20 2010-12-20 13.91 -
Trend Micro 9.120-1004 7.714.09 2010-12-21 0.04 -
Quick Heal 11.00 2010.12.21 2010-12-21 2.15 -
Rising 20.0 22.79.00.04 2010-12-20 2.05 -
Sophos 3.14.1 4.60 2010-12-21 3.04 -
Sunbelt 3.9.2464.2 7742 2010-12-20 9.69 -
Symantec 1.3.0.24 20101220.002 2010-12-20 0.06 -
nProtect 20101219.01 9365782 2010-12-19 20.33 -
The Hacker 6.7.0.1 v00104 2010-12-21 0.46 -
VBA32 3.12.14.2 20101219.2142 2010-12-19 3.45 -
VirusBuster 4.5.11.10 10.130.50/1994185 2010-12-21 2.75

---SVCHOST-------------------------

VirSCAN.org Scanned Report :
Scanned time : 2010/12/21 15:02:40 (GMT)
Scanner results: Scanners did not find malware!
File Name : svchost.exe
File Size : 14336 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 27c6d03bcdb8cfeb96b716f3d8be3e18
SHA1 : 49083ae3725a0488e0a8fbbe1335c745f70c4667
Online report : http://virscan.org/report/a5e22e90371fdbd10f77809b2c840bbb.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.2 20101221040708 2010-12-21 5.03 -
AhnLab V3 2010.12.17.05 2010.12.17 2010-12-17 1.50 -
AntiVir 8.2.4.131 7.11.0.118 2010-12-21 0.27 -
Antiy 2.0.18 20101221.6716246 2010-12-21 0.12 -
Arcavir 2010 201012212151 2010-12-21 0.04 -
Authentium 5.1.1 201012202235 2010-12-20 1.39 -
AVAST! 4.7.4 101221-0 2010-12-21 0.01 -
AVG 8.5.850 271.1.1/3328 2010-12-21 0.23 -
BitDefender 7.90123.6467645 7.35258 2010-12-21 5.97 -
ClamAV 0.96.3 12423 2010-12-21 0.01 -
Comodo 4.0 7135 2010-12-21 0.92 -
CP Secure 1.3.0.5 2010.12.21 2010-12-21 0.04 -
Dr.Web 5.0.2.3300 2010.12.21 2010-12-21 10.03 -
F-Prot 4.4.4.56 20101220 2010-12-20 1.38 -
F-Secure 7.02.73807 2010.12.20.02 2010-12-20 0.14 -
Fortinet 4.2.254 12.696 2010-12-20 0.95 -
GData 21.1347/21.555 20101221 2010-12-21 8.17 -
ViRobot 20101221 2010.12.21 2010-12-21 0.38 -
Ikarus T3.1.32.15.0 2010.12.21.77393 2010-12-21 5.10 -
JiangMin 13.0.900 2010.12.21 2010-12-21 1.40 -
Kaspersky 5.5.10 2010.12.21 2010-12-21 0.09 -
KingSoft 2009.2.5.15 2010.12.21.18 2010-12-21 0.74 -
McAfee 5400.1158 6203 2010-12-20 18.57 -
Microsoft 1.6402 2010.12.21 2010-12-21 4.92 -
Norman 6.06.12 6.06.00 2010-12-19 10.02 -
Panda 9.05.01 2010.12.20 2010-12-20 4.06 -
Trend Micro 9.120-1004 7.714.09 2010-12-21 0.04 -
Quick Heal 11.00 2010.12.21 2010-12-21 1.41 -
Rising 20.0 22.79.00.04 2010-12-20 2.19 -
Sophos 3.14.1 4.60 2010-12-21 3.59 -
Sunbelt 3.9.2464.2 7742 2010-12-20 0.71 -
Symantec 1.3.0.24 20101220.002 2010-12-20 1.09 -
nProtect 20101219.01 9365782 2010-12-19 13.26 -
The Hacker 6.7.0.1 v00104 2010-12-21 0.54 -
VBA32 3.12.14.2 20101219.2142 2010-12-19 3.40 -
VirusBuster 4.5.11.10 10.130.50/1994185 2010-12-21 3.03 -

---EXPLORER-------------------------

VirSCAN.org Scanned Report :
Scanned time : 2010/12/21 14:57:03 (GMT)
Scanner results: Scanners did not find malware!
File Name : explorer.exe
File Size : 1033728 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 12896823fb95bfb3dc9b46bcaedc9923
SHA1 : 9d2bf84874abc5b6e9a2744b7865c193c08d362f
Online report : http://virscan.org/report/462da7e1b084508139e168bb17b12a13.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.2 20101221040708 2010-12-21 6.30 -
AhnLab V3 2010.12.17.05 2010.12.17 2010-12-17 4.38 -
AntiVir 8.2.4.131 7.11.0.118 2010-12-21 0.28 -
Antiy 2.0.18 20101221.6716246 2010-12-21 0.12 -
Arcavir 2010 201012212151 2010-12-21 2.40 -
Authentium 5.1.1 201012202235 2010-12-20 2.45 -
AVAST! 4.7.4 101221-0 2010-12-21 0.07 -
AVG 8.5.850 271.1.1/3328 2010-12-21 0.25 -
BitDefender 7.90123.6467645 7.35258 2010-12-21 6.02 -
ClamAV 0.96.3 12423 2010-12-21 0.23 -
Comodo 4.0 7135 2010-12-21 1.27 -
CP Secure 1.3.0.5 2010.12.21 2010-12-21 0.11 -
Dr.Web 5.0.2.3300 2010.12.21 2010-12-21 10.36 -
F-Prot 4.4.4.56 20101220 2010-12-20 2.43 -
F-Secure 7.02.73807 2010.12.20.02 2010-12-20 11.77 -
Fortinet 4.2.254 12.696 2010-12-20 0.25 -
GData 21.1347/21.555 20101221 2010-12-21 8.41 -
ViRobot 20101221 2010.12.21 2010-12-21 0.39 -
Ikarus T3.1.32.15.0 2010.12.21.77393 2010-12-21 5.17 -
JiangMin 13.0.900 2010.12.21 2010-12-21 2.08 -
Kaspersky 5.5.10 2010.12.21 2010-12-21 0.09 -
KingSoft 2009.2.5.15 2010.12.21.18 2010-12-21 1.25 -
McAfee 5400.1158 6203 2010-12-20 18.24 -
Microsoft 1.6402 2010.12.21 2010-12-21 16.66 -
Norman 6.06.12 6.06.00 2010-12-19 8.04 -
Panda 9.05.01 2010.12.20 2010-12-20 3.35 -
Trend Micro 9.120-1004 7.714.09 2010-12-21 0.04 -
Quick Heal 11.00 2010.12.21 2010-12-21 1.58 -
Rising 20.0 22.79.00.04 2010-12-20 2.58 -
Sophos 3.14.1 4.60 2010-12-21 3.09 -
Sunbelt 3.9.2464.2 7742 2010-12-20 0.65 -
Symantec 1.3.0.24 20101220.002 2010-12-20 0.13 -
nProtect 20101219.01 9365782 2010-12-19 19.55 -
The Hacker 6.7.0.1 v00104 2010-12-21 0.58 -
VBA32 3.12.14.2 20101219.2142 2010-12-19 3.48 -
VirusBuster 4.5.11.10 10.130.50/1994185 2010-12-21 4.22 -

---USERINIT-------------------------

VirSCAN.org Scanned Report :
Scanned time : 2010/12/21 14:48:10 (GMT)
Scanner results: Scanners did not find malware!
File Name : userinit.exe
File Size : 26112 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : a93aee1928a9d7ce3e16d24ec7380f89
SHA1 : 513f8bdf67a5a9e09803cfb61f590b39f2683853
Online report : http://virscan.org/report/3a8a05136aba874e0f1345a04d50639e.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.2 20101221040708 2010-12-21 6.77 -
AhnLab V3 2010.12.17.05 2010.12.17 2010-12-17 1.54 -
AntiVir 8.2.4.131 7.11.0.118 2010-12-21 0.44 -
Antiy 2.0.18 20101221.6716246 2010-12-21 0.14 -
Arcavir 2010 201012212151 2010-12-21 0.05 -
Authentium 5.1.1 201012202235 2010-12-20 1.63 -
AVAST! 4.7.4 101221-0 2010-12-21 0.01 -
AVG 8.5.850 271.1.1/3328 2010-12-21 0.24 -
BitDefender 7.90123.6467645 7.35258 2010-12-21 6.20 -
ClamAV 0.96.3 12423 2010-12-21 0.01 -
Comodo 4.0 7135 2010-12-21 0.92 -
CP Secure 1.3.0.5 2010.12.21 2010-12-21 0.04 -
Dr.Web 5.0.2.3300 2010.12.21 2010-12-21 10.06 -
F-Prot 4.4.4.56 20101220 2010-12-20 1.42 -
F-Secure 7.02.73807 2010.12.20.02 2010-12-20 0.20 -
Fortinet 4.2.254 12.696 2010-12-20 0.70 -
GData 21.1347/21.555 20101221 2010-12-21 11.01 -
ViRobot 20101221 2010.12.21 2010-12-21 0.52 -
Ikarus T3.1.32.15.0 2010.12.21.77393 2010-12-21 5.15 -
JiangMin 13.0.900 2010.12.21 2010-12-21 1.74 -
Kaspersky 5.5.10 2010.12.21 2010-12-21 0.33 -
KingSoft 2009.2.5.15 2010.12.21.18 2010-12-21 0.86 -
McAfee 5400.1158 6203 2010-12-20 18.67 -
Microsoft 1.6402 2010.12.21 2010-12-21 20.23 -
Norman 6.06.12 6.06.00 2010-12-19 8.03 -
Panda 9.05.01 2010.12.20 2010-12-20 7.47 -
Trend Micro 9.120-1004 7.714.09 2010-12-21 0.03 -
Quick Heal 11.00 2010.12.21 2010-12-21 1.65 -
Rising 20.0 22.79.00.04 2010-12-20 1.26 -
Sophos 3.14.1 4.60 2010-12-21 6.04 -
Sunbelt 3.9.2464.2 7742 2010-12-20 0.69 -
Symantec 1.3.0.24 20101220.002 2010-12-20 0.05 -
nProtect 20101219.01 9365782 2010-12-19 16.54 -
The Hacker 6.7.0.1 v00104 2010-12-21 0.69 -
VBA32 3.12.14.2 20101219.2142 2010-12-19 3.43 -
VirusBuster 4.5.11.10 10.130.50/1994185 2010-12-21 2.58 -

Make sure to use Internet Explorer for this

Please go to VirSCAN.org FREE on-line scan service

Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
c:\windows\system32\userinit.exe


Click on the Upload button

If a pop-up appears saying the file has been scanned already, please select the ReScan button.

Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.

Paste the contents of the Clipboard in your next reply.

Also scan these,
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
c:\windows\regedit.exe

0

Please update MBA-M and run a new full scan with it. Have it remove all items found and reboot.
Post back with that log.

0

I was away for Christmas. The results of the malwarebytes antimalware are below but curiously the date is set incorrectly. This test was conducted on 23 Dec 10. A carried out a previous test on 18 Dec 10 which I have added below for completeness.:

----------Latest test--------

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5229

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

01/12/2010 22:36:48
mbam-log-2010-12-01 (22-36-48).txt

Scan type: Quick scan
Objects scanned: 175258
Time elapsed: 5 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{DF1C8E21-4045-4D67-B528-335F1A4F0DE9} (Adware.NaviPromo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DF1C8E21-4045-4D67-B528-335F1A4F0DE9} (Adware.NaviPromo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\RECYCLER\adapt_installer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.

-------previous test-------------

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5347

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

18/12/2010 17:48:15
mbam-log-2010-12-18 (17-48-15).txt

Scan type: Full scan (C:\|)
Objects scanned: 331713
Time elapsed: 5 hour(s), 1 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

---------message ends----------

Make sure to use Internet Explorer for this

Please go to VirSCAN.org FREE on-line scan service

Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
c:\windows\system32\userinit.exe


Click on the Upload button

If a pop-up appears saying the file has been scanned already, please select the ReScan button.

Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.

Paste the contents of the Clipboard in your next reply.

Also scan these,
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
c:\windows\regedit.exe

0

There is NOTHING wrong with the date,you have posted the wrong log
The first log you posted was done on December 1, 2010 and was a Quick Scan and shows database of 5229

Malwarebytes' Anti-Malware[B] 1.50[/B]
www.malwarebytes.org

Database version:[B] 5229[/B]

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

[B]01/12/2010[/B] 22:36:48
mbam-log-[B]2010-12-01[/B] (22-36-48).txt

Scan type:[B] Quick scan[/B]
Objects scanned: 175258
Time elapsed:[B] 5 minute(s[/B]), 45 second(s)

The second log you posted shows the correct date for when you say you ran it, Dec. 18 and database of 5347 is clearly MORE RECENT than the other one, which would be correct also:

Malwarebytes' Anti-Malware [B]1.50[/B]
www.malwarebytes.org

Database version: [B]5347[/B]

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

18/12/2010 17:48:15
mbam-log-2010-12-18 (17-48-15).txt

Scan type:[B] Full scan[/B] (C:\|)
Objects scanned: 331713
Time elapsed: [B]5 hour(s)[/B], 1 minute(s), 41 second(s)

IF the scan you say shows the wrong date in reality had been done on December 23rd then the actual VERSION number of MBA-M would be different because they released an updated VERSION on December 21st and from that day forward the version number has been 1.50.1 and the database would have been much higher. It is over 5400 now. So you have definitely posted the WRONG log.

When we ask for a MBA-M log we also don't want to see one that is 5 days old, which one done on the 23rd would be, we want to see a log from a Full Scan done the day you make the post.

0

Have run a new malwarebytes test as I think I picked up the wrong test last time.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5409

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

29/12/2010 01:10:46
mbam-log-2010-12-29 (01-10-46).txt

Scan type: Full scan (C:\|)
Objects scanned: 334473
Time elapsed: 2 hour(s), 21 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.