Solved AVG threat detected: Trojan Horse Crypt.AQLW, Internet pops up sites on tab

Steph19

Posts: 22   +0
Hello everyone, this is my first post here. I've removed a virus on a different computer a couple of years ago through cybertechhelp.com but for some reason I can't access that website, not sure if it's just generally not working, so I found you guys :)

I get constant AVG Threat Detected alerts stating threat name "Trojan Horse Crypt.AQLW" and "win32/Sirefref.ER".
All of them are "C:\windows\system32\(different letters each time).dll"
Also got "C:\users\stephanie\appdata\roaming\KB00426009.exe"
I move them to the vault and remove them each time, but constantly popping up new ones.

While I'm on the internet, tabs pop up to different random sites without me clicking on anything. Google/Yahoo links redirect me to a different site (not the one I clicked).

I'll start posting my logs after this post.

Truly appreciate your help.
 
Malwarebytes Anti-Malware Log

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.22.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Stephanie :: STEPHANIE-PC [administrator]

2/22/2012 7:51:16 PM
mbam-log-2012-02-22 (19-51-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 182628
Time elapsed: 5 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
GMER log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-02-22 19:42:59
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.01.0
Running: 2ml4rceb.exe; Driver: C:\Users\STEPHA~1\AppData\Local\Temp\kwdiruob.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Processes - GMER 1.0.15 ----

Process PING.EXE (*** hidden *** ) 3764

---- EOF - GMER 1.0.15 ----
 
DDS

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Stephanie at 19:46:03 on 2012-02-22
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3574.2281 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\LEXBCES.EXE
C:\Windows\System32\LEXPPS.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Windows\System32\StikyNot.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080727
uStart Page = hxxp://www.yahoo.com/
uWindow Title = Internet Explorer provided by Dell
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:58444
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [VolPanel] "c:\program files\creative\sbaudigy\volume panel\VolPanlu.exe" /r
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [dplaysvr] c:\windows\system32\config\systemprofile\appdata\local\dplaysvr.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {85d1f590-48f4-11d9-9669-0800200c9a66}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{B9AB5326-DD3A-4AFE-9181-F079A36DB03C} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{B9AB5326-DD3A-4AFE-9181-F079A36DB03C}\038364850333033393838373 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B9AB5326-DD3A-4AFE-9181-F079A36DB03C}\36F6D636163747 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B9AB5326-DD3A-4AFE-9181-F079A36DB03C}\64249402355727675696C6C616E63656026516E602321323 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\stephanie\appdata\roaming\mozilla\firefox\profiles\svaf87ir.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nptgeqplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\stephanie\appdata\roaming\facebook\npfbplugin_1_0_3.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2010-3-18 73728]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-4-28 161048]
R2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files\newtech infosystems\backup now ez\BackupNowEZSvr.exe [2009-9-19 45312]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-7-27 111616]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
S2 lpx;Epsonbidirectionalagent;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-1-24 1153368]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-11-28 36608]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-5-29 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-29 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-4 1343400]
.
=============== Created Last 30 ================
.
2012-02-22 21:32:28 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2012-02-22 21:32:28 75264 ----a-w- c:\windows\system32\unacev2.dll
2012-02-22 21:32:28 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2012-02-22 21:32:28 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2012-02-22 21:32:28 153088 ----a-w- c:\windows\system32\unrar3.dll
2012-02-22 19:28:35 -------- d--h--w- c:\users\stephanie\appdata\roaming\A7BF3979
2012-02-22 16:48:33 -------- d-----w- c:\users\stephanie\appdata\roaming\AVG
2012-02-16 16:53:24 139776 ----a-w- c:\programdata\microsoft\windows\drm\14C8.tmp
2012-02-16 06:54:59 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-02-16 02:42:35 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-16 02:42:33 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 02:42:31 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-16 02:42:30 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-02-13 16:05:06 -------- d-----w- c:\program files\iPod
2012-02-12 21:38:44 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-01-26 17:06:24 -------- d-----w- c:\users\stephanie\appdata\roaming\DiskAid
2012-01-24 23:15:57 -------- d-----w- c:\program files\LP
2012-01-24 19:53:11 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-01-24 19:53:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
.
==================== Find3M ====================
.
2012-02-12 21:38:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-14 03:04:54 1798656 ----a-w- c:\windows\system32\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 19:47:15.44 ===============
 
Attach log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume3
Install Date: 10/26/2009 11:37:38 PM
System Uptime: 2/22/2012 7:18:21 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0U990C
Processor: Intel(R) Core(TM)2 Duo CPU T8300 @ 2.40GHz | Microprocessor | 2401/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 220 GiB total, 153.541 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 4.904 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP309: 2/22/2012 6:53:16 PM - Windows Update
RP310: 2/22/2012 7:06:01 PM - Had Trojan virus?
RP311: 2/22/2012 7:14:18 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.0
Adobe Shockwave Player 11.6
Advanced Audio FX Engine
Advanced Video FX Engine
AIM 7
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2012
Banctec Service Agreement
Bonjour
Conexant HDA D330 MDC V.92 Modem
Creative MediaSource 5
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell-eBay
Dell DataSafe Online
Dell Dock
Dell Getting Started Guide
Dell Touchpad
Dell Webcam Center
Dell Webcam Manager
Digital Line Detect
dj_sf_software
Download Updater (AOL LLC)
EarthLink Setup Files
EDocs
Facebook Plug-In
GoToAssist 8.0.0.514
iCloud
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
Intel(R) TV Wizard
Intel® Matrix Storage Manager
iTunes
Java(TM) 6 Update 24
Laptop Integrated Webcam Driver (1.04.01.1011)
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
Malwarebytes Anti-Malware version 1.60.1.1000
mCore
MediaDirect
mHelp
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
mMHouse
MobileMe Control Panel
Modem Diagnostic Tool
Mozilla Firefox 10.0.2 (x86 en-US)
mPfMgr
MSVCRT
mWMI
NetWaiting
NTI Backup Now EZ
OGA Notifier 2.0.0048.0
OutlookAddinSetup
QuickSet
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
SAMSUNG USB Driver for Mobile Phones
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
SigmaTel Audio
Skype Click to Call
Skype™ 5.5
Sound Blaster Audigy ADVANCED MB
Spybot - Search & Destroy
SpywareBlaster 4.2
swMSM
TBS WMP Plug-in
UnloadSupport
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
Yahoo! Messenger
.
2/22/2012 4:25:02 PM, Error: Service Control Manager [7023] - The Erecoveryservice service terminated with the following error: Access is denied.
2/22/2012 4:24:59 PM, Error: Service Control Manager [7023] - The NWSAP service terminated with the following error: Access is denied.
2/22/2012 4:24:59 PM, Error: Service Control Manager [7023] - The ESDCR service terminated with the following error: Access is denied.
2/22/2012 12:59:36 PM, Error: Service Control Manager [7023] - The S217unic service terminated with the following error: Access is denied.
2/22/2012 12:44:36 PM, Error: Service Control Manager [7023] - The Avgems service terminated with the following error: Access is denied.
2/22/2012 12:29:36 PM, Error: Service Control Manager [7023] - The Lvprcsrv service terminated with the following error: Access is denied.
2/22/2012 12:14:36 PM, Error: Service Control Manager [7023] - The ATIVTUTW service terminated with the following error: Access is denied.
2/22/2012 11:59:36 AM, Error: Service Control Manager [7023] - The Vwlogger service terminated with the following error: Access is denied.
2/22/2012 11:44:36 AM, Error: Service Control Manager [7023] - The Se45mgmt service terminated with the following error: Access is denied.
2/22/2012 11:29:37 AM, Error: Service Control Manager [7023] - The CDRPDACC service terminated with the following error: Access is denied.
2/22/2012 11:28:44 AM, Error: Service Control Manager [7023] - The NTSIM service terminated with the following error: Access is denied.
2/22/2012 1:59:36 PM, Error: Service Control Manager [7023] - The Se2Dnd5 service terminated with the following error: Access is denied.
2/22/2012 1:44:36 PM, Error: Service Control Manager [7023] - The Ser2pl service terminated with the following error: Access is denied.
2/22/2012 1:29:36 PM, Error: Service Control Manager [7023] - The Rdnaoflsvc service terminated with the following error: Access is denied.
2/22/2012 1:14:36 PM, Error: Service Control Manager [7023] - The Servidor service terminated with the following error: Access is denied.
2/16/2012 2:17:19 PM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================================================

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
TDSS Killer Log

10:59:56.0911 5228 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
10:59:57.0254 5228 ============================================================
10:59:57.0254 5228 Current date / time: 2012/02/23 10:59:57.0254
10:59:57.0254 5228 SystemInfo:
10:59:57.0254 5228
10:59:57.0255 5228 OS Version: 6.1.7601 ServicePack: 1.0
10:59:57.0255 5228 Product type: Workstation
10:59:57.0255 5228 ComputerName: STEPHANIE-PC
10:59:57.0255 5228 UserName: Stephanie
10:59:57.0255 5228 Windows directory: C:\Windows
10:59:57.0255 5228 System windows directory: C:\Windows
10:59:57.0255 5228 Processor architecture: Intel x86
10:59:57.0255 5228 Number of processors: 2
10:59:57.0255 5228 Page size: 0x1000
10:59:57.0256 5228 Boot type: Normal boot
10:59:57.0256 5228 ============================================================
10:59:57.0740 5228 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:59:57.0745 5228 \Device\Harddisk0\DR0:
10:59:57.0746 5228 MBR used
10:59:57.0746 5228 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x23800, BlocksNum 0x1400000
10:59:57.0746 5228 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1423800, BlocksNum 0x1B8A17F8
10:59:57.0853 5228 Initialize success
10:59:57.0853 5228 ============================================================
11:03:21.0488 1224 ============================================================
11:03:21.0488 1224 Scan started
11:03:21.0488 1224 Mode: Manual;
11:03:21.0488 1224 ============================================================
11:03:22.0134 1224 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
11:03:22.0141 1224 1394ohci - ok
11:03:22.0232 1224 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
11:03:22.0239 1224 ACPI - ok
11:03:22.0291 1224 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
11:03:22.0295 1224 AcpiPmi - ok
11:03:22.0376 1224 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
11:03:22.0395 1224 adp94xx - ok
11:03:22.0439 1224 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
11:03:22.0448 1224 adpahci - ok
11:03:22.0485 1224 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
11:03:22.0490 1224 adpu320 - ok
11:03:22.0576 1224 AFD (38e947c26cd0f8fa9acee13474e38cd8) C:\Windows\system32\drivers\afd.sys
11:03:22.0581 1224 Suspicious file (Forged): C:\Windows\system32\drivers\afd.sys. Real md5: 38e947c26cd0f8fa9acee13474e38cd8, Fake md5: 9ebbba55060f786f0fcaa3893bfa2806
11:03:22.0584 1224 AFD ( Virus.Win32.ZAccess.k ) - infected
11:03:22.0585 1224 AFD - detected Virus.Win32.ZAccess.k (0)
11:03:22.0638 1224 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
11:03:22.0642 1224 agp440 - ok
11:03:22.0710 1224 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
11:03:22.0713 1224 aic78xx - ok
11:03:22.0807 1224 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
11:03:22.0810 1224 aliide - ok
11:03:22.0853 1224 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
11:03:22.0857 1224 amdagp - ok
11:03:22.0898 1224 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
11:03:22.0901 1224 amdide - ok
11:03:22.0974 1224 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
11:03:22.0978 1224 AmdK8 - ok
11:03:23.0013 1224 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
11:03:23.0017 1224 AmdPPM - ok
11:03:23.0066 1224 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
11:03:23.0071 1224 amdsata - ok
11:03:23.0114 1224 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
11:03:23.0120 1224 amdsbs - ok
11:03:23.0144 1224 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
11:03:23.0147 1224 amdxata - ok
11:03:23.0217 1224 ApfiltrService (a80230bd04f0b8bf05185b369bb1cbb8) C:\Windows\system32\DRIVERS\Apfiltr.sys
11:03:23.0242 1224 ApfiltrService - ok
11:03:23.0303 1224 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
11:03:23.0308 1224 AppID - ok
11:03:23.0430 1224 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
11:03:23.0434 1224 arc - ok
11:03:23.0464 1224 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
11:03:23.0468 1224 arcsas - ok
11:03:23.0510 1224 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
11:03:23.0512 1224 AsyncMac - ok
11:03:23.0564 1224 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
11:03:23.0566 1224 atapi - ok
11:03:23.0684 1224 AVGIDSDriver (f6878b90a8a9795116bce335238e65af) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
11:03:23.0686 1224 AVGIDSDriver - ok
11:03:23.0730 1224 AVGIDSEH (19a08a6728a6e02099d64268218cd799) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
11:03:23.0731 1224 AVGIDSEH - ok
11:03:23.0777 1224 AVGIDSFilter (f8927ab1dd086edeff2924a64dc89869) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
11:03:23.0779 1224 AVGIDSFilter - ok
11:03:23.0857 1224 AVGIDSShim (dadca567891033dcf2ec4a3f9da46ae4) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
11:03:23.0859 1224 AVGIDSShim - ok
11:03:23.0946 1224 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
11:03:23.0948 1224 Avgldx86 - ok
11:03:23.0977 1224 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
11:03:23.0994 1224 Avgmfx86 - ok
11:03:24.0055 1224 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
11:03:24.0057 1224 Avgrkx86 - ok
11:03:24.0136 1224 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
11:03:24.0141 1224 Avgtdix - ok
11:03:24.0279 1224 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
11:03:24.0299 1224 b06bdrv - ok
11:03:24.0352 1224 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
11:03:24.0359 1224 b57nd60x - ok
11:03:24.0422 1224 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
11:03:24.0424 1224 Beep - ok
11:03:24.0463 1224 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
11:03:24.0465 1224 blbdrive - ok
11:03:24.0584 1224 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
11:03:24.0589 1224 bowser - ok
11:03:24.0628 1224 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:03:24.0633 1224 BrFiltLo - ok
11:03:24.0670 1224 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:03:24.0673 1224 BrFiltUp - ok
11:03:24.0735 1224 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
11:03:24.0745 1224 Brserid - ok
11:03:24.0780 1224 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
11:03:24.0783 1224 BrSerWdm - ok
11:03:24.0825 1224 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:03:24.0828 1224 BrUsbMdm - ok
11:03:24.0872 1224 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
11:03:24.0874 1224 BrUsbSer - ok
11:03:24.0915 1224 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
11:03:24.0918 1224 BTHMODEM - ok
11:03:25.0006 1224 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
11:03:25.0010 1224 cdfs - ok
11:03:25.0092 1224 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
11:03:25.0097 1224 cdrom - ok
11:03:25.0174 1224 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
11:03:25.0177 1224 circlass - ok
11:03:25.0279 1224 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
11:03:25.0286 1224 CLFS - ok
11:03:25.0381 1224 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
11:03:25.0384 1224 CmBatt - ok
11:03:25.0427 1224 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
11:03:25.0430 1224 cmdide - ok
11:03:25.0531 1224 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
11:03:25.0537 1224 CNG - ok
11:03:25.0606 1224 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
11:03:25.0608 1224 Compbatt - ok
11:03:25.0678 1224 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
11:03:25.0682 1224 CompositeBus - ok
11:03:25.0729 1224 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
11:03:25.0732 1224 crcdisk - ok
11:03:25.0829 1224 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
11:03:25.0849 1224 CSC - ok
11:03:25.0950 1224 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
11:03:25.0952 1224 DfsC - ok
11:03:25.0979 1224 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
11:03:25.0980 1224 discache - ok
11:03:26.0042 1224 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
11:03:26.0071 1224 Disk - ok
11:03:26.0159 1224 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
11:03:26.0161 1224 drmkaud - ok
11:03:26.0219 1224 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
11:03:26.0226 1224 DXGKrnl - ok
11:03:26.0407 1224 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
11:03:26.0514 1224 ebdrv - ok
11:03:26.0601 1224 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
11:03:26.0619 1224 elxstor - ok
11:03:26.0676 1224 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
11:03:26.0678 1224 ErrDev - ok
11:03:26.0779 1224 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
11:03:26.0783 1224 exfat - ok
11:03:26.0820 1224 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
11:03:26.0823 1224 fastfat - ok
11:03:26.0863 1224 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
11:03:26.0864 1224 fdc - ok
11:03:26.0911 1224 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
11:03:26.0912 1224 FileInfo - ok
11:03:26.0932 1224 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
11:03:26.0934 1224 Filetrace - ok
11:03:26.0974 1224 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
11:03:26.0976 1224 flpydisk - ok
11:03:27.0003 1224 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
11:03:27.0006 1224 FltMgr - ok
11:03:27.0032 1224 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
11:03:27.0034 1224 FsDepends - ok
11:03:27.0082 1224 FsUsbExDisk (cbe5f69a5e5b918225f420ba748f3742) C:\Windows\system32\FsUsbExDisk.SYS
11:03:27.0112 1224 FsUsbExDisk - ok
11:03:27.0131 1224 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
11:03:27.0132 1224 Fs_Rec - ok
11:03:27.0175 1224 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
11:03:27.0179 1224 fvevol - ok
11:03:27.0216 1224 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:03:27.0219 1224 gagp30kx - ok
11:03:27.0282 1224 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
11:03:27.0283 1224 GEARAspiWDM - ok
11:03:27.0315 1224 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
11:03:27.0318 1224 hcw85cir - ok
11:03:27.0371 1224 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
11:03:27.0373 1224 HDAudBus - ok
11:03:27.0403 1224 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
11:03:27.0405 1224 HidBatt - ok
11:03:27.0436 1224 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
11:03:27.0439 1224 HidBth - ok
11:03:27.0478 1224 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
11:03:27.0481 1224 HidIr - ok
11:03:27.0523 1224 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
11:03:27.0525 1224 HidUsb - ok
11:03:27.0572 1224 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
11:03:27.0574 1224 HpSAMD - ok
11:03:27.0642 1224 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys
11:03:27.0692 1224 HSF_DPV - ok
11:03:27.0726 1224 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
11:03:27.0731 1224 HSXHWAZL - ok
11:03:27.0807 1224 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
11:03:27.0817 1224 HTTP - ok
11:03:27.0882 1224 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
11:03:27.0884 1224 hwpolicy - ok
11:03:27.0951 1224 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
11:03:27.0954 1224 i8042prt - ok
11:03:28.0047 1224 iaStor (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\DRIVERS\iaStor.sys
11:03:28.0051 1224 iaStor - ok
11:03:28.0107 1224 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
11:03:28.0115 1224 iaStorV - ok
11:03:28.0344 1224 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
11:03:28.0501 1224 igfx - ok
11:03:28.0568 1224 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
11:03:28.0570 1224 iirsp - ok
11:03:28.0668 1224 IntcHdmiAddService (98d303ccb3415e9202e82043b37d66dc) C:\Windows\system32\drivers\IntcHdmi.sys
11:03:28.0673 1224 IntcHdmiAddService - ok
11:03:28.0723 1224 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
11:03:28.0727 1224 intelide - ok
11:03:28.0777 1224 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
11:03:28.0779 1224 intelppm - ok
11:03:28.0807 1224 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:03:28.0810 1224 IpFilterDriver - ok
11:03:28.0863 1224 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
11:03:28.0866 1224 IPMIDRV - ok
11:03:28.0892 1224 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
11:03:28.0895 1224 IPNAT - ok
11:03:28.0969 1224 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
11:03:28.0971 1224 IRENUM - ok
11:03:29.0015 1224 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
11:03:29.0019 1224 isapnp - ok
11:03:29.0075 1224 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
11:03:29.0083 1224 iScsiPrt - ok
11:03:29.0173 1224 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
11:03:29.0176 1224 kbdclass - ok
11:03:29.0219 1224 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
11:03:29.0222 1224 kbdhid - ok
11:03:29.0283 1224 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
11:03:29.0284 1224 KSecDD - ok
11:03:29.0324 1224 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
11:03:29.0326 1224 KSecPkg - ok
11:03:29.0407 1224 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
11:03:29.0411 1224 lltdio - ok
11:03:29.0466 1224 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:03:29.0469 1224 LSI_FC - ok
11:03:29.0505 1224 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:03:29.0508 1224 LSI_SAS - ok
11:03:29.0550 1224 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:03:29.0552 1224 LSI_SAS2 - ok
11:03:29.0599 1224 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:03:29.0604 1224 LSI_SCSI - ok
11:03:29.0639 1224 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
11:03:29.0641 1224 luafv - ok
11:03:29.0748 1224 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
11:03:29.0750 1224 mdmxsdk - ok
11:03:29.0777 1224 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
11:03:29.0779 1224 megasas - ok
11:03:29.0816 1224 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
11:03:29.0821 1224 MegaSR - ok
11:03:29.0841 1224 MEMSWEEP2 - ok
11:03:29.0872 1224 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
11:03:29.0873 1224 Modem - ok
11:03:29.0891 1224 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
11:03:29.0892 1224 monitor - ok
11:03:29.0952 1224 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
11:03:29.0953 1224 mouclass - ok
11:03:29.0999 1224 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
11:03:30.0001 1224 mouhid - ok
11:03:30.0054 1224 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
11:03:30.0056 1224 mountmgr - ok
11:03:30.0106 1224 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
11:03:30.0110 1224 mpio - ok
11:03:30.0139 1224 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
11:03:30.0142 1224 mpsdrv - ok
11:03:30.0188 1224 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
11:03:30.0192 1224 MRxDAV - ok
11:03:30.0233 1224 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:03:30.0239 1224 mrxsmb - ok
11:03:30.0293 1224 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:03:30.0319 1224 mrxsmb10 - ok
11:03:30.0373 1224 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:03:30.0378 1224 mrxsmb20 - ok
11:03:30.0434 1224 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
11:03:30.0437 1224 msahci - ok
11:03:30.0490 1224 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
11:03:30.0496 1224 msdsm - ok
11:03:30.0548 1224 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
11:03:30.0550 1224 Msfs - ok
11:03:30.0575 1224 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
11:03:30.0576 1224 mshidkmdf - ok
11:03:30.0595 1224 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
11:03:30.0597 1224 msisadrv - ok
11:03:30.0657 1224 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
11:03:30.0659 1224 MSKSSRV - ok
11:03:30.0702 1224 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
11:03:30.0706 1224 MSPCLOCK - ok
11:03:30.0740 1224 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
11:03:30.0742 1224 MSPQM - ok
11:03:30.0779 1224 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
11:03:30.0783 1224 MsRPC - ok
11:03:30.0847 1224 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
11:03:30.0849 1224 mssmbios - ok
11:03:30.0921 1224 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
11:03:30.0925 1224 MSTEE - ok
11:03:30.0963 1224 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
11:03:30.0967 1224 MTConfig - ok
11:03:31.0001 1224 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
11:03:31.0004 1224 Mup - ok
11:03:31.0064 1224 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
11:03:31.0072 1224 NativeWifiP - ok
11:03:31.0161 1224 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
11:03:31.0199 1224 NDIS - ok
11:03:31.0234 1224 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
11:03:31.0237 1224 NdisCap - ok
11:03:31.0259 1224 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
11:03:31.0260 1224 NdisTapi - ok
11:03:31.0315 1224 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
11:03:31.0319 1224 Ndisuio - ok
11:03:31.0385 1224 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
11:03:31.0389 1224 NdisWan - ok
11:03:31.0425 1224 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
11:03:31.0427 1224 NDProxy - ok
11:03:31.0450 1224 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
11:03:31.0453 1224 NetBIOS - ok
11:03:31.0491 1224 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
11:03:31.0494 1224 NetBT - ok
11:03:31.0692 1224 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
11:03:31.0828 1224 netw5v32 - ok
11:03:31.0882 1224 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
11:03:31.0885 1224 nfrd960 - ok
11:03:31.0943 1224 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
11:03:31.0945 1224 Npfs - ok
11:03:31.0970 1224 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
11:03:31.0971 1224 nsiproxy - ok
11:03:32.0082 1224 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
11:03:32.0133 1224 Ntfs - ok
11:03:32.0185 1224 NTIDrvr (6dcaa65f49ef3b97a5cffc0cb5de1c2f) C:\Windows\system32\drivers\NTIDrvr.sys
11:03:32.0187 1224 NTIDrvr - ok
11:03:32.0243 1224 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
11:03:32.0245 1224 Null - ok
11:03:32.0307 1224 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
11:03:32.0311 1224 nvraid - ok
11:03:32.0363 1224 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
11:03:32.0368 1224 nvstor - ok
11:03:32.0431 1224 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
11:03:32.0436 1224 nv_agp - ok
11:03:32.0510 1224 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
11:03:32.0520 1224 OEM02Dev - ok
11:03:32.0562 1224 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
11:03:32.0564 1224 OEM02Vfx - ok
11:03:32.0602 1224 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
11:03:32.0604 1224 ohci1394 - ok
11:03:32.0695 1224 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
11:03:32.0697 1224 Parport - ok
11:03:32.0744 1224 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
11:03:32.0747 1224 partmgr - ok
11:03:32.0774 1224 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
11:03:32.0776 1224 Parvdm - ok
11:03:32.0831 1224 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
11:03:32.0834 1224 pci - ok
11:03:32.0851 1224 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
11:03:32.0852 1224 pciide - ok
11:03:32.0881 1224 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
11:03:32.0886 1224 pcmcia - ok
11:03:32.0910 1224 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
11:03:32.0911 1224 pcw - ok
11:03:32.0947 1224 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
11:03:32.0960 1224 PEAUTH - ok
11:03:33.0032 1224 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
11:03:33.0035 1224 PptpMiniport - ok
11:03:33.0059 1224 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
11:03:33.0061 1224 Processor - ok
11:03:33.0131 1224 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
11:03:33.0134 1224 Psched - ok
11:03:33.0178 1224 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
11:03:33.0207 1224 PxHelp20 - ok
11:03:33.0301 1224 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
11:03:33.0398 1224 ql2300 - ok
11:03:33.0435 1224 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
11:03:33.0438 1224 ql40xx - ok
11:03:33.0471 1224 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
11:03:33.0473 1224 QWAVEdrv - ok
11:03:33.0496 1224 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
11:03:33.0498 1224 RasAcd - ok
11:03:33.0541 1224 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:03:33.0543 1224 RasAgileVpn - ok
11:03:33.0574 1224 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:03:33.0577 1224 Rasl2tp - ok
11:03:33.0620 1224 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
11:03:33.0622 1224 RasPppoe - ok
11:03:33.0647 1224 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
11:03:33.0650 1224 RasSstp - ok
11:03:33.0704 1224 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
11:03:33.0712 1224 rdbss - ok
11:03:33.0736 1224 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
11:03:33.0738 1224 rdpbus - ok
11:03:33.0786 1224 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:03:33.0787 1224 RDPCDD - ok
11:03:33.0840 1224 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
11:03:33.0844 1224 RDPDR - ok
11:03:33.0871 1224 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
11:03:33.0872 1224 RDPENCDD - ok
11:03:33.0900 1224 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
11:03:33.0901 1224 RDPREFMP - ok
11:03:33.0972 1224 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
11:03:33.0974 1224 RdpVideoMiniport - ok
11:03:34.0023 1224 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
11:03:34.0027 1224 RDPWD - ok
11:03:34.0092 1224 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
11:03:34.0095 1224 rdyboost - ok
11:03:34.0162 1224 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
11:03:34.0166 1224 rimmptsk - ok
11:03:34.0233 1224 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
11:03:34.0237 1224 rimsptsk - ok
11:03:34.0307 1224 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
11:03:34.0310 1224 rismxdp - ok
11:03:34.0389 1224 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
11:03:34.0393 1224 rspndr - ok
11:03:34.0496 1224 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
11:03:34.0500 1224 s3cap - ok
11:03:34.0591 1224 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
11:03:34.0596 1224 sbp2port - ok
11:03:34.0693 1224 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
11:03:34.0697 1224 scfilter - ok
11:03:34.0767 1224 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
11:03:34.0770 1224 sdbus - ok
11:03:34.0838 1224 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
11:03:34.0840 1224 secdrv - ok
11:03:34.0892 1224 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
11:03:34.0894 1224 Serenum - ok
11:03:34.0921 1224 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
11:03:34.0924 1224 Serial - ok
11:03:34.0977 1224 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
11:03:34.0981 1224 sermouse - ok
11:03:35.0050 1224 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
11:03:35.0052 1224 sffdisk - ok
11:03:35.0066 1224 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
11:03:35.0068 1224 sffp_mmc - ok
11:03:35.0082 1224 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\DRIVERS\sffp_sd.sys
11:03:35.0084 1224 sffp_sd - ok
11:03:35.0114 1224 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
11:03:35.0116 1224 sfloppy - ok
11:03:35.0169 1224 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
11:03:35.0171 1224 sisagp - ok
11:03:35.0213 1224 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:03:35.0216 1224 SiSRaid2 - ok
11:03:35.0241 1224 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
11:03:35.0244 1224 SiSRaid4 - ok
11:03:35.0287 1224 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
11:03:35.0290 1224 Smb - ok
11:03:35.0345 1224 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
11:03:35.0346 1224 spldr - ok
11:03:35.0393 1224 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
11:03:35.0400 1224 srv - ok
11:03:35.0432 1224 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
11:03:35.0438 1224 srv2 - ok
11:03:35.0470 1224 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
11:03:35.0473 1224 srvnet - ok
11:03:35.0537 1224 sscdbus (86b6905742d77775b558ab19c091d181) C:\Windows\system32\DRIVERS\sscdbus.sys
11:03:35.0540 1224 sscdbus - ok
11:03:35.0578 1224 sscdmdfl (d6b1ca82860d2fa5558eb2c3fcf566ec) C:\Windows\system32\DRIVERS\sscdmdfl.sys
11:03:35.0580 1224 sscdmdfl - ok
11:03:35.0626 1224 sscdmdm (84cb615598553a146930cac8c10f9a31) C:\Windows\system32\DRIVERS\sscdmdm.sys
11:03:35.0629 1224 sscdmdm - ok
11:03:35.0700 1224 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
11:03:35.0702 1224 stexstor - ok
11:03:35.0781 1224 STHDA (5af135b2e2097d4494b9067ce84e2665) C:\Windows\system32\drivers\stwrt.sys
11:03:35.0826 1224 STHDA - ok
11:03:35.0911 1224 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
11:03:35.0914 1224 storflt - ok
11:03:35.0981 1224 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
11:03:35.0984 1224 storvsc - ok
11:03:36.0038 1224 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
11:03:36.0040 1224 swenum - ok
11:03:36.0100 1224 Synth3dVsc - ok
11:03:36.0192 1224 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
11:03:36.0202 1224 Tcpip - ok
11:03:36.0268 1224 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
11:03:36.0286 1224 TCPIP6 - ok
11:03:36.0336 1224 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
11:03:36.0338 1224 tcpipreg - ok
11:03:36.0385 1224 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
11:03:36.0388 1224 TDPIPE - ok
11:03:36.0421 1224 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
11:03:36.0425 1224 TDTCP - ok
11:03:36.0485 1224 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
11:03:36.0489 1224 tdx - ok
11:03:36.0554 1224 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
11:03:36.0557 1224 TermDD - ok
11:03:36.0656 1224 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:03:36.0660 1224 tssecsrv - ok
11:03:36.0715 1224 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
11:03:36.0719 1224 TsUsbFlt - ok
11:03:36.0747 1224 tsusbhub - ok
11:03:36.0822 1224 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
11:03:36.0827 1224 tunnel - ok
11:03:36.0877 1224 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
11:03:36.0881 1224 uagp35 - ok
11:03:36.0948 1224 UBHelper (d79c0b9bb011218b93705cbf77fa3e5e) C:\Windows\system32\drivers\UBHelper.sys
11:03:36.0950 1224 UBHelper - ok
11:03:37.0000 1224 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
11:03:37.0005 1224 udfs - ok
11:03:37.0062 1224 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
11:03:37.0066 1224 uliagpkx - ok
11:03:37.0139 1224 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
11:03:37.0143 1224 umbus - ok
11:03:37.0209 1224 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
11:03:37.0213 1224 UmPass - ok
11:03:37.0285 1224 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
11:03:37.0314 1224 USBAAPL - ok
11:03:37.0361 1224 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
11:03:37.0365 1224 usbccgp - ok
11:03:37.0422 1224 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
11:03:37.0425 1224 usbcir - ok
11:03:37.0473 1224 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
11:03:37.0475 1224 usbehci - ok
11:03:37.0532 1224 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
11:03:37.0539 1224 usbhub - ok
11:03:37.0584 1224 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
11:03:37.0586 1224 usbohci - ok
11:03:37.0628 1224 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
11:03:37.0631 1224 usbprint - ok
11:03:37.0671 1224 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
11:03:37.0674 1224 usbscan - ok
11:03:37.0711 1224 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:03:37.0714 1224 USBSTOR - ok
11:03:37.0764 1224 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
11:03:37.0767 1224 usbuhci - ok
11:03:37.0839 1224 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
11:03:37.0843 1224 vdrvroot - ok
11:03:37.0902 1224 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
11:03:37.0906 1224 vga - ok
11:03:37.0961 1224 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
11:03:37.0964 1224 VgaSave - ok
11:03:38.0001 1224 VGPU - ok
11:03:38.0050 1224 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
11:03:38.0054 1224 vhdmp - ok
11:03:38.0097 1224 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
11:03:38.0100 1224 viaagp - ok
11:03:38.0122 1224 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
11:03:38.0124 1224 ViaC7 - ok
11:03:38.0186 1224 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
11:03:38.0189 1224 viaide - ok
11:03:38.0246 1224 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
11:03:38.0252 1224 vmbus - ok
11:03:38.0302 1224 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
11:03:38.0307 1224 VMBusHID - ok
11:03:38.0349 1224 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
11:03:38.0352 1224 volmgr - ok
11:03:38.0388 1224 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
11:03:38.0393 1224 volmgrx - ok
11:03:38.0442 1224 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
11:03:38.0447 1224 volsnap - ok
11:03:38.0485 1224 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
11:03:38.0489 1224 vsmraid - ok
11:03:38.0521 1224 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
11:03:38.0523 1224 vwifibus - ok
11:03:38.0585 1224 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
11:03:38.0587 1224 WacomPen - ok
11:03:38.0643 1224 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
11:03:38.0647 1224 WANARP - ok
11:03:38.0656 1224 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
11:03:38.0657 1224 Wanarpv6 - ok
11:03:38.0716 1224 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
11:03:38.0718 1224 Wd - ok
11:03:38.0759 1224 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
11:03:38.0766 1224 Wdf01000 - ok
11:03:38.0816 1224 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
11:03:38.0818 1224 WfpLwf - ok
11:03:38.0843 1224 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
11:03:38.0844 1224 WIMMount - ok
11:03:38.0911 1224 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
11:03:38.0942 1224 winachsf - ok
11:03:39.0026 1224 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
11:03:39.0029 1224 WinUsb - ok
11:03:39.0111 1224 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
11:03:39.0114 1224 WmiAcpi - ok
11:03:39.0201 1224 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
11:03:39.0203 1224 ws2ifsl - ok
11:03:39.0264 1224 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
11:03:39.0269 1224 WudfPf - ok
11:03:39.0339 1224 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:03:39.0345 1224 WUDFRd - ok
11:03:39.0401 1224 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
11:03:39.0404 1224 XAudio - ok
11:03:39.0488 1224 yukonw7 (30b73eb97218a16cbc6de535782a1b35) C:\Windows\system32\DRIVERS\yk62x86.sys
11:03:39.0496 1224 yukonw7 - ok
11:03:39.0538 1224 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0
11:03:39.0568 1224 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
11:03:39.0568 1224 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
11:03:39.0604 1224 Boot (0x1200) (b2ea4e3a8e215f088a15855581d71a06) \Device\Harddisk0\DR0\Partition0
11:03:39.0606 1224 \Device\Harddisk0\DR0\Partition0 - ok
11:03:39.0620 1224 Boot (0x1200) (c7d782cb5bffc28be71cffcea6349cc7) \Device\Harddisk0\DR0\Partition1
11:03:39.0622 1224 \Device\Harddisk0\DR0\Partition1 - ok
11:03:39.0623 1224 ============================================================
11:03:39.0623 1224 Scan finished
11:03:39.0623 1224 ============================================================
11:03:39.0639 5064 Detected object count: 2
11:03:39.0639 5064 Actual detected object count: 2
11:28:19.0153 5064 C:\Windows\system32\drivers\afd.sys - copied to quarantine
11:28:22.0354 5064 Backup copy found, using it..
11:28:22.0403 5064 C:\Windows\system32\drivers\afd.sys - will be cured on reboot
11:28:25.0801 5064 AFD ( Virus.Win32.ZAccess.k ) - User select action: Cure
11:28:25.0914 5064 \Device\Harddisk0\DR0\# - copied to quarantine
11:28:25.0916 5064 \Device\Harddisk0\DR0 - copied to quarantine
11:28:25.0984 5064 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
11:28:25.0987 5064 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
11:28:26.0011 5064 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
11:28:26.0014 5064 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
11:28:26.0018 5064 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
11:28:26.0025 5064 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
11:28:26.0052 5064 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
11:28:26.0100 5064 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
11:28:26.0101 5064 \Device\Harddisk0\DR0 - ok
11:28:26.0159 5064 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
11:29:33.0900 5440 Deinitialize success
 
Should I continue to "move to vault" AVG threat detections?

Like I said in my intro post, I'm constantly getting AVG Threat pop ups asking if I want to move the file to the vault or "allow" it.
I'm assuming allowing it would not be a good idea, but just want to make sure I'm not messing anything up for you guys.

Should I continue to "move to vault" whenever a threat is detected?
 
Should I continue to "move to vault" whenever a threat is detected?
Yes.

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

==================================================================

Download BTKR_RunBox to your desktop.

Double click on downloaded BTKR_RunBox.exe file.
Small RunBox DOS window will open.
Press any key to continue.
Press "1" to select "Run a scan with Bootkit Remover" option.
Press "Enter".
Press "Enter" one more time to generate log.
Click OK, IF any "Warning" message pops up.
Notepad will open with Bootkit Remover log.
Copy the content and post it in your next reply.
In RunBox press "4" then Enter to exit it.

NOTE. In case you lost the log it's also located on your desktop as "scan.txt"
 
aswMBR log

aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-02-23 13:33:16
-----------------------------
13:33:16.956 OS Version: Windows 6.1.7601 Service Pack 1
13:33:16.956 Number of processors: 2 586 0x1706
13:33:16.958 ComputerName: STEPHANIE-PC UserName: Stephanie
13:33:18.182 Initialize success
13:35:11.759 AVAST engine defs: 12022301
13:35:59.423 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
13:35:59.431 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
13:35:59.471 Disk 0 MBR read successfully
13:35:59.480 Disk 0 MBR scan
13:35:59.493 Disk 0 Windows 7 default MBR code
13:35:59.499 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 70 MB offset 63
13:35:59.514 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 145408
13:35:59.530 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 225602 MB offset 21116928
13:35:59.537 Disk 0 Partition - 00 0F Extended LBA 2560 MB offset 483151872
13:35:59.568 Disk 0 Partition 4 00 DD MSDOS5.0 2559 MB offset 483153920
13:35:59.578 Disk 0 scanning sectors +488394752
13:35:59.658 Disk 0 scanning C:\Windows\system32\drivers
13:36:13.389 Service scanning
13:36:46.265 Modules scanning
13:36:56.225 Disk 0 trace - called modules:
13:36:56.256 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
13:36:56.263 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87062030]
13:36:56.503 3 CLASSPNP.SYS[8cd8e59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x86232028]
13:36:58.375 AVAST engine scan C:\Windows
13:37:01.129 AVAST engine scan C:\Windows\system32
13:40:18.505 AVAST engine scan C:\Windows\system32\drivers
13:40:40.509 AVAST engine scan C:\Users\Stephanie
13:41:56.029 Disk 0 MBR has been saved successfully to "C:\Users\Stephanie\Desktop\MBR.dat"
13:41:56.030 The log file has been saved successfully to "C:\Users\Stephanie\Desktop\aswMBR log.txt"
 
BTKR log

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com
Program version: 1.2.0.0
OS Version: Microsoft Windows 7 Ultimate Edition Service Pack 1 (build 7601), 32-bit
System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`84700000
Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)

Done;



Press any key to quit...
 
That looks good.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Question

I disabled protection on AVG, but I opened ComboFix and it said AVG antivirus and antispyware real time scanners were active. I uninstalled my AVG (free edition 2012), restarted the computer, opened ComboFix, and it gives the same message. I'm not sure how it's still coming up as active if it's uninstalled?

I believe I correctly disable protection for SpywareBlaster, Spybot Search & Destory, and Malwarebyte Anti-Malware.

Should I click OK on ComboFix and continue?
 
ComboFix log

ComboFix 12-02-22.01 - Stephanie 02/23/2012 15:09:45.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3574.2649 [GMT -5:00]
Running from: c:\users\Stephanie\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\LP
c:\program files\LP\261C\D74E.tmp
c:\programdata\ntuser.dat
c:\users\Stephanie\Documents\~WRL0005.tmp
c:\users\Stephanie\Documents\~WRL2125.tmp
c:\users\Stephanie\Documents\~WRL2626.tmp
c:\windows\$NtUninstallKB8542$
c:\windows\$NtUninstallKB8542$\1794493320
c:\windows\$NtUninstallKB8542$\3903310329\@
c:\windows\$NtUninstallKB8542$\3903310329\cfg.ini
c:\windows\$NtUninstallKB8542$\3903310329\Desktop.ini
c:\windows\$NtUninstallKB8542$\3903310329\L\wxdbpmqa
c:\windows\$NtUninstallKB8542$\3903310329\oemid
c:\windows\$NtUninstallKB8542$\3903310329\U\00000001.@
c:\windows\$NtUninstallKB8542$\3903310329\U\00000002.@
c:\windows\$NtUninstallKB8542$\3903310329\U\00000004.@
c:\windows\$NtUninstallKB8542$\3903310329\U\80000000.@
c:\windows\$NtUninstallKB8542$\3903310329\U\80000004.@
c:\windows\$NtUninstallKB8542$\3903310329\U\80000032.@
c:\windows\$NtUninstallKB8542$\3903310329\version
c:\windows\system32\AutoRun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-01-23 to 2012-02-23 )))))))))))))))))))))))))))))))
.
.
2012-02-23 16:28 . 2012-02-23 16:28 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-22 21:32 . 2006-06-19 17:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2012-02-22 21:32 . 2006-05-25 19:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2012-02-22 21:32 . 2005-08-26 05:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2012-02-22 21:32 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\unrar3.dll
2012-02-22 21:32 . 2002-03-06 05:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2012-02-22 19:28 . 2012-02-22 23:58 -------- d--h--w- c:\users\Stephanie\AppData\Roaming\A7BF3979
2012-02-22 16:48 . 2012-02-22 16:49 -------- d-----w- c:\users\Stephanie\AppData\Roaming\AVG
2012-02-16 16:53 . 2012-02-16 16:53 139776 ----a-w- c:\programdata\Microsoft\Windows\DRM\14C8.tmp
2012-02-16 06:54 . 2012-02-16 06:54 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-02-16 02:42 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-16 02:42 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 02:42 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-16 02:42 . 2012-01-14 03:35 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-02-13 16:05 . 2012-02-13 16:05 -------- d-----w- c:\program files\iPod
2012-02-12 21:38 . 2012-02-23 15:10 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-01-26 17:06 . 2012-01-26 17:06 -------- d-----w- c:\users\Stephanie\AppData\Roaming\DiskAid
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 16:30 . 2011-06-15 22:08 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-12 21:38 . 2011-05-29 13:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-18 23:05 . 2011-03-28 23:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-12-10 20:24 . 2010-09-07 22:36 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-18 05:01 . 2011-05-06 00:19 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 718720]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-07 405504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-7-27 50688]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-07-27 05:50 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Users^Stephanie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
path=c:\users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-11-02 12:51 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNowEZtray]
2009-09-19 11:04 562944 ----a-w- c:\program files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\C88D.tmp [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-05 1343400]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-08-29 73728]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-04-28 161048]
S2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe [2009-09-19 45312]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - Avgtdix
.
NETSVCS REQUIRES REPAIRS - current entries shown
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
cvsnt
padfsvr
SANDRA
TNaviSrv
SE27mdm
i81x
wanatw
IJPLMSVC
RMSvc
botcbs
ONSIO
nlsvc
DXEC02
b57w2k
se2Cunic
eeyeevnt
citrixxteserver
lpx
SE2Dobex
dlcg_device
wstcodec
gdihook5
lvtuner
webdriveservice
atikmdag
MSSQL$MSSMLBIZ
cachemgr
automate6
s716bus
yukonwxp
nmservice
toside
agnwifi
qconsvc
nsm1mdm
tifmsony
sweepsrv.sys
MagicTune
nsm1serd
RIOXDRV
NICM
oracleorahometnslistener
sisperf
emproxy
mqdmserd
tmesrv3
teefer
nipxirmu
emclisrv
lxcf_device
tosrfusb
apache2
se45mdm
wanusb
lxcz_device
client32
ICM10USB
elnkfwppservice
FlexBios
https-nassry
s116obex
ntcharge
plsremotesvc
vtserver
ivscheduler
CTERFXFX.DLL
jtagserver
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
wercplsupport
EapHost
ProfSvc
schedule
hkmsvc
SessionEnv
winmgmt
browser
Themes
BDESVC
AppMgmt
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:58444
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
FF - ProfilePath - c:\users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\svaf87ir.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-62809401.sys
MSConfigStartUp-DriverFinder - c:\program files\DriverFinder\DriverFinder.exe
MSConfigStartUp-Lexmark X6100 Series - c:\program files\Lexmark X6100 Series\lxbfbmgr.exe
AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\C88D.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\LEXBCES.EXE
c:\windows\System32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\STacSV.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Completion time: 2012-02-23 15:36:02 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-23 20:36
.
Pre-Run: 162,512,269,312 bytes free
Post-Run: 165,742,620,672 bytes free
.
- - End Of File - - 0BBE7467160F7D9B8BA0E5249BB5A27A
 
1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:
File::
c:\programdata\Microsoft\Windows\DRM\14C8.tmp
c:\windows\system32\dds_trash_log.cmd


Folder::
c:\users\Stephanie\AppData\Roaming\A7BF3979

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
ComboFix log 2

ComboFix 12-02-22.01 - Stephanie 02/23/2012 17:17:00.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3574.2412 [GMT -5:00]
Running from: c:\users\Stephanie\Desktop\ComboFix.exe
Command switches used :: c:\users\Stephanie\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\programdata\Microsoft\Windows\DRM\14C8.tmp"
"c:\windows\system32\dds_trash_log.cmd"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\DRM\14C8.tmp
c:\users\Stephanie\AppData\Roaming\A7BF3979
c:\windows\system32\dds_trash_log.cmd
.
.
((((((((((((((((((((((((( Files Created from 2012-01-23 to 2012-02-23 )))))))))))))))))))))))))))))))
.
.
2012-02-23 22:21 . 2012-02-23 22:21 -------- d-----w- c:\users\Stephanie\AppData\Local\temp
2012-02-23 22:21 . 2012-02-23 22:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-23 16:28 . 2012-02-23 16:28 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-22 21:32 . 2006-06-19 17:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2012-02-22 21:32 . 2006-05-25 19:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2012-02-22 21:32 . 2005-08-26 05:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2012-02-22 21:32 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\unrar3.dll
2012-02-22 21:32 . 2002-03-06 05:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2012-02-22 16:48 . 2012-02-22 16:49 -------- d-----w- c:\users\Stephanie\AppData\Roaming\AVG
2012-02-16 06:54 . 2012-02-16 06:54 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-02-16 02:42 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-16 02:42 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 02:42 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-16 02:42 . 2012-01-14 03:35 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-02-13 16:05 . 2012-02-13 16:05 -------- d-----w- c:\program files\iPod
2012-01-26 17:06 . 2012-01-26 17:06 -------- d-----w- c:\users\Stephanie\AppData\Roaming\DiskAid
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 16:30 . 2011-06-15 22:08 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-12 21:38 . 2011-05-29 13:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-18 23:05 . 2011-03-28 23:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-12-10 20:24 . 2010-09-07 22:36 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-18 05:01 . 2011-05-06 00:19 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 718720]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-07 405504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-7-27 50688]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-07-27 05:50 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Users^Stephanie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
path=c:\users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-11-02 12:51 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNowEZtray]
2009-09-19 11:04 562944 ----a-w- c:\program files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\C88D.tmp [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-05 1343400]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-08-29 73728]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-04-28 161048]
S2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe [2009-09-19 45312]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - Avgtdix
.
NETSVCS REQUIRES REPAIRS - current entries shown
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
cvsnt
padfsvr
SANDRA
TNaviSrv
SE27mdm
i81x
wanatw
IJPLMSVC
RMSvc
botcbs
ONSIO
nlsvc
DXEC02
b57w2k
se2Cunic
eeyeevnt
citrixxteserver
lpx
SE2Dobex
dlcg_device
wstcodec
gdihook5
lvtuner
webdriveservice
atikmdag
MSSQL$MSSMLBIZ
cachemgr
automate6
s716bus
yukonwxp
nmservice
toside
agnwifi
qconsvc
nsm1mdm
tifmsony
sweepsrv.sys
MagicTune
nsm1serd
RIOXDRV
NICM
oracleorahometnslistener
sisperf
emproxy
mqdmserd
tmesrv3
teefer
nipxirmu
emclisrv
lxcf_device
tosrfusb
apache2
se45mdm
wanusb
lxcz_device
client32
ICM10USB
elnkfwppservice
FlexBios
https-nassry
s116obex
ntcharge
plsremotesvc
vtserver
ivscheduler
CTERFXFX.DLL
jtagserver
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
wercplsupport
EapHost
ProfSvc
schedule
hkmsvc
SessionEnv
winmgmt
browser
Themes
BDESVC
AppMgmt
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:58444
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
FF - ProfilePath - c:\users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\svaf87ir.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\C88D.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-23 17:23:24
ComboFix-quarantined-files.txt 2012-02-23 22:23
ComboFix2.txt 2012-02-23 20:36
.
Pre-Run: 165,115,736,064 bytes free
Post-Run: 165,046,038,528 bytes free
.
- - End Of File - - E29E39435F4ABFA1534A300E9A502AF0
 
Looks good.

How is computer doing?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL log (part 1)

OTL logfile created on: 2/23/2012 8:11:28 PM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Stephanie\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 67.15% Memory free
6.98 Gb Paging File | 5.96 Gb Available in Paging File | 85.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.32 Gb Total Space | 153.51 Gb Free Space | 69.68% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.90 Gb Free Space | 49.05% Space Free | Partition Type: NTFS

Computer Name: STEPHANIE-PC | User Name: Stephanie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/23 20:09:11 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Stephanie\Desktop\OTL.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/09/19 06:04:50 | 000,045,312 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe
PRC - [2009/06/04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/07/27 00:29:11 | 000,072,704 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/02/22 17:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/09/07 09:25:12 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/08/29 12:25:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe


========== Modules (No Company Name) ==========

MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (yukonwxp)
SRV - File not found [Auto | Stopped] -- -- (wstcodec)
SRV - File not found [Auto | Stopped] -- -- (webdriveservice)
SRV - File not found [Auto | Stopped] -- -- (wanusb)
SRV - File not found [Auto | Stopped] -- -- (wanatw)
SRV - File not found [Auto | Stopped] -- -- (vtserver)
SRV - File not found [Auto | Stopped] -- -- (tosrfusb)
SRV - File not found [Auto | Stopped] -- -- (toside)
SRV - File not found [Auto | Stopped] -- -- (TNaviSrv)
SRV - File not found [Auto | Stopped] -- -- (tmesrv3)
SRV - File not found [Auto | Stopped] -- -- (tifmsony)
SRV - File not found [Auto | Stopped] -- -- (teefer)
SRV - File not found [Auto | Stopped] -- -- (sweepsrv.sys)
SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - File not found [Auto | Stopped] -- -- (sisperf)
SRV - File not found [Auto | Stopped] -- -- (se45mdm)
SRV - File not found [Auto | Stopped] -- -- (SE2Dobex)
SRV - File not found [Auto | Stopped] -- -- (se2Cunic)
SRV - File not found [Auto | Stopped] -- -- (SE27mdm)
SRV - File not found [Auto | Stopped] -- -- (SANDRA)
SRV - File not found [Auto | Stopped] -- -- (s716bus)
SRV - File not found [Auto | Stopped] -- -- (s116obex)
SRV - File not found [Auto | Stopped] -- -- (RMSvc)
SRV - File not found [Auto | Stopped] -- -- (RIOXDRV)
SRV - File not found [Auto | Stopped] -- -- (qconsvc)
SRV - File not found [Auto | Stopped] -- -- (plsremotesvc)
SRV - File not found [Auto | Stopped] -- -- (padfsvr)
SRV - File not found [Auto | Stopped] -- -- (oracleorahometnslistener)
SRV - File not found [Auto | Stopped] -- -- (ONSIO)
SRV - File not found [Auto | Stopped] -- -- (ntcharge)
SRV - File not found [Auto | Stopped] -- -- (nsm1serd)
SRV - File not found [Auto | Stopped] -- -- (nsm1mdm)
SRV - File not found [Auto | Stopped] -- -- (nmservice)
SRV - File not found [Auto | Stopped] -- -- (nlsvc)
SRV - File not found [Auto | Stopped] -- -- (nipxirmu)
SRV - File not found [Auto | Stopped] -- -- (NICM)
SRV - File not found [Auto | Stopped] -- -- (MSSQL$MSSMLBIZ)
SRV - File not found [Auto | Stopped] -- -- (mqdmserd)
SRV - File not found [Auto | Stopped] -- -- (MagicTune)
SRV - File not found [Auto | Stopped] -- -- (lxcz_device)
SRV - File not found [Auto | Stopped] -- -- (lxcf_device)
SRV - File not found [Auto | Stopped] -- -- (lvtuner)
SRV - File not found [Auto | Stopped] -- -- (lpx)
SRV - File not found [Auto | Stopped] -- -- (jtagserver)
SRV - File not found [Auto | Stopped] -- -- (ivscheduler)
SRV - File not found [Auto | Stopped] -- -- (IJPLMSVC)
SRV - File not found [Auto | Stopped] -- -- (ICM10USB)
SRV - File not found [Auto | Stopped] -- -- (i81x)
SRV - File not found [Auto | Stopped] -- -- (https-nassry)
SRV - File not found [Auto | Stopped] -- -- (gdihook5)
SRV - File not found [Auto | Stopped] -- -- (FlexBios)
SRV - File not found [Auto | Stopped] -- -- (emproxy)
SRV - File not found [Auto | Stopped] -- -- (emclisrv)
SRV - File not found [Auto | Stopped] -- -- (elnkfwppservice)
SRV - File not found [Auto | Stopped] -- -- (eeyeevnt)
SRV - File not found [Auto | Stopped] -- -- (DXEC02)
SRV - File not found [Auto | Stopped] -- -- (dlcg_device)
SRV - File not found [Auto | Stopped] -- -- (cvsnt)
SRV - File not found [Auto | Stopped] -- -- (CTERFXFX.DLL)
SRV - File not found [Auto | Stopped] -- -- (client32)
SRV - File not found [Auto | Stopped] -- -- (citrixxteserver)
SRV - File not found [Auto | Stopped] -- -- (cachemgr)
SRV - File not found [Auto | Stopped] -- -- (botcbs)
SRV - File not found [Auto | Stopped] -- -- (b57w2k)
SRV - File not found [Auto | Stopped] -- -- (automate6)
SRV - File not found [Auto | Stopped] -- -- (atikmdag)
SRV - File not found [Auto | Stopped] -- -- (apache2)
SRV - File not found [Auto | Stopped] -- -- (agnwifi)
SRV - [2011/06/12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/04/04 20:00:44 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/11/20 14:52:36 | 000,072,704 | ---- | M] (WoltersKluwerLWW) [On_Demand | Stopped] -- C:\Program Files\Common Files\WoltersKluwerLWW Shared\Service\LWWLicenseService.exe -- (LWWLicenseService)
SRV - [2009/09/19 06:04:50 | 000,045,312 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe -- (NTI BackupNowEZSvr)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/07/27 00:50:44 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/07/27 00:29:11 | 000,072,704 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2007/09/07 09:25:12 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/08/29 12:25:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/06/14 09:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/10/15 00:28:44 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2009/10/15 00:28:44 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2009/10/15 00:28:44 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2009/09/28 08:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 17:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2008/05/04 04:25:24 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/03/06 02:58:44 | 000,111,616 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/03/04 00:05:34 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2008/03/04 00:05:18 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/09/07 09:26:04 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/09/06 11:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/06 11:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/06 11:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49192

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49192



IE - HKU\S-1-5-21-513177211-2312190473-767099015-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-513177211-2312190473-767099015-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-513177211-2312190473-767099015-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-513177211-2312190473-767099015-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-513177211-2312190473-767099015-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:58444

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1319
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Stephanie\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/18 00:01:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/17 11:29:27 | 000,000,000 | ---D | M]

[2009/10/26 22:18:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stephanie\AppData\Roaming\mozilla\Extensions
[2009/07/30 19:57:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stephanie\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011/08/16 21:39:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stephanie\AppData\Roaming\mozilla\Firefox\Profiles\svaf87ir.default\extensions
[2010/04/27 20:26:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Stephanie\AppData\Roaming\mozilla\Firefox\Profiles\svaf87ir.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/26 22:18:27 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Stephanie\AppData\Roaming\mozilla\Firefox\Profiles\svaf87ir.default\extensions\moveplayer@movenetworks.com
[2009/10/26 22:18:27 | 000,000,000 | ---D | M] (Tegrity Plugin) -- C:\Users\Stephanie\AppData\Roaming\mozilla\Firefox\Profiles\svaf87ir.default\extensions\tegplug@tegrity.com
[2009/10/27 09:51:12 | 000,004,554 | ---- | M] () -- C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\svaf87ir.default\searchplugins\aim-search.xml
[2011/09/26 18:50:58 | 000,001,595 | ---- | M] () -- C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\svaf87ir.default\searchplugins\amazondotcom.xml
[2009/04/14 13:50:18 | 000,001,595 | ---- | M] () -- C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\svaf87ir.default\searchplugins\ebay.xml
[2011/11/10 09:52:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/04 19:25:24 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/10/16 19:46:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/02/18 00:01:59 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/07/18 11:19:40 | 002,998,784 | ---- | M] (Tamarack Software, Inc.) -- C:\Program Files\mozilla firefox\plugins\nptgeqplugin.dll
[2008/11/27 12:20:11 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2011/05/05 19:19:37 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/10 09:52:16 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/02/23 17:21:36 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-513177211-2312190473-767099015-1000..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-513177211-2312190473-767099015-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-513177211-2312190473-767099015-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-513177211-2312190473-767099015-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - Reg Error: Value error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9AB5326-DD3A-4AFE-9181-F079A36DB03C}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: cvsnt - File not found
NetSvcs: padfsvr - File not found
NetSvcs: SANDRA - File not found
NetSvcs: TNaviSrv - File not found
NetSvcs: SE27mdm - File not found
NetSvcs: i81x - File not found
NetSvcs: wanatw - File not found
NetSvcs: IJPLMSVC - File not found
NetSvcs: RMSvc - File not found
NetSvcs: botcbs - File not found
NetSvcs: ONSIO - File not found
NetSvcs: nlsvc - File not found
NetSvcs: DXEC02 - File not found
NetSvcs: b57w2k - File not found
NetSvcs: se2Cunic - File not found
NetSvcs: eeyeevnt - File not found
NetSvcs: citrixxteserver - File not found
NetSvcs: lpx - File not found
NetSvcs: SE2Dobex - File not found
NetSvcs: dlcg_device - File not found
NetSvcs: wstcodec - File not found
NetSvcs: gdihook5 - File not found
NetSvcs: lvtuner - File not found
NetSvcs: webdriveservice - File not found
NetSvcs: atikmdag - File not found
NetSvcs: MSSQL$MSSMLBIZ - File not found
NetSvcs: cachemgr - File not found
NetSvcs: automate6 - File not found
NetSvcs: s716bus - File not found
NetSvcs: yukonwxp - File not found
NetSvcs: nmservice - File not found
NetSvcs: toside - File not found
NetSvcs: agnwifi - File not found
NetSvcs: qconsvc - File not found
NetSvcs: nsm1mdm - File not found
NetSvcs: tifmsony - File not found
NetSvcs: sweepsrv.sys - File not found
NetSvcs: MagicTune - File not found
NetSvcs: nsm1serd - File not found
NetSvcs: RIOXDRV - File not found
NetSvcs: NICM - File not found
NetSvcs: oracleorahometnslistener - File not found
NetSvcs: sisperf - File not found
NetSvcs: emproxy - File not found
NetSvcs: mqdmserd - File not found
NetSvcs: tmesrv3 - File not found
NetSvcs: teefer - File not found
NetSvcs: nipxirmu - File not found
NetSvcs: emclisrv - File not found
NetSvcs: lxcf_device - File not found
NetSvcs: tosrfusb - File not found
NetSvcs: apache2 - File not found
NetSvcs: se45mdm - File not found
NetSvcs: wanusb - File not found
NetSvcs: lxcz_device - File not found
NetSvcs: client32 - File not found
NetSvcs: ICM10USB - File not found
NetSvcs: elnkfwppservice - File not found
NetSvcs: FlexBios - File not found
NetSvcs: https-nassry - File not found
NetSvcs: s116obex - File not found
NetSvcs: ntcharge - File not found
NetSvcs: plsremotesvc - File not found
NetSvcs: vtserver - File not found
NetSvcs: ivscheduler - File not found
NetSvcs: CTERFXFX.DLL - File not found
NetSvcs: jtagserver - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/23 20:09:10 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Stephanie\Desktop\OTL.exe
[2012/02/23 17:23:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/23 17:23:25 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/02/23 17:23:25 | 000,000,000 | ---D | C] -- C:\Users\Stephanie\AppData\Local\temp
[2012/02/23 15:02:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/23 15:02:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/23 15:02:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/23 14:16:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/23 14:11:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/23 13:56:58 | 004,417,295 | R--- | C] (Swearware) -- C:\Users\Stephanie\Desktop\ComboFix.exe
[2012/02/23 13:31:07 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\Stephanie\Desktop\aswMBR.exe
[2012/02/23 12:11:40 | 000,000,000 | ---D | C] -- C:\Users\Stephanie\AppData\Local\{567BB608-E1DC-4272-9DD0-6066FC42988B}
[2012/02/23 12:11:19 | 000,000,000 | ---D | C] -- C:\Users\Stephanie\AppData\Local\{0AE2DBB3-2C92-4FF1-836A-886A380C5CF0}
[2012/02/23 12:11:18 | 000,000,000 | ---D | C] -- C:\Users\Stephanie\AppData\Local\{A4A86364-B68F-4BC2-9D2E-B16A30EA8D9E}
[2012/02/23 11:28:18 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/22 16:32:29 | 000,000,000 | ---D | C] -- C:\Users\Stephanie\Documents\Simply Super Software
[2012/02/22 11:48:33 | 000,000,000 | ---D | C] -- C:\Users\Stephanie\AppData\Roaming\AVG
[2012/02/16 01:54:59 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012/02/15 19:34:16 | 002,060,336 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Stephanie\Desktop\TDSSKiller.exe
[2012/02/13 11:06:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/02/13 11:05:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/02/06 16:04:42 | 000,000,000 | ---D | C] -- C:\Users\Stephanie\Desktop\Myth PPs
[2012/01/26 14:28:14 | 000,000,000 | ---D | C] -- C:\Users\Stephanie\Desktop\Oral Medicine
[2012/01/26 12:06:24 | 000,000,000 | ---D | C] -- C:\Users\Stephanie\AppData\Roaming\DiskAid
[2012/01/26 11:53:13 | 000,000,000 | ---D | C] -- C:\Users\Stephanie\Desktop\Music - iPod
[1 C:\Users\Stephanie\Desktop\*.tmp files -> C:\Users\Stephanie\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/23 20:09:11 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Stephanie\Desktop\OTL.exe
[2012/02/23 20:00:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/23 17:21:36 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/02/23 15:28:18 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/23 15:28:18 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/23 15:19:27 | 2810,740,736 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/23 13:57:02 | 004,417,295 | R--- | M] (Swearware) -- C:\Users\Stephanie\Desktop\ComboFix.exe
[2012/02/23 13:43:20 | 000,568,832 | ---- | M] () -- C:\Users\Stephanie\Desktop\BTKR_RunBox.exe
[2012/02/23 13:41:56 | 000,000,512 | ---- | M] () -- C:\Users\Stephanie\Desktop\MBR.dat
[2012/02/23 13:32:03 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Stephanie\Desktop\aswMBR.exe
[2012/02/23 10:48:53 | 002,060,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Stephanie\Desktop\TDSSKiller.exe
[2012/02/23 10:47:45 | 002,041,519 | ---- | M] () -- C:\Users\Stephanie\Desktop\tdsskiller.zip
[2012/02/22 19:06:51 | 000,627,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/22 19:06:51 | 000,107,366 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/22 10:29:06 | 000,001,029 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/16 11:10:49 | 000,409,304 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/01/24 23:45:13 | 000,001,208 | ---- | M] () -- C:\Users\Stephanie\Desktop\Spybot - Search & Destroy.lnk
[1 C:\Users\Stephanie\Desktop\*.tmp files -> C:\Users\Stephanie\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/23 15:02:36 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/23 15:02:36 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/23 15:02:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/23 15:02:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/23 15:02:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/23 13:43:19 | 000,568,832 | ---- | C] () -- C:\Users\Stephanie\Desktop\BTKR_RunBox.exe
[2012/02/23 13:41:56 | 000,000,512 | ---- | C] () -- C:\Users\Stephanie\Desktop\MBR.dat
[2012/02/23 10:47:37 | 002,041,519 | ---- | C] () -- C:\Users\Stephanie\Desktop\tdsskiller.zip
[2012/02/22 16:32:28 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2012/02/22 16:32:28 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar3.dll
[2012/02/22 16:32:28 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2012/02/22 16:32:28 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2012/02/22 10:29:06 | 000,001,029 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/30 18:15:27 | 000,001,420 | -HS- | C] () -- C:\Users\Stephanie\AppData\Local\dnk32af86pm3ibfhwdpn718537f4qpv130p30bwvxt1
[2011/12/30 18:15:27 | 000,001,420 | -HS- | C] () -- C:\ProgramData\dnk32af86pm3ibfhwdpn718537f4qpv130p30bwvxt1
[2011/12/30 12:23:41 | 000,001,400 | -HS- | C] () -- C:\Users\Stephanie\AppData\Local\270ada28s631jp14y5rpx6e834418a01p1736
[2011/12/30 12:23:41 | 000,001,400 | -HS- | C] () -- C:\ProgramData\270ada28s631jp14y5rpx6e834418a01p1736
[2011/11/23 15:45:58 | 000,004,608 | ---- | C] () -- C:\Users\Stephanie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/29 10:17:06 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/05/29 10:15:57 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010/11/28 17:04:01 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010/11/28 17:04:01 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys

========== LOP Check ==========

[2012/01/17 20:31:37 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\56959
[2009/10/26 22:17:44 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\acccore
[2012/02/22 11:49:05 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\AVG
[2012/01/17 20:31:37 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\C2656
[2012/01/26 12:06:24 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\DiskAid
[2011/09/28 18:39:57 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\DriverFinder
[2010/06/18 20:01:51 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\Facebook
[2009/10/26 22:17:47 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\goombah
[2010/10/25 15:48:06 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\ooVoo Details
[2010/12/19 23:30:39 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\PCDr
[2010/02/02 21:00:52 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\Research In Motion
[2009/10/26 22:18:28 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\Ruckus Network
[2010/11/28 17:22:12 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\Samsung
[2011/06/27 19:19:28 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\SecondLife
[2008/09/17 16:47:14 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\tmp
[2009/10/26 22:18:29 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\TomTom
[2010/03/14 14:10:29 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\Uniblue
[2012/01/20 13:43:42 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\Video Converter Pro
[2012/01/24 20:37:34 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/06/10 16:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2010/11/20 07:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2009/10/27 01:47:26 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/02/23 17:23:24 | 000,012,855 | ---- | M] () -- C:\ComboFix.txt
[2009/06/10 16:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/07/27 03:13:01 | 000,005,282 | RH-- | M] () -- C:\dell.sdr
[2012/02/23 15:19:27 | 2810,740,736 | -HS- | M] () -- C:\hiberfil.sys
[2009/01/16 13:34:22 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/01/20 20:12:47 | 000,001,912 | -H-- | M] () -- C:\IPH.PH
[2009/01/16 13:34:22 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/02/23 15:19:33 | 3747,655,680 | -HS- | M] () -- C:\pagefile.sys
[2008/07/27 00:55:42 | 000,000,071 | ---- | M] () -- C:\SystemInfo.ini
[2012/02/23 11:29:33 | 000,087,152 | ---- | M] () -- C:\TDSSKiller.2.7.13.0_23.02.2012_10.59.56_log.txt
[2010/02/22 14:56:56 | 000,000,347 | ---- | M] () -- C:\WirelessDiagLog.csv

< %systemroot%\Fonts\*.com >
[2009/07/13 23:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 23:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 23:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 23:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 16:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 03:46:04 | 000,070,144 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\1_CNBPP3.DLL
[2006/11/02 03:46:04 | 000,070,144 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\2_CNBPP3.DLL
[2006/11/02 03:46:04 | 000,070,144 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\3_CNBPP3.DLL
[2006/11/02 03:46:04 | 000,070,144 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\4_CNBPP3.DLL
[2006/11/02 03:46:04 | 000,070,144 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\5_CNBPP3.DLL
[2006/11/02 03:46:04 | 000,070,144 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\6_CNBPP3.DLL
[2006/11/02 03:46:04 | 000,070,144 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNBPP3.DLL
[2009/03/17 05:00:00 | 000,027,648 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNMPD9W.DLL
[2009/03/17 05:00:00 | 000,070,656 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNMPP9W.DLL
[2009/07/13 20:15:25 | 000,319,488 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpfppw73.dll
[2007/03/28 13:57:34 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzpp5ha.dll
[2009/07/13 20:15:26 | 000,280,064 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzppw71.dll
[2009/07/13 20:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2003/07/21 09:13:34 | 000,078,336 | ---- | M] () -- C:\Windows\system32\spool\prtprocs\w32x86\LXBFPP5C.DLL
[2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll
[2010/11/20 07:21:36 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/05/13 15:42:24 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2009/07/17 16:01:00 | 000,225,280 | ---- | M] (TODO: <Company name>) -- C:\Users\Stephanie\AppData\Roaming\Microsoft\AdjMmsVista.dll

< %PROGRAMFILES%\*.* >
[2009/07/13 23:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/06/30 17:08:31 | 000,000,286 | -HS- | M] () -- C:\Users\Stephanie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
[2011/04/16 15:08:23 | 000,000,221 | -HS- | M] () -- C:\Users\Stephanie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/02/23 13:32:03 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Stephanie\Desktop\aswMBR.exe
[2012/02/23 13:43:20 | 000,568,832 | ---- | M] () -- C:\Users\Stephanie\Desktop\BTKR_RunBox.exe
[2012/02/23 13:57:02 | 004,417,295 | R--- | M] (Swearware) -- C:\Users\Stephanie\Desktop\ComboFix.exe
[2012/02/23 20:09:11 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Stephanie\Desktop\OTL.exe
[2012/02/23 10:48:53 | 002,060,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Stephanie\Desktop\TDSSKiller.exe
[1 C:\Users\Stephanie\Desktop\*.tmp files -> C:\Users\Stephanie\Desktop\*.tmp -> ]

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2011/05/29 10:53:53 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2011/05/29 10:53:53 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2011/05/29 10:53:52 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2011/05/29 10:53:53 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2011/05/29 10:53:52 | 000,786,432 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
[2011/05/29 10:53:53 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2012/02/16 11:11:28 | 000,000,402 | -HS- | M] () -- C:\Users\Stephanie\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >
 
OTL log (part 2)

< %ALLUSERSPROFILE%\*.dat /x >
[2011/12/30 12:23:46 | 000,001,400 | -HS- | M] () -- C:\ProgramData\270ada28s631jp14y5rpx6e834418a01p1736
[2011/12/30 18:15:27 | 000,001,420 | -HS- | M] () -- C:\ProgramData\dnk32af86pm3ibfhwdpn718537f4qpv130p30bwvxt1
[2011/02/04 13:20:46 | 000,012,429 | ---- | M] () -- C:\ProgramData\hpzinstall.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >
[2007/08/13 04:05:24 | 000,600,328 | ---- | M] (Intel Corporation) -- C:\Windows\Installer\iProInst.exe
[3 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >
 
Extras log

OTL Extras logfile created on: 2/23/2012 8:11:28 PM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Stephanie\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 67.15% Memory free
6.98 Gb Paging File | 5.96 Gb Available in Paging File | 85.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.32 Gb Total Space | 153.51 Gb Free Space | 69.68% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.90 Gb Free Space | 49.05% Space Free | Partition Type: NTFS

Computer Name: STEPHANIE-PC | User Name: Stephanie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-513177211-2312190473-767099015-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{255909FA-8E58-4BC2-A83A-3C71EB5DD6EC}" = EarthLink Setup Files
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 24
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B639110D-747F-40DC-9682-95D94EF73790}" = dj_sf_software
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{B9ECA41B-55CC-4654-B6B5-6731D009EC69}" = NTI Backup Now EZ
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"AIM_7" = AIM 7
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"GoToAssist" = GoToAssist 8.0.0.514
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallShield_{B9ECA41B-55CC-4654-B6B5-6731D009EC69}" = NTI Backup Now EZ
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"ProInst" = Intel(R) PROSet/Wireless Software
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SpywareBlaster_is1" = SpywareBlaster 4.2
"TVWiz" = Intel(R) TV Wizard
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-513177211-2312190473-767099015-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/22/2012 9:33:31 PM | Computer Name = Stephanie-PC | Source = Windows Backup | ID = 4104
Description =

Error - 2/22/2012 11:46:22 PM | Computer Name = Stephanie-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 10.0.2.4428 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1384 Start
Time: 01ccf1d1cdbcf0b2 Termination Time: 60000 Application Path: C:\Program Files\Mozilla
Firefox\firefox.exe Report Id: c2c70656-5dd0-11e1-b0cf-001d095e1261

Error - 2/22/2012 11:56:03 PM | Computer Name = Stephanie-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/23/2012 11:11:21 AM | Computer Name = Stephanie-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/23/2012 12:31:17 PM | Computer Name = Stephanie-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/23/2012 2:11:53 PM | Computer Name = Stephanie-PC | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "C:\Program Files\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2. Multiple
requestedPrivileges elements are not allowed in manifest.

Error - 2/23/2012 2:13:55 PM | Computer Name = Stephanie-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 2/23/2012 3:17:44 PM | Computer Name = Stephanie-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/23/2012 4:08:22 PM | Computer Name = Stephanie-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/23/2012 4:19:51 PM | Computer Name = Stephanie-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 1/7/2010 12:25:01 AM | Computer Name = Stephanie-PC | Source = MCUpdate | ID = 0
Description = 11:25:00 PM - Error connecting to the internet. 11:25:00 PM - Unable
to contact server..

Error - 1/12/2010 1:57:55 PM | Computer Name = Stephanie-PC | Source = MCUpdate | ID = 0
Description = 12:57:55 PM - Error connecting to the internet. 12:57:55 PM - Unable
to contact server..

Error - 1/12/2010 1:58:04 PM | Computer Name = Stephanie-PC | Source = MCUpdate | ID = 0
Description = 12:58:00 PM - Error connecting to the internet. 12:58:00 PM - Unable
to contact server..

Error - 1/12/2010 2:58:11 PM | Computer Name = Stephanie-PC | Source = MCUpdate | ID = 0
Description = 1:58:11 PM - Error connecting to the internet. 1:58:11 PM - Unable
to contact server..

Error - 1/12/2010 2:58:19 PM | Computer Name = Stephanie-PC | Source = MCUpdate | ID = 0
Description = 1:58:16 PM - Error connecting to the internet. 1:58:16 PM - Unable
to contact server..

Error - 1/17/2010 8:36:46 PM | Computer Name = Stephanie-PC | Source = MCUpdate | ID = 0
Description = 7:36:45 PM - Failed to retrieve MCEClientUX (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 2/2/2010 8:41:34 PM | Computer Name = Stephanie-PC | Source = MCUpdate | ID = 0
Description = 7:41:34 PM - Failed to retrieve Directory (Error: The remote name
could not be resolved: 'data.tvdownload.microsoft.com')

Error - 2/2/2010 8:42:11 PM | Computer Name = Stephanie-PC | Source = MCUpdate | ID = 0
Description = 7:41:59 PM - Failed to retrieve ClientUpdate (Error: The remote name
could not be resolved: 'data.tvdownload.microsoft.com')

Error - 2/2/2010 8:42:33 PM | Computer Name = Stephanie-PC | Source = MCUpdate | ID = 0
Description = 7:42:23 PM - Failed to retrieve NetTV (Error: The remote name could
not be resolved: 'data.tvdownload.microsoft.com')

Error - 2/15/2010 1:43:24 PM | Computer Name = Stephanie-PC | Source = MCUpdate | ID = 0
Description = 12:43:19 PM - Failed to retrieve SportsV2 (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


[ System Events ]
Error - 2/23/2012 6:23:33 PM | Computer Name = Stephanie-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535

Error - 2/23/2012 9:00:49 PM | Computer Name = Stephanie-PC | Source = PNRPSvc | ID = 102
Description =

Error - 2/23/2012 9:00:49 PM | Computer Name = Stephanie-PC | Source = PNRPSvc | ID = 102
Description =

Error - 2/23/2012 9:00:50 PM | Computer Name = Stephanie-PC | Source = PNRPSvc | ID = 102
Description =

Error - 2/23/2012 9:00:49 PM | Computer Name = Stephanie-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 2/23/2012 9:00:49 PM | Computer Name = Stephanie-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535

Error - 2/23/2012 9:00:49 PM | Computer Name = Stephanie-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 2/23/2012 9:00:49 PM | Computer Name = Stephanie-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535

Error - 2/23/2012 9:00:50 PM | Computer Name = Stephanie-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 2/23/2012 9:00:50 PM | Computer Name = Stephanie-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535


< End of report >
 
Answer to your question

Computer is running well, just a couple minor problems stated below. Before I had uninstalled AVG, I hadn't been getting Threat Alert pop ups anymore, so that's great. I don't believe I've been getting random pop-ups while on the internet and haven't gotten re-directed through searches, so that's great too.

1) My touchpad scroll doesn't work anymore.
2) I used to be able to right click and left click at the same time to open links into a new tab and can't do that anymore.

Also some icons are missing in the cache, which I don't mind because I don't even remember what they were, I'm just saying in case it matters. The only one I had remembered missing was Dell QuickSet, so when I change the volume I can see at what level it's at. I put that back and is working normally.


---Edit---
I shut down and turned on the comp, the scroll and click work now. The other icons are also back in the cache. Sorry, never mind!


Thank you for all your help so far :)
 
1) My touchpad scroll doesn't work anymore.
2) I used to be able to right click and left click at the same time to open links into a new tab and can't do that anymore.
It'd be a subject to a different forum.
Possibly reinstalling touchpad drivers will help.

You can reinstall AVG now.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49192
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49192
    IE - HKU\S-1-5-21-513177211-2312190473-767099015-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:58444
    O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - Reg Error: Value error. File not found
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    [2011/12/30 18:15:27 | 000,001,420 | -HS- | C] () -- C:\Users\Stephanie\AppData\Local\dnk32af86pm3ibfhwdpn718537f4qpv130p30bwvxt 1
    [2011/12/30 18:15:27 | 000,001,420 | -HS- | C] () -- C:\ProgramData\dnk32af86pm3ibfhwdpn718537f4qpv130p30bwvxt1
    [2011/12/30 12:23:41 | 000,001,400 | -HS- | C] () -- C:\Users\Stephanie\AppData\Local\270ada28s631jp14y5rpx6e834418a01p1736
    [2011/12/30 12:23:41 | 000,001,400 | -HS- | C] () -- C:\ProgramData\270ada28s631jp14y5rpx6e834418a01p1736
    [2012/01/17 20:31:37 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\56959
    [2012/01/17 20:31:37 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\C2656
    [2010/03/14 14:10:29 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\Uniblue
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0B4227B4
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

====================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
OTL log

All processes killed
========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-21-513177211-2312190473-767099015-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85d1f590-48f4-11d9-9669-0800200c9a66}\ not found.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\Windows\Downloaded Program Files\OnlineScanner.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
File C:\Users\Stephanie\AppData\Local\dnk32af86pm3ibfhwdpn718537f4qpv130p30bwvxt 1 not found.
C:\ProgramData\dnk32af86pm3ibfhwdpn718537f4qpv130p30bwvxt1 moved successfully.
C:\Users\Stephanie\AppData\Local\270ada28s631jp14y5rpx6e834418a01p1736 moved successfully.
C:\ProgramData\270ada28s631jp14y5rpx6e834418a01p1736 moved successfully.
C:\Users\Stephanie\AppData\Roaming\56959 folder moved successfully.
C:\Users\Stephanie\AppData\Roaming\C2656 folder moved successfully.
C:\Users\Stephanie\AppData\Roaming\Uniblue\RegistryBooster\_temp folder moved successfully.
C:\Users\Stephanie\AppData\Roaming\Uniblue\RegistryBooster\history folder moved successfully.
C:\Users\Stephanie\AppData\Roaming\Uniblue\RegistryBooster\backup folder moved successfully.
C:\Users\Stephanie\AppData\Roaming\Uniblue\RegistryBooster folder moved successfully.
C:\Users\Stephanie\AppData\Roaming\Uniblue folder moved successfully.
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
ADS C:\ProgramData\TEMP:5C321E34 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Stephanie
->Temp folder emptied: 406517043 bytes
->Temporary Internet Files folder emptied: 1032534097 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 55977595 bytes
->Apple Safari cache emptied: 4176896 bytes
->Flash cache emptied: 4855 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 124 bytes
RecycleBin emptied: 3632927 bytes

Total Files Cleaned = 1,433.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Stephanie
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Stephanie
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.33.2 log created on 02232012_234509

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
SecurityCheck log

Results of screen317's Security Check version 0.99.24
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG 2012
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:

SpywareBlaster 4.2
Spybot - Search & Destroy
SpywareBlaster 4.2 Out of Date!
Java(TM) 6 Update 24
Out of date Java installed!
Adobe Flash Player 11.1.102.55
````````````````````````````````
Process Check:
objlist.exe by Laurent

Spybot Teatimer.exe is disabled!
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````
 
Back