TechSpot

AVG threat detected: Trojan Horse Crypt.AQLW, Internet pops up sites on tab

By Steph19
Feb 22, 2012
  1. Hello everyone, this is my first post here. I've removed a virus on a different computer a couple of years ago through cybertechhelp.com but for some reason I can't access that website, not sure if it's just generally not working, so I found you guys :)

    I get constant AVG Threat Detected alerts stating threat name "Trojan Horse Crypt.AQLW" and "win32/Sirefref.ER".
    All of them are "C:\windows\system32\(different letters each time).dll"
    Also got "C:\users\stephanie\appdata\roaming\KB00426009.exe"
    I move them to the vault and remove them each time, but constantly popping up new ones.

    While I'm on the internet, tabs pop up to different random sites without me clicking on anything. Google/Yahoo links redirect me to a different site (not the one I clicked).

    I'll start posting my logs after this post.

    Truly appreciate your help.
     
  2. Steph19

    Steph19 TS Rookie Topic Starter Posts: 22

    Malwarebytes Anti-Malware Log

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.02.22.03

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Stephanie :: STEPHANIE-PC [administrator]

    2/22/2012 7:51:16 PM
    mbam-log-2012-02-22 (19-51-16).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 182628
    Time elapsed: 5 minute(s), 56 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  3. Steph19

    Steph19 TS Rookie Topic Starter Posts: 22

    GMER log

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-02-22 19:42:59
    Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.01.0
    Running: 2ml4rceb.exe; Driver: C:\Users\STEPHA~1\AppData\Local\Temp\kwdiruob.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
    Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    ---- Processes - GMER 1.0.15 ----

    Process PING.EXE (*** hidden *** ) 3764

    ---- EOF - GMER 1.0.15 ----
     
  4. Steph19

    Steph19 TS Rookie Topic Starter Posts: 22

    DDS

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
    Run by Stephanie at 19:46:03 on 2012-02-22
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3574.2281 [GMT -5:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\LEXBCES.EXE
    C:\Windows\System32\LEXPPS.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\aestsrv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    C:\Windows\system32\CTsvcCDA.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\Program Files\AVG\AVG2012\avgemcx.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Windows\system32\STacSV.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\DellTPad\Apoint.exe
    C:\Windows\OEM02Mon.exe
    C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
    C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
    C:\Windows\System32\StikyNot.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080727
    uStart Page = hxxp://www.yahoo.com/
    uWindow Title = Internet Explorer provided by Dell
    uInternet Settings,ProxyOverride = *.local
    uInternet Settings,ProxyServer = http=127.0.0.1:58444
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
    uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
    mRun: [Apoint] c:\program files\delltpad\Apoint.exe
    mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
    mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
    mRun: [UpdReg] c:\windows\UpdReg.EXE
    mRun: [VolPanel] "c:\program files\creative\sbaudigy\volume panel\VolPanlu.exe" /r
    mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    dRun: [dplaysvr] c:\windows\system32\config\systemprofile\appdata\local\dplaysvr.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
    IE: {85d1f590-48f4-11d9-9669-0800200c9a66}
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    LSP: mswsock.dll
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
    TCP: Interfaces\{B9AB5326-DD3A-4AFE-9181-F079A36DB03C} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
    TCP: Interfaces\{B9AB5326-DD3A-4AFE-9181-F079A36DB03C}\038364850333033393838373 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{B9AB5326-DD3A-4AFE-9181-F079A36DB03C}\36F6D636163747 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{B9AB5326-DD3A-4AFE-9181-F079A36DB03C}\64249402355727675696C6C616E63656026516E602321323 : DhcpNameServer = 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
    Notify: igfxcui - igfxdev.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\stephanie\appdata\roaming\mozilla\firefox\profiles\svaf87ir.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=
    FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
    FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\nptgeqplugin.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
    FF - plugin: c:\program files\nos\bin\np_gp.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\stephanie\appdata\roaming\facebook\npfbplugin_1_0_3.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2010-3-18 73728]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-4-28 161048]
    R2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files\newtech infosystems\backup now ez\BackupNowEZSvr.exe [2009-9-19 45312]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-7-27 111616]
    R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
    S2 lpx;Epsonbidirectionalagent;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-1-24 1153368]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-11-28 36608]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-5-29 15872]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-29 52224]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-4 1343400]
    .
    =============== Created Last 30 ================
    .
    2012-02-22 21:32:28 77312 ----a-w- c:\windows\system32\ztvunace26.dll
    2012-02-22 21:32:28 75264 ----a-w- c:\windows\system32\unacev2.dll
    2012-02-22 21:32:28 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
    2012-02-22 21:32:28 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
    2012-02-22 21:32:28 153088 ----a-w- c:\windows\system32\unrar3.dll
    2012-02-22 19:28:35 -------- d--h--w- c:\users\stephanie\appdata\roaming\A7BF3979
    2012-02-22 16:48:33 -------- d-----w- c:\users\stephanie\appdata\roaming\AVG
    2012-02-16 16:53:24 139776 ----a-w- c:\programdata\microsoft\windows\drm\14C8.tmp
    2012-02-16 06:54:59 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-02-16 02:42:35 478720 ----a-w- c:\windows\system32\timedate.cpl
    2012-02-16 02:42:33 690688 ----a-w- c:\windows\system32\msvcrt.dll
    2012-02-16 02:42:31 442880 ----a-w- c:\windows\system32\ntshrui.dll
    2012-02-16 02:42:30 2343424 ----a-w- c:\windows\system32\win32k.sys
    2012-02-13 16:05:06 -------- d-----w- c:\program files\iPod
    2012-02-12 21:38:44 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
    2012-01-26 17:06:24 -------- d-----w- c:\users\stephanie\appdata\roaming\DiskAid
    2012-01-24 23:15:57 -------- d-----w- c:\program files\LP
    2012-01-24 19:53:11 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2012-01-24 19:53:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
    .
    ==================== Find3M ====================
    .
    2012-02-12 21:38:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-12-14 03:04:54 1798656 ----a-w- c:\windows\system32\jscript9.dll
    2011-12-14 02:57:18 1127424 ----a-w- c:\windows\system32\wininet.dll
    2011-12-14 02:56:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-12-14 02:50:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    ============= FINISH: 19:47:15.44 ===============
     
  5. Steph19

    Steph19 TS Rookie Topic Starter Posts: 22

    Attach log

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume3
    Install Date: 10/26/2009 11:37:38 PM
    System Uptime: 2/22/2012 7:18:21 PM (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0U990C
    Processor: Intel(R) Core(TM)2 Duo CPU T8300 @ 2.40GHz | Microprocessor | 2401/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 220 GiB total, 153.541 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 4.904 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP309: 2/22/2012 6:53:16 PM - Windows Update
    RP310: 2/22/2012 7:06:01 PM - Had Trojan virus?
    RP311: 2/22/2012 7:14:18 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.5.0
    Adobe Shockwave Player 11.6
    Advanced Audio FX Engine
    Advanced Video FX Engine
    AIM 7
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AVG 2012
    Banctec Service Agreement
    Bonjour
    Conexant HDA D330 MDC V.92 Modem
    Creative MediaSource 5
    D3DX10
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Dell-eBay
    Dell DataSafe Online
    Dell Dock
    Dell Getting Started Guide
    Dell Touchpad
    Dell Webcam Center
    Dell Webcam Manager
    Digital Line Detect
    dj_sf_software
    Download Updater (AOL LLC)
    EarthLink Setup Files
    EDocs
    Facebook Plug-In
    GoToAssist 8.0.0.514
    iCloud
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PROSet/Wireless Software
    Intel(R) TV Wizard
    Intel® Matrix Storage Manager
    iTunes
    Java(TM) 6 Update 24
    Laptop Integrated Webcam Driver (1.04.01.1011)
    Live! Cam Avatar Creator
    Live! Cam Avatar v1.0
    Malwarebytes Anti-Malware version 1.60.1.1000
    mCore
    MediaDirect
    mHelp
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    mMHouse
    MobileMe Control Panel
    Modem Diagnostic Tool
    Mozilla Firefox 10.0.2 (x86 en-US)
    mPfMgr
    MSVCRT
    mWMI
    NetWaiting
    NTI Backup Now EZ
    OGA Notifier 2.0.0048.0
    OutlookAddinSetup
    QuickSet
    QuickTime
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    SAMSUNG USB Driver for Mobile Phones
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
    SigmaTel Audio
    Skype Click to Call
    Skype™ 5.5
    Sound Blaster Audigy ADVANCED MB
    Spybot - Search & Destroy
    SpywareBlaster 4.2
    swMSM
    TBS WMP Plug-in
    UnloadSupport
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
    Update for Microsoft Outlook Social Connector (KB2583935)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Media Player Firefox Plugin
    Yahoo! Messenger
    .
    2/22/2012 4:25:02 PM, Error: Service Control Manager [7023] - The Erecoveryservice service terminated with the following error: Access is denied.
    2/22/2012 4:24:59 PM, Error: Service Control Manager [7023] - The NWSAP service terminated with the following error: Access is denied.
    2/22/2012 4:24:59 PM, Error: Service Control Manager [7023] - The ESDCR service terminated with the following error: Access is denied.
    2/22/2012 12:59:36 PM, Error: Service Control Manager [7023] - The S217unic service terminated with the following error: Access is denied.
    2/22/2012 12:44:36 PM, Error: Service Control Manager [7023] - The Avgems service terminated with the following error: Access is denied.
    2/22/2012 12:29:36 PM, Error: Service Control Manager [7023] - The Lvprcsrv service terminated with the following error: Access is denied.
    2/22/2012 12:14:36 PM, Error: Service Control Manager [7023] - The ATIVTUTW service terminated with the following error: Access is denied.
    2/22/2012 11:59:36 AM, Error: Service Control Manager [7023] - The Vwlogger service terminated with the following error: Access is denied.
    2/22/2012 11:44:36 AM, Error: Service Control Manager [7023] - The Se45mgmt service terminated with the following error: Access is denied.
    2/22/2012 11:29:37 AM, Error: Service Control Manager [7023] - The CDRPDACC service terminated with the following error: Access is denied.
    2/22/2012 11:28:44 AM, Error: Service Control Manager [7023] - The NTSIM service terminated with the following error: Access is denied.
    2/22/2012 1:59:36 PM, Error: Service Control Manager [7023] - The Se2Dnd5 service terminated with the following error: Access is denied.
    2/22/2012 1:44:36 PM, Error: Service Control Manager [7023] - The Ser2pl service terminated with the following error: Access is denied.
    2/22/2012 1:29:36 PM, Error: Service Control Manager [7023] - The Rdnaoflsvc service terminated with the following error: Access is denied.
    2/22/2012 1:14:36 PM, Error: Service Control Manager [7023] - The Servidor service terminated with the following error: Access is denied.
    2/16/2012 2:17:19 PM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
    .
    ==== End Of File ===========================
     
  6. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ================================================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  7. Steph19

    Steph19 TS Rookie Topic Starter Posts: 22

    TDSS Killer Log

    10:59:56.0911 5228 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
    10:59:57.0254 5228 ============================================================
    10:59:57.0254 5228 Current date / time: 2012/02/23 10:59:57.0254
    10:59:57.0254 5228 SystemInfo:
    10:59:57.0254 5228
    10:59:57.0255 5228 OS Version: 6.1.7601 ServicePack: 1.0
    10:59:57.0255 5228 Product type: Workstation
    10:59:57.0255 5228 ComputerName: STEPHANIE-PC
    10:59:57.0255 5228 UserName: Stephanie
    10:59:57.0255 5228 Windows directory: C:\Windows
    10:59:57.0255 5228 System windows directory: C:\Windows
    10:59:57.0255 5228 Processor architecture: Intel x86
    10:59:57.0255 5228 Number of processors: 2
    10:59:57.0255 5228 Page size: 0x1000
    10:59:57.0256 5228 Boot type: Normal boot
    10:59:57.0256 5228 ============================================================
    10:59:57.0740 5228 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    10:59:57.0745 5228 \Device\Harddisk0\DR0:
    10:59:57.0746 5228 MBR used
    10:59:57.0746 5228 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x23800, BlocksNum 0x1400000
    10:59:57.0746 5228 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1423800, BlocksNum 0x1B8A17F8
    10:59:57.0853 5228 Initialize success
    10:59:57.0853 5228 ============================================================
    11:03:21.0488 1224 ============================================================
    11:03:21.0488 1224 Scan started
    11:03:21.0488 1224 Mode: Manual;
    11:03:21.0488 1224 ============================================================
    11:03:22.0134 1224 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
    11:03:22.0141 1224 1394ohci - ok
    11:03:22.0232 1224 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
    11:03:22.0239 1224 ACPI - ok
    11:03:22.0291 1224 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
    11:03:22.0295 1224 AcpiPmi - ok
    11:03:22.0376 1224 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
    11:03:22.0395 1224 adp94xx - ok
    11:03:22.0439 1224 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
    11:03:22.0448 1224 adpahci - ok
    11:03:22.0485 1224 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
    11:03:22.0490 1224 adpu320 - ok
    11:03:22.0576 1224 AFD (38e947c26cd0f8fa9acee13474e38cd8) C:\Windows\system32\drivers\afd.sys
    11:03:22.0581 1224 Suspicious file (Forged): C:\Windows\system32\drivers\afd.sys. Real md5: 38e947c26cd0f8fa9acee13474e38cd8, Fake md5: 9ebbba55060f786f0fcaa3893bfa2806
    11:03:22.0584 1224 AFD ( Virus.Win32.ZAccess.k ) - infected
    11:03:22.0585 1224 AFD - detected Virus.Win32.ZAccess.k (0)
    11:03:22.0638 1224 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
    11:03:22.0642 1224 agp440 - ok
    11:03:22.0710 1224 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
    11:03:22.0713 1224 aic78xx - ok
    11:03:22.0807 1224 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
    11:03:22.0810 1224 aliide - ok
    11:03:22.0853 1224 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
    11:03:22.0857 1224 amdagp - ok
    11:03:22.0898 1224 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
    11:03:22.0901 1224 amdide - ok
    11:03:22.0974 1224 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
    11:03:22.0978 1224 AmdK8 - ok
    11:03:23.0013 1224 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
    11:03:23.0017 1224 AmdPPM - ok
    11:03:23.0066 1224 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
    11:03:23.0071 1224 amdsata - ok
    11:03:23.0114 1224 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
    11:03:23.0120 1224 amdsbs - ok
    11:03:23.0144 1224 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
    11:03:23.0147 1224 amdxata - ok
    11:03:23.0217 1224 ApfiltrService (a80230bd04f0b8bf05185b369bb1cbb8) C:\Windows\system32\DRIVERS\Apfiltr.sys
    11:03:23.0242 1224 ApfiltrService - ok
    11:03:23.0303 1224 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
    11:03:23.0308 1224 AppID - ok
    11:03:23.0430 1224 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
    11:03:23.0434 1224 arc - ok
    11:03:23.0464 1224 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
    11:03:23.0468 1224 arcsas - ok
    11:03:23.0510 1224 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    11:03:23.0512 1224 AsyncMac - ok
    11:03:23.0564 1224 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
    11:03:23.0566 1224 atapi - ok
    11:03:23.0684 1224 AVGIDSDriver (f6878b90a8a9795116bce335238e65af) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
    11:03:23.0686 1224 AVGIDSDriver - ok
    11:03:23.0730 1224 AVGIDSEH (19a08a6728a6e02099d64268218cd799) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
    11:03:23.0731 1224 AVGIDSEH - ok
    11:03:23.0777 1224 AVGIDSFilter (f8927ab1dd086edeff2924a64dc89869) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
    11:03:23.0779 1224 AVGIDSFilter - ok
    11:03:23.0857 1224 AVGIDSShim (dadca567891033dcf2ec4a3f9da46ae4) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
    11:03:23.0859 1224 AVGIDSShim - ok
    11:03:23.0946 1224 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
    11:03:23.0948 1224 Avgldx86 - ok
    11:03:23.0977 1224 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
    11:03:23.0994 1224 Avgmfx86 - ok
    11:03:24.0055 1224 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
    11:03:24.0057 1224 Avgrkx86 - ok
    11:03:24.0136 1224 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
    11:03:24.0141 1224 Avgtdix - ok
    11:03:24.0279 1224 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
    11:03:24.0299 1224 b06bdrv - ok
    11:03:24.0352 1224 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
    11:03:24.0359 1224 b57nd60x - ok
    11:03:24.0422 1224 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    11:03:24.0424 1224 Beep - ok
    11:03:24.0463 1224 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    11:03:24.0465 1224 blbdrive - ok
    11:03:24.0584 1224 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
    11:03:24.0589 1224 bowser - ok
    11:03:24.0628 1224 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    11:03:24.0633 1224 BrFiltLo - ok
    11:03:24.0670 1224 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    11:03:24.0673 1224 BrFiltUp - ok
    11:03:24.0735 1224 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    11:03:24.0745 1224 Brserid - ok
    11:03:24.0780 1224 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    11:03:24.0783 1224 BrSerWdm - ok
    11:03:24.0825 1224 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    11:03:24.0828 1224 BrUsbMdm - ok
    11:03:24.0872 1224 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    11:03:24.0874 1224 BrUsbSer - ok
    11:03:24.0915 1224 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
    11:03:24.0918 1224 BTHMODEM - ok
    11:03:25.0006 1224 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    11:03:25.0010 1224 cdfs - ok
    11:03:25.0092 1224 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
    11:03:25.0097 1224 cdrom - ok
    11:03:25.0174 1224 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
    11:03:25.0177 1224 circlass - ok
    11:03:25.0279 1224 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    11:03:25.0286 1224 CLFS - ok
    11:03:25.0381 1224 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    11:03:25.0384 1224 CmBatt - ok
    11:03:25.0427 1224 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
    11:03:25.0430 1224 cmdide - ok
    11:03:25.0531 1224 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
    11:03:25.0537 1224 CNG - ok
    11:03:25.0606 1224 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    11:03:25.0608 1224 Compbatt - ok
    11:03:25.0678 1224 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
    11:03:25.0682 1224 CompositeBus - ok
    11:03:25.0729 1224 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
    11:03:25.0732 1224 crcdisk - ok
    11:03:25.0829 1224 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
    11:03:25.0849 1224 CSC - ok
    11:03:25.0950 1224 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
    11:03:25.0952 1224 DfsC - ok
    11:03:25.0979 1224 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    11:03:25.0980 1224 discache - ok
    11:03:26.0042 1224 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
    11:03:26.0071 1224 Disk - ok
    11:03:26.0159 1224 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    11:03:26.0161 1224 drmkaud - ok
    11:03:26.0219 1224 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
    11:03:26.0226 1224 DXGKrnl - ok
    11:03:26.0407 1224 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
    11:03:26.0514 1224 ebdrv - ok
    11:03:26.0601 1224 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
    11:03:26.0619 1224 elxstor - ok
    11:03:26.0676 1224 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
    11:03:26.0678 1224 ErrDev - ok
    11:03:26.0779 1224 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    11:03:26.0783 1224 exfat - ok
    11:03:26.0820 1224 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    11:03:26.0823 1224 fastfat - ok
    11:03:26.0863 1224 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
    11:03:26.0864 1224 fdc - ok
    11:03:26.0911 1224 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    11:03:26.0912 1224 FileInfo - ok
    11:03:26.0932 1224 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    11:03:26.0934 1224 Filetrace - ok
    11:03:26.0974 1224 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
    11:03:26.0976 1224 flpydisk - ok
    11:03:27.0003 1224 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    11:03:27.0006 1224 FltMgr - ok
    11:03:27.0032 1224 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    11:03:27.0034 1224 FsDepends - ok
    11:03:27.0082 1224 FsUsbExDisk (cbe5f69a5e5b918225f420ba748f3742) C:\Windows\system32\FsUsbExDisk.SYS
    11:03:27.0112 1224 FsUsbExDisk - ok
    11:03:27.0131 1224 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
    11:03:27.0132 1224 Fs_Rec - ok
    11:03:27.0175 1224 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
    11:03:27.0179 1224 fvevol - ok
    11:03:27.0216 1224 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
    11:03:27.0219 1224 gagp30kx - ok
    11:03:27.0282 1224 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
    11:03:27.0283 1224 GEARAspiWDM - ok
    11:03:27.0315 1224 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    11:03:27.0318 1224 hcw85cir - ok
    11:03:27.0371 1224 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
    11:03:27.0373 1224 HDAudBus - ok
    11:03:27.0403 1224 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
    11:03:27.0405 1224 HidBatt - ok
    11:03:27.0436 1224 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
    11:03:27.0439 1224 HidBth - ok
    11:03:27.0478 1224 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
    11:03:27.0481 1224 HidIr - ok
    11:03:27.0523 1224 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
    11:03:27.0525 1224 HidUsb - ok
    11:03:27.0572 1224 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
    11:03:27.0574 1224 HpSAMD - ok
    11:03:27.0642 1224 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys
    11:03:27.0692 1224 HSF_DPV - ok
    11:03:27.0726 1224 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
    11:03:27.0731 1224 HSXHWAZL - ok
    11:03:27.0807 1224 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
    11:03:27.0817 1224 HTTP - ok
    11:03:27.0882 1224 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
    11:03:27.0884 1224 hwpolicy - ok
    11:03:27.0951 1224 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
    11:03:27.0954 1224 i8042prt - ok
    11:03:28.0047 1224 iaStor (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\DRIVERS\iaStor.sys
    11:03:28.0051 1224 iaStor - ok
    11:03:28.0107 1224 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
    11:03:28.0115 1224 iaStorV - ok
    11:03:28.0344 1224 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
    11:03:28.0501 1224 igfx - ok
    11:03:28.0568 1224 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
    11:03:28.0570 1224 iirsp - ok
    11:03:28.0668 1224 IntcHdmiAddService (98d303ccb3415e9202e82043b37d66dc) C:\Windows\system32\drivers\IntcHdmi.sys
    11:03:28.0673 1224 IntcHdmiAddService - ok
    11:03:28.0723 1224 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
    11:03:28.0727 1224 intelide - ok
    11:03:28.0777 1224 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
    11:03:28.0779 1224 intelppm - ok
    11:03:28.0807 1224 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    11:03:28.0810 1224 IpFilterDriver - ok
    11:03:28.0863 1224 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
    11:03:28.0866 1224 IPMIDRV - ok
    11:03:28.0892 1224 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    11:03:28.0895 1224 IPNAT - ok
    11:03:28.0969 1224 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    11:03:28.0971 1224 IRENUM - ok
    11:03:29.0015 1224 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
    11:03:29.0019 1224 isapnp - ok
    11:03:29.0075 1224 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
    11:03:29.0083 1224 iScsiPrt - ok
    11:03:29.0173 1224 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
    11:03:29.0176 1224 kbdclass - ok
    11:03:29.0219 1224 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
    11:03:29.0222 1224 kbdhid - ok
    11:03:29.0283 1224 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
    11:03:29.0284 1224 KSecDD - ok
    11:03:29.0324 1224 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
    11:03:29.0326 1224 KSecPkg - ok
    11:03:29.0407 1224 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    11:03:29.0411 1224 lltdio - ok
    11:03:29.0466 1224 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
    11:03:29.0469 1224 LSI_FC - ok
    11:03:29.0505 1224 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
    11:03:29.0508 1224 LSI_SAS - ok
    11:03:29.0550 1224 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    11:03:29.0552 1224 LSI_SAS2 - ok
    11:03:29.0599 1224 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    11:03:29.0604 1224 LSI_SCSI - ok
    11:03:29.0639 1224 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    11:03:29.0641 1224 luafv - ok
    11:03:29.0748 1224 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
    11:03:29.0750 1224 mdmxsdk - ok
    11:03:29.0777 1224 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
    11:03:29.0779 1224 megasas - ok
    11:03:29.0816 1224 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
    11:03:29.0821 1224 MegaSR - ok
    11:03:29.0841 1224 MEMSWEEP2 - ok
    11:03:29.0872 1224 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    11:03:29.0873 1224 Modem - ok
    11:03:29.0891 1224 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    11:03:29.0892 1224 monitor - ok
    11:03:29.0952 1224 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
    11:03:29.0953 1224 mouclass - ok
    11:03:29.0999 1224 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    11:03:30.0001 1224 mouhid - ok
    11:03:30.0054 1224 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
    11:03:30.0056 1224 mountmgr - ok
    11:03:30.0106 1224 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
    11:03:30.0110 1224 mpio - ok
    11:03:30.0139 1224 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    11:03:30.0142 1224 mpsdrv - ok
    11:03:30.0188 1224 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
    11:03:30.0192 1224 MRxDAV - ok
    11:03:30.0233 1224 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
    11:03:30.0239 1224 mrxsmb - ok
    11:03:30.0293 1224 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    11:03:30.0319 1224 mrxsmb10 - ok
    11:03:30.0373 1224 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    11:03:30.0378 1224 mrxsmb20 - ok
    11:03:30.0434 1224 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
    11:03:30.0437 1224 msahci - ok
    11:03:30.0490 1224 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
    11:03:30.0496 1224 msdsm - ok
    11:03:30.0548 1224 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    11:03:30.0550 1224 Msfs - ok
    11:03:30.0575 1224 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    11:03:30.0576 1224 mshidkmdf - ok
    11:03:30.0595 1224 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
    11:03:30.0597 1224 msisadrv - ok
    11:03:30.0657 1224 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    11:03:30.0659 1224 MSKSSRV - ok
    11:03:30.0702 1224 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    11:03:30.0706 1224 MSPCLOCK - ok
    11:03:30.0740 1224 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    11:03:30.0742 1224 MSPQM - ok
    11:03:30.0779 1224 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    11:03:30.0783 1224 MsRPC - ok
    11:03:30.0847 1224 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
    11:03:30.0849 1224 mssmbios - ok
    11:03:30.0921 1224 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    11:03:30.0925 1224 MSTEE - ok
    11:03:30.0963 1224 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
    11:03:30.0967 1224 MTConfig - ok
    11:03:31.0001 1224 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    11:03:31.0004 1224 Mup - ok
    11:03:31.0064 1224 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
    11:03:31.0072 1224 NativeWifiP - ok
    11:03:31.0161 1224 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
    11:03:31.0199 1224 NDIS - ok
    11:03:31.0234 1224 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
    11:03:31.0237 1224 NdisCap - ok
    11:03:31.0259 1224 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
    11:03:31.0260 1224 NdisTapi - ok
    11:03:31.0315 1224 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
    11:03:31.0319 1224 Ndisuio - ok
    11:03:31.0385 1224 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
    11:03:31.0389 1224 NdisWan - ok
    11:03:31.0425 1224 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
    11:03:31.0427 1224 NDProxy - ok
    11:03:31.0450 1224 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
    11:03:31.0453 1224 NetBIOS - ok
    11:03:31.0491 1224 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
    11:03:31.0494 1224 NetBT - ok
    11:03:31.0692 1224 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
    11:03:31.0828 1224 netw5v32 - ok
    11:03:31.0882 1224 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
    11:03:31.0885 1224 nfrd960 - ok
    11:03:31.0943 1224 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    11:03:31.0945 1224 Npfs - ok
    11:03:31.0970 1224 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
    11:03:31.0971 1224 nsiproxy - ok
    11:03:32.0082 1224 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
    11:03:32.0133 1224 Ntfs - ok
    11:03:32.0185 1224 NTIDrvr (6dcaa65f49ef3b97a5cffc0cb5de1c2f) C:\Windows\system32\drivers\NTIDrvr.sys
    11:03:32.0187 1224 NTIDrvr - ok
    11:03:32.0243 1224 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    11:03:32.0245 1224 Null - ok
    11:03:32.0307 1224 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
    11:03:32.0311 1224 nvraid - ok
    11:03:32.0363 1224 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
    11:03:32.0368 1224 nvstor - ok
    11:03:32.0431 1224 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
    11:03:32.0436 1224 nv_agp - ok
    11:03:32.0510 1224 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
    11:03:32.0520 1224 OEM02Dev - ok
    11:03:32.0562 1224 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
    11:03:32.0564 1224 OEM02Vfx - ok
    11:03:32.0602 1224 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
    11:03:32.0604 1224 ohci1394 - ok
    11:03:32.0695 1224 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    11:03:32.0697 1224 Parport - ok
    11:03:32.0744 1224 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
    11:03:32.0747 1224 partmgr - ok
    11:03:32.0774 1224 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    11:03:32.0776 1224 Parvdm - ok
    11:03:32.0831 1224 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
    11:03:32.0834 1224 pci - ok
    11:03:32.0851 1224 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
    11:03:32.0852 1224 pciide - ok
    11:03:32.0881 1224 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
    11:03:32.0886 1224 pcmcia - ok
    11:03:32.0910 1224 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    11:03:32.0911 1224 pcw - ok
    11:03:32.0947 1224 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    11:03:32.0960 1224 PEAUTH - ok
    11:03:33.0032 1224 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    11:03:33.0035 1224 PptpMiniport - ok
    11:03:33.0059 1224 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
    11:03:33.0061 1224 Processor - ok
    11:03:33.0131 1224 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    11:03:33.0134 1224 Psched - ok
    11:03:33.0178 1224 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
    11:03:33.0207 1224 PxHelp20 - ok
    11:03:33.0301 1224 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
    11:03:33.0398 1224 ql2300 - ok
    11:03:33.0435 1224 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
    11:03:33.0438 1224 ql40xx - ok
    11:03:33.0471 1224 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    11:03:33.0473 1224 QWAVEdrv - ok
    11:03:33.0496 1224 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    11:03:33.0498 1224 RasAcd - ok
    11:03:33.0541 1224 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    11:03:33.0543 1224 RasAgileVpn - ok
    11:03:33.0574 1224 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    11:03:33.0577 1224 Rasl2tp - ok
    11:03:33.0620 1224 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    11:03:33.0622 1224 RasPppoe - ok
    11:03:33.0647 1224 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    11:03:33.0650 1224 RasSstp - ok
    11:03:33.0704 1224 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
    11:03:33.0712 1224 rdbss - ok
    11:03:33.0736 1224 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    11:03:33.0738 1224 rdpbus - ok
    11:03:33.0786 1224 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
    11:03:33.0787 1224 RDPCDD - ok
    11:03:33.0840 1224 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
    11:03:33.0844 1224 RDPDR - ok
    11:03:33.0871 1224 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    11:03:33.0872 1224 RDPENCDD - ok
    11:03:33.0900 1224 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    11:03:33.0901 1224 RDPREFMP - ok
    11:03:33.0972 1224 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
    11:03:33.0974 1224 RdpVideoMiniport - ok
    11:03:34.0023 1224 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
    11:03:34.0027 1224 RDPWD - ok
    11:03:34.0092 1224 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
    11:03:34.0095 1224 rdyboost - ok
    11:03:34.0162 1224 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
    11:03:34.0166 1224 rimmptsk - ok
    11:03:34.0233 1224 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
    11:03:34.0237 1224 rimsptsk - ok
    11:03:34.0307 1224 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
    11:03:34.0310 1224 rismxdp - ok
    11:03:34.0389 1224 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    11:03:34.0393 1224 rspndr - ok
    11:03:34.0496 1224 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
    11:03:34.0500 1224 s3cap - ok
    11:03:34.0591 1224 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
    11:03:34.0596 1224 sbp2port - ok
    11:03:34.0693 1224 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
    11:03:34.0697 1224 scfilter - ok
    11:03:34.0767 1224 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
    11:03:34.0770 1224 sdbus - ok
    11:03:34.0838 1224 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    11:03:34.0840 1224 secdrv - ok
    11:03:34.0892 1224 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
    11:03:34.0894 1224 Serenum - ok
    11:03:34.0921 1224 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
    11:03:34.0924 1224 Serial - ok
    11:03:34.0977 1224 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
    11:03:34.0981 1224 sermouse - ok
    11:03:35.0050 1224 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
    11:03:35.0052 1224 sffdisk - ok
    11:03:35.0066 1224 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
    11:03:35.0068 1224 sffp_mmc - ok
    11:03:35.0082 1224 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\DRIVERS\sffp_sd.sys
    11:03:35.0084 1224 sffp_sd - ok
    11:03:35.0114 1224 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
    11:03:35.0116 1224 sfloppy - ok
    11:03:35.0169 1224 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
    11:03:35.0171 1224 sisagp - ok
    11:03:35.0213 1224 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    11:03:35.0216 1224 SiSRaid2 - ok
    11:03:35.0241 1224 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
    11:03:35.0244 1224 SiSRaid4 - ok
    11:03:35.0287 1224 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    11:03:35.0290 1224 Smb - ok
    11:03:35.0345 1224 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    11:03:35.0346 1224 spldr - ok
    11:03:35.0393 1224 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
    11:03:35.0400 1224 srv - ok
    11:03:35.0432 1224 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
    11:03:35.0438 1224 srv2 - ok
    11:03:35.0470 1224 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
    11:03:35.0473 1224 srvnet - ok
    11:03:35.0537 1224 sscdbus (86b6905742d77775b558ab19c091d181) C:\Windows\system32\DRIVERS\sscdbus.sys
    11:03:35.0540 1224 sscdbus - ok
    11:03:35.0578 1224 sscdmdfl (d6b1ca82860d2fa5558eb2c3fcf566ec) C:\Windows\system32\DRIVERS\sscdmdfl.sys
    11:03:35.0580 1224 sscdmdfl - ok
    11:03:35.0626 1224 sscdmdm (84cb615598553a146930cac8c10f9a31) C:\Windows\system32\DRIVERS\sscdmdm.sys
    11:03:35.0629 1224 sscdmdm - ok
    11:03:35.0700 1224 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
    11:03:35.0702 1224 stexstor - ok
    11:03:35.0781 1224 STHDA (5af135b2e2097d4494b9067ce84e2665) C:\Windows\system32\drivers\stwrt.sys
    11:03:35.0826 1224 STHDA - ok
    11:03:35.0911 1224 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
    11:03:35.0914 1224 storflt - ok
    11:03:35.0981 1224 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
    11:03:35.0984 1224 storvsc - ok
    11:03:36.0038 1224 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
    11:03:36.0040 1224 swenum - ok
    11:03:36.0100 1224 Synth3dVsc - ok
    11:03:36.0192 1224 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
    11:03:36.0202 1224 Tcpip - ok
    11:03:36.0268 1224 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
    11:03:36.0286 1224 TCPIP6 - ok
    11:03:36.0336 1224 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
    11:03:36.0338 1224 tcpipreg - ok
    11:03:36.0385 1224 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
    11:03:36.0388 1224 TDPIPE - ok
    11:03:36.0421 1224 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
    11:03:36.0425 1224 TDTCP - ok
    11:03:36.0485 1224 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
    11:03:36.0489 1224 tdx - ok
    11:03:36.0554 1224 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
    11:03:36.0557 1224 TermDD - ok
    11:03:36.0656 1224 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
    11:03:36.0660 1224 tssecsrv - ok
    11:03:36.0715 1224 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
    11:03:36.0719 1224 TsUsbFlt - ok
    11:03:36.0747 1224 tsusbhub - ok
    11:03:36.0822 1224 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
    11:03:36.0827 1224 tunnel - ok
    11:03:36.0877 1224 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
    11:03:36.0881 1224 uagp35 - ok
    11:03:36.0948 1224 UBHelper (d79c0b9bb011218b93705cbf77fa3e5e) C:\Windows\system32\drivers\UBHelper.sys
    11:03:36.0950 1224 UBHelper - ok
    11:03:37.0000 1224 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
    11:03:37.0005 1224 udfs - ok
    11:03:37.0062 1224 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
    11:03:37.0066 1224 uliagpkx - ok
    11:03:37.0139 1224 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
    11:03:37.0143 1224 umbus - ok
    11:03:37.0209 1224 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
    11:03:37.0213 1224 UmPass - ok
    11:03:37.0285 1224 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
    11:03:37.0314 1224 USBAAPL - ok
    11:03:37.0361 1224 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
    11:03:37.0365 1224 usbccgp - ok
    11:03:37.0422 1224 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
    11:03:37.0425 1224 usbcir - ok
    11:03:37.0473 1224 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
    11:03:37.0475 1224 usbehci - ok
    11:03:37.0532 1224 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
    11:03:37.0539 1224 usbhub - ok
    11:03:37.0584 1224 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
    11:03:37.0586 1224 usbohci - ok
    11:03:37.0628 1224 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
    11:03:37.0631 1224 usbprint - ok
    11:03:37.0671 1224 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
    11:03:37.0674 1224 usbscan - ok
    11:03:37.0711 1224 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    11:03:37.0714 1224 USBSTOR - ok
    11:03:37.0764 1224 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
    11:03:37.0767 1224 usbuhci - ok
    11:03:37.0839 1224 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
    11:03:37.0843 1224 vdrvroot - ok
    11:03:37.0902 1224 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    11:03:37.0906 1224 vga - ok
    11:03:37.0961 1224 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    11:03:37.0964 1224 VgaSave - ok
    11:03:38.0001 1224 VGPU - ok
    11:03:38.0050 1224 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
    11:03:38.0054 1224 vhdmp - ok
    11:03:38.0097 1224 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
    11:03:38.0100 1224 viaagp - ok
    11:03:38.0122 1224 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
    11:03:38.0124 1224 ViaC7 - ok
    11:03:38.0186 1224 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
    11:03:38.0189 1224 viaide - ok
    11:03:38.0246 1224 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
    11:03:38.0252 1224 vmbus - ok
    11:03:38.0302 1224 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
    11:03:38.0307 1224 VMBusHID - ok
    11:03:38.0349 1224 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
    11:03:38.0352 1224 volmgr - ok
    11:03:38.0388 1224 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    11:03:38.0393 1224 volmgrx - ok
    11:03:38.0442 1224 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
    11:03:38.0447 1224 volsnap - ok
    11:03:38.0485 1224 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
    11:03:38.0489 1224 vsmraid - ok
    11:03:38.0521 1224 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
    11:03:38.0523 1224 vwifibus - ok
    11:03:38.0585 1224 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
    11:03:38.0587 1224 WacomPen - ok
    11:03:38.0643 1224 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
    11:03:38.0647 1224 WANARP - ok
    11:03:38.0656 1224 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
    11:03:38.0657 1224 Wanarpv6 - ok
    11:03:38.0716 1224 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
    11:03:38.0718 1224 Wd - ok
    11:03:38.0759 1224 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    11:03:38.0766 1224 Wdf01000 - ok
    11:03:38.0816 1224 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    11:03:38.0818 1224 WfpLwf - ok
    11:03:38.0843 1224 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    11:03:38.0844 1224 WIMMount - ok
    11:03:38.0911 1224 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
    11:03:38.0942 1224 winachsf - ok
    11:03:39.0026 1224 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
    11:03:39.0029 1224 WinUsb - ok
    11:03:39.0111 1224 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
    11:03:39.0114 1224 WmiAcpi - ok
    11:03:39.0201 1224 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    11:03:39.0203 1224 ws2ifsl - ok
    11:03:39.0264 1224 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
    11:03:39.0269 1224 WudfPf - ok
    11:03:39.0339 1224 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
    11:03:39.0345 1224 WUDFRd - ok
    11:03:39.0401 1224 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
    11:03:39.0404 1224 XAudio - ok
    11:03:39.0488 1224 yukonw7 (30b73eb97218a16cbc6de535782a1b35) C:\Windows\system32\DRIVERS\yk62x86.sys
    11:03:39.0496 1224 yukonw7 - ok
    11:03:39.0538 1224 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0
    11:03:39.0568 1224 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
    11:03:39.0568 1224 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
    11:03:39.0604 1224 Boot (0x1200) (b2ea4e3a8e215f088a15855581d71a06) \Device\Harddisk0\DR0\Partition0
    11:03:39.0606 1224 \Device\Harddisk0\DR0\Partition0 - ok
    11:03:39.0620 1224 Boot (0x1200) (c7d782cb5bffc28be71cffcea6349cc7) \Device\Harddisk0\DR0\Partition1
    11:03:39.0622 1224 \Device\Harddisk0\DR0\Partition1 - ok
    11:03:39.0623 1224 ============================================================
    11:03:39.0623 1224 Scan finished
    11:03:39.0623 1224 ============================================================
    11:03:39.0639 5064 Detected object count: 2
    11:03:39.0639 5064 Actual detected object count: 2
    11:28:19.0153 5064 C:\Windows\system32\drivers\afd.sys - copied to quarantine
    11:28:22.0354 5064 Backup copy found, using it..
    11:28:22.0403 5064 C:\Windows\system32\drivers\afd.sys - will be cured on reboot
    11:28:25.0801 5064 AFD ( Virus.Win32.ZAccess.k ) - User select action: Cure
    11:28:25.0914 5064 \Device\Harddisk0\DR0\# - copied to quarantine
    11:28:25.0916 5064 \Device\Harddisk0\DR0 - copied to quarantine
    11:28:25.0984 5064 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
    11:28:25.0987 5064 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
    11:28:26.0011 5064 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
    11:28:26.0014 5064 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
    11:28:26.0018 5064 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
    11:28:26.0025 5064 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
    11:28:26.0052 5064 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
    11:28:26.0100 5064 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
    11:28:26.0101 5064 \Device\Harddisk0\DR0 - ok
    11:28:26.0159 5064 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
    11:29:33.0900 5440 Deinitialize success
     
  8. Steph19

    Steph19 TS Rookie Topic Starter Posts: 22

    Should I continue to "move to vault" AVG threat detections?

    Like I said in my intro post, I'm constantly getting AVG Threat pop ups asking if I want to move the file to the vault or "allow" it.
    I'm assuming allowing it would not be a good idea, but just want to make sure I'm not messing anything up for you guys.

    Should I continue to "move to vault" whenever a threat is detected?
     
  9. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Yes.

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ==================================================================

    Download BTKR_RunBox to your desktop.

    Double click on downloaded BTKR_RunBox.exe file.
    Small RunBox DOS window will open.
    Press any key to continue.
    Press "1" to select "Run a scan with Bootkit Remover" option.
    Press "Enter".
    Press "Enter" one more time to generate log.
    Click OK, IF any "Warning" message pops up.
    Notepad will open with Bootkit Remover log.
    Copy the content and post it in your next reply.
    In RunBox press "4" then Enter to exit it.

    NOTE. In case you lost the log it's also located on your desktop as "scan.txt"
     
  10. Steph19

    Steph19 TS Rookie Topic Starter Posts: 22

    aswMBR log

    aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
    Run date: 2012-02-23 13:33:16
    -----------------------------
    13:33:16.956 OS Version: Windows 6.1.7601 Service Pack 1
    13:33:16.956 Number of processors: 2 586 0x1706
    13:33:16.958 ComputerName: STEPHANIE-PC UserName: Stephanie
    13:33:18.182 Initialize success
    13:35:11.759 AVAST engine defs: 12022301
    13:35:59.423 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
    13:35:59.431 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
    13:35:59.471 Disk 0 MBR read successfully
    13:35:59.480 Disk 0 MBR scan
    13:35:59.493 Disk 0 Windows 7 default MBR code
    13:35:59.499 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 70 MB offset 63
    13:35:59.514 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 145408
    13:35:59.530 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 225602 MB offset 21116928
    13:35:59.537 Disk 0 Partition - 00 0F Extended LBA 2560 MB offset 483151872
    13:35:59.568 Disk 0 Partition 4 00 DD MSDOS5.0 2559 MB offset 483153920
    13:35:59.578 Disk 0 scanning sectors +488394752
    13:35:59.658 Disk 0 scanning C:\Windows\system32\drivers
    13:36:13.389 Service scanning
    13:36:46.265 Modules scanning
    13:36:56.225 Disk 0 trace - called modules:
    13:36:56.256 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
    13:36:56.263 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87062030]
    13:36:56.503 3 CLASSPNP.SYS[8cd8e59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x86232028]
    13:36:58.375 AVAST engine scan C:\Windows
    13:37:01.129 AVAST engine scan C:\Windows\system32
    13:40:18.505 AVAST engine scan C:\Windows\system32\drivers
    13:40:40.509 AVAST engine scan C:\Users\Stephanie
    13:41:56.029 Disk 0 MBR has been saved successfully to "C:\Users\Stephanie\Desktop\MBR.dat"
    13:41:56.030 The log file has been saved successfully to "C:\Users\Stephanie\Desktop\aswMBR log.txt"
     
  11. Steph19

    Steph19 TS Rookie Topic Starter Posts: 22

    BTKR log

    Bootkit Remover
    (c) 2009 eSage Lab
    www.esagelab.com
    Program version: 1.2.0.0
    OS Version: Microsoft Windows 7 Ultimate Edition Service Pack 1 (build 7601), 32-bit
    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`84700000
    Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff

    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)

    Done;



    Press any key to quit...
     
  12. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    That looks good.

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  13. Steph19

    Steph19 TS Rookie Topic Starter Posts: 22

    Question

    I disabled protection on AVG, but I opened ComboFix and it said AVG antivirus and antispyware real time scanners were active. I uninstalled my AVG (free edition 2012), restarted the computer, opened ComboFix, and it gives the same message. I'm not sure how it's still coming up as active if it's uninstalled?

    I believe I correctly disable protection for SpywareBlaster, Spybot Search & Destory, and Malwarebyte Anti-Malware.

    Should I click OK on ComboFix and continue?
     
  14. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Yes........
     
  15. Steph19

    Steph19 TS Rookie Topic Starter Posts: 22

    ComboFix log

    ComboFix 12-02-22.01 - Stephanie 02/23/2012 15:09:45.1.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3574.2649 [GMT -5:00]
    Running from: c:\users\Stephanie\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\LP
    c:\program files\LP\261C\D74E.tmp
    c:\programdata\ntuser.dat
    c:\users\Stephanie\Documents\~WRL0005.tmp
    c:\users\Stephanie\Documents\~WRL2125.tmp
    c:\users\Stephanie\Documents\~WRL2626.tmp
    c:\windows\$NtUninstallKB8542$
    c:\windows\$NtUninstallKB8542$\1794493320
    c:\windows\$NtUninstallKB8542$\3903310329\@
    c:\windows\$NtUninstallKB8542$\3903310329\cfg.ini
    c:\windows\$NtUninstallKB8542$\3903310329\Desktop.ini
    c:\windows\$NtUninstallKB8542$\3903310329\L\wxdbpmqa
    c:\windows\$NtUninstallKB8542$\3903310329\oemid
    c:\windows\$NtUninstallKB8542$\3903310329\U\00000001.@
    c:\windows\$NtUninstallKB8542$\3903310329\U\00000002.@
    c:\windows\$NtUninstallKB8542$\3903310329\U\00000004.@
    c:\windows\$NtUninstallKB8542$\3903310329\U\80000000.@
    c:\windows\$NtUninstallKB8542$\3903310329\U\80000004.@
    c:\windows\$NtUninstallKB8542$\3903310329\U\80000032.@
    c:\windows\$NtUninstallKB8542$\3903310329\version
    c:\windows\system32\AutoRun.inf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-23 to 2012-02-23 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-23 16:28 . 2012-02-23 16:28 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-02-22 21:32 . 2006-06-19 17:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
    2012-02-22 21:32 . 2006-05-25 19:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
    2012-02-22 21:32 . 2005-08-26 05:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
    2012-02-22 21:32 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\unrar3.dll
    2012-02-22 21:32 . 2002-03-06 05:00 75264 ----a-w- c:\windows\system32\unacev2.dll
    2012-02-22 19:28 . 2012-02-22 23:58 -------- d--h--w- c:\users\Stephanie\AppData\Roaming\A7BF3979
    2012-02-22 16:48 . 2012-02-22 16:49 -------- d-----w- c:\users\Stephanie\AppData\Roaming\AVG
    2012-02-16 16:53 . 2012-02-16 16:53 139776 ----a-w- c:\programdata\Microsoft\Windows\DRM\14C8.tmp
    2012-02-16 06:54 . 2012-02-16 06:54 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-02-16 02:42 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl
    2012-02-16 02:42 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll
    2012-02-16 02:42 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll
    2012-02-16 02:42 . 2012-01-14 03:35 2343424 ----a-w- c:\windows\system32\win32k.sys
    2012-02-13 16:05 . 2012-02-13 16:05 -------- d-----w- c:\program files\iPod
    2012-02-12 21:38 . 2012-02-23 15:10 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
    2012-01-26 17:06 . 2012-01-26 17:06 -------- d-----w- c:\users\Stephanie\AppData\Roaming\DiskAid
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-23 16:30 . 2011-06-15 22:08 338944 ----a-w- c:\windows\system32\drivers\afd.sys
    2012-02-12 21:38 . 2011-05-29 13:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-01-18 23:05 . 2011-03-28 23:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-12-10 20:24 . 2010-09-07 22:36 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-18 05:01 . 2011-05-06 00:19 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
    "OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 718720]
    "RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
    "OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
    "DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
    "PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
    "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-07 405504]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-7-27 50688]
    QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2008-07-27 05:50 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Users^Stephanie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
    path=c:\users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2011-11-02 12:51 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNowEZtray]
    2009-09-19 11:04 562944 ----a-w- c:\program files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
    R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\C88D.tmp [x]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-05 1343400]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-08-29 73728]
    S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-04-28 161048]
    S2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe [2009-09-19 45312]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]
    S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - Avgtdix
    .
    NETSVCS REQUIRES REPAIRS - current entries shown
    AeLookupSvc
    CertPropSvc
    SCPolicySvc
    lanmanserver
    gpsvc
    IKEEXT
    AudioSrv
    FastUserSwitchingCompatibility
    Ias
    Irmon
    Nla
    Ntmssvc
    NWCWorkstation
    Nwsapagent
    Rasauto
    Rasman
    Remoteaccess
    SENS
    Sharedaccess
    SRService
    Tapisrv
    Wmi
    WmdmPmSp
    cvsnt
    padfsvr
    SANDRA
    TNaviSrv
    SE27mdm
    i81x
    wanatw
    IJPLMSVC
    RMSvc
    botcbs
    ONSIO
    nlsvc
    DXEC02
    b57w2k
    se2Cunic
    eeyeevnt
    citrixxteserver
    lpx
    SE2Dobex
    dlcg_device
    wstcodec
    gdihook5
    lvtuner
    webdriveservice
    atikmdag
    MSSQL$MSSMLBIZ
    cachemgr
    automate6
    s716bus
    yukonwxp
    nmservice
    toside
    agnwifi
    qconsvc
    nsm1mdm
    tifmsony
    sweepsrv.sys
    MagicTune
    nsm1serd
    RIOXDRV
    NICM
    oracleorahometnslistener
    sisperf
    emproxy
    mqdmserd
    tmesrv3
    teefer
    nipxirmu
    emclisrv
    lxcf_device
    tosrfusb
    apache2
    se45mdm
    wanusb
    lxcz_device
    client32
    ICM10USB
    elnkfwppservice
    FlexBios
    https-nassry
    s116obex
    ntcharge
    plsremotesvc
    vtserver
    ivscheduler
    CTERFXFX.DLL
    jtagserver
    TermService
    wuauserv
    BITS
    ShellHWDetection
    LogonHours
    PCAudit
    helpsvc
    uploadmgr
    iphlpsvc
    seclogon
    AppInfo
    msiscsi
    MMCSS
    wercplsupport
    EapHost
    ProfSvc
    schedule
    hkmsvc
    SessionEnv
    winmgmt
    browser
    Themes
    BDESVC
    AppMgmt
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    .
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    uInternet Settings,ProxyOverride = *.local
    uInternet Settings,ProxyServer = http=127.0.0.1:58444
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
    FF - ProfilePath - c:\users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\svaf87ir.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    SafeBoot-62809401.sys
    MSConfigStartUp-DriverFinder - c:\program files\DriverFinder\DriverFinder.exe
    MSConfigStartUp-Lexmark X6100 Series - c:\program files\Lexmark X6100 Series\lxbfbmgr.exe
    AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe
    AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
    AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
    AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
    AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
    AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
    AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
    AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
    AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
    AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
    AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
    AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
    AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
    AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
    AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
    AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
    AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe
    AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
    AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
    "ImagePath"="\??\c:\windows\system32\C88D.tmp"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\System32\LEXBCES.EXE
    c:\windows\System32\LEXPPS.EXE
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    c:\windows\system32\CTsvcCDA.exe
    c:\program files\Intel\Wireless\Bin\EvtEng.exe
    c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    c:\program files\Intel\Wireless\Bin\RegSrvc.exe
    c:\windows\system32\STacSV.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\windows\system32\DRIVERS\xaudio.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\system32\taskhost.exe
    c:\windows\system32\conhost.exe
    .
    **************************************************************************
    .
    Completion time: 2012-02-23 15:36:02 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-02-23 20:36
    .
    Pre-Run: 162,512,269,312 bytes free
    Post-Run: 165,742,620,672 bytes free
    .
    - - End Of File - - 0BBE7467160F7D9B8BA0E5249BB5A27A
     
  16. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\programdata\Microsoft\Windows\DRM\14C8.tmp
    c:\windows\system32\dds_trash_log.cmd
    
    
    Folder::
    c:\users\Stephanie\AppData\Roaming\A7BF3979
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  17. Steph19

    Steph19 TS Rookie Topic Starter Posts: 22

    ComboFix log 2

    ComboFix 12-02-22.01 - Stephanie 02/23/2012 17:17:00.2.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3574.2412 [GMT -5:00]
    Running from: c:\users\Stephanie\Desktop\ComboFix.exe
    Command switches used :: c:\users\Stephanie\Desktop\CFScript.txt
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    FILE ::
    "c:\programdata\Microsoft\Windows\DRM\14C8.tmp"
    "c:\windows\system32\dds_trash_log.cmd"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Microsoft\Windows\DRM\14C8.tmp
    c:\users\Stephanie\AppData\Roaming\A7BF3979
    c:\windows\system32\dds_trash_log.cmd
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-23 to 2012-02-23 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-23 22:21 . 2012-02-23 22:21 -------- d-----w- c:\users\Stephanie\AppData\Local\temp
    2012-02-23 22:21 . 2012-02-23 22:21 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-02-23 16:28 . 2012-02-23 16:28 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-02-22 21:32 . 2006-06-19 17:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
    2012-02-22 21:32 . 2006-05-25 19:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
    2012-02-22 21:32 . 2005-08-26 05:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
    2012-02-22 21:32 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\unrar3.dll
    2012-02-22 21:32 . 2002-03-06 05:00 75264 ----a-w- c:\windows\system32\unacev2.dll
    2012-02-22 16:48 . 2012-02-22 16:49 -------- d-----w- c:\users\Stephanie\AppData\Roaming\AVG
    2012-02-16 06:54 . 2012-02-16 06:54 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-02-16 02:42 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl
    2012-02-16 02:42 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll
    2012-02-16 02:42 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll
    2012-02-16 02:42 . 2012-01-14 03:35 2343424 ----a-w- c:\windows\system32\win32k.sys
    2012-02-13 16:05 . 2012-02-13 16:05 -------- d-----w- c:\program files\iPod
    2012-01-26 17:06 . 2012-01-26 17:06 -------- d-----w- c:\users\Stephanie\AppData\Roaming\DiskAid
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-23 16:30 . 2011-06-15 22:08 338944 ----a-w- c:\windows\system32\drivers\afd.sys
    2012-02-12 21:38 . 2011-05-29 13:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-01-18 23:05 . 2011-03-28 23:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-12-10 20:24 . 2010-09-07 22:36 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-18 05:01 . 2011-05-06 00:19 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
    "OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 718720]
    "RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
    "OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
    "DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
    "PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
    "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-07 405504]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-7-27 50688]
    QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2008-07-27 05:50 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Users^Stephanie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
    path=c:\users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2011-11-02 12:51 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNowEZtray]
    2009-09-19 11:04 562944 ----a-w- c:\program files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
    R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\C88D.tmp [x]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-05 1343400]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-08-29 73728]
    S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-04-28 161048]
    S2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe [2009-09-19 45312]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]
    S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - Avgtdix
    .
    NETSVCS REQUIRES REPAIRS - current entries shown
    AeLookupSvc
    CertPropSvc
    SCPolicySvc
    lanmanserver
    gpsvc
    IKEEXT
    AudioSrv
    FastUserSwitchingCompatibility
    Ias
    Irmon
    Nla
    Ntmssvc
    NWCWorkstation
    Nwsapagent
    Rasauto
    Rasman
    Remoteaccess
    SENS
    Sharedaccess
    SRService
    Tapisrv
    Wmi
    WmdmPmSp
    cvsnt
    padfsvr
    SANDRA
    TNaviSrv
    SE27mdm
    i81x
    wanatw
    IJPLMSVC
    RMSvc
    botcbs
    ONSIO
    nlsvc
    DXEC02
    b57w2k
    se2Cunic
    eeyeevnt
    citrixxteserver
    lpx
    SE2Dobex
    dlcg_device
    wstcodec
    gdihook5
    lvtuner
    webdriveservice
    atikmdag
    MSSQL$MSSMLBIZ
    cachemgr
    automate6
    s716bus
    yukonwxp
    nmservice
    toside
    agnwifi
    qconsvc
    nsm1mdm
    tifmsony
    sweepsrv.sys
    MagicTune
    nsm1serd
    RIOXDRV
    NICM
    oracleorahometnslistener
    sisperf
    emproxy
    mqdmserd
    tmesrv3
    teefer
    nipxirmu
    emclisrv
    lxcf_device
    tosrfusb
    apache2
    se45mdm
    wanusb
    lxcz_device
    client32
    ICM10USB
    elnkfwppservice
    FlexBios
    https-nassry
    s116obex
    ntcharge
    plsremotesvc
    vtserver
    ivscheduler
    CTERFXFX.DLL
    jtagserver
    TermService
    wuauserv
    BITS
    ShellHWDetection
    LogonHours
    PCAudit
    helpsvc
    uploadmgr
    iphlpsvc
    seclogon
    AppInfo
    msiscsi
    MMCSS
    wercplsupport
    EapHost
    ProfSvc
    schedule
    hkmsvc
    SessionEnv
    winmgmt
    browser
    Themes
    BDESVC
    AppMgmt
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    .
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    uInternet Settings,ProxyOverride = *.local
    uInternet Settings,ProxyServer = http=127.0.0.1:58444
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
    FF - ProfilePath - c:\users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\svaf87ir.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
    "ImagePath"="\??\c:\windows\system32\C88D.tmp"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-02-23 17:23:24
    ComboFix-quarantined-files.txt 2012-02-23 22:23
    ComboFix2.txt 2012-02-23 20:36
    .
    Pre-Run: 165,115,736,064 bytes free
    Post-Run: 165,046,038,528 bytes free
    .
    - - End Of File - - E29E39435F4ABFA1534A300E9A502AF0
     
  18. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Looks good.

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  19. Steph19

    Steph19 TS Rookie Topic Starter Posts: 22

    OTL log (part 1)

    OTL logfile created on: 2/23/2012 8:11:28 PM - Run 1
    OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Stephanie\Desktop
    Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.49 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 67.15% Memory free
    6.98 Gb Paging File | 5.96 Gb Available in Paging File | 85.39% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 220.32 Gb Total Space | 153.51 Gb Free Space | 69.68% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 4.90 Gb Free Space | 49.05% Space Free | Partition Type: NTFS

    Computer Name: STEPHANIE-PC | User Name: Stephanie | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/02/23 20:09:11 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Stephanie\Desktop\OTL.exe
    PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2009/09/19 06:04:50 | 000,045,312 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe
    PRC - [2009/06/04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    PRC - [2008/07/27 00:29:11 | 000,072,704 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    PRC - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
    PRC - [2008/02/22 17:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
    PRC - [2007/09/07 09:25:12 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
    PRC - [2007/08/29 12:25:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (yukonwxp)
    SRV - File not found [Auto | Stopped] -- -- (wstcodec)
    SRV - File not found [Auto | Stopped] -- -- (webdriveservice)
    SRV - File not found [Auto | Stopped] -- -- (wanusb)
    SRV - File not found [Auto | Stopped] -- -- (wanatw)
    SRV - File not found [Auto | Stopped] -- -- (vtserver)
    SRV - File not found [Auto | Stopped] -- -- (tosrfusb)
    SRV - File not found [Auto | Stopped] -- -- (toside)
    SRV - File not found [Auto | Stopped] -- -- (TNaviSrv)
    SRV - File not found [Auto | Stopped] -- -- (tmesrv3)
    SRV - File not found [Auto | Stopped] -- -- (tifmsony)
    SRV - File not found [Auto | Stopped] -- -- (teefer)
    SRV - File not found [Auto | Stopped] -- -- (sweepsrv.sys)
    SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
    SRV - File not found [Auto | Stopped] -- -- (sisperf)
    SRV - File not found [Auto | Stopped] -- -- (se45mdm)
    SRV - File not found [Auto | Stopped] -- -- (SE2Dobex)
    SRV - File not found [Auto | Stopped] -- -- (se2Cunic)
    SRV - File not found [Auto | Stopped] -- -- (SE27mdm)
    SRV - File not found [Auto | Stopped] -- -- (SANDRA)
    SRV - File not found [Auto | Stopped] -- -- (s716bus)
    SRV - File not found [Auto | Stopped] -- -- (s116obex)
    SRV - File not found [Auto | Stopped] -- -- (RMSvc)
    SRV - File not found [Auto | Stopped] -- -- (RIOXDRV)
    SRV - File not found [Auto | Stopped] -- -- (qconsvc)
    SRV - File not found [Auto | Stopped] -- -- (plsremotesvc)
    SRV - File not found [Auto | Stopped] -- -- (padfsvr)
    SRV - File not found [Auto | Stopped] -- -- (oracleorahometnslistener)
    SRV - File not found [Auto | Stopped] -- -- (ONSIO)
    SRV - File not found [Auto | Stopped] -- -- (ntcharge)
    SRV - File not found [Auto | Stopped] -- -- (nsm1serd)
    SRV - File not found [Auto | Stopped] -- -- (nsm1mdm)
    SRV - File not found [Auto | Stopped] -- -- (nmservice)
    SRV - File not found [Auto | Stopped] -- -- (nlsvc)
    SRV - File not found [Auto | Stopped] -- -- (nipxirmu)
    SRV - File not found [Auto | Stopped] -- -- (NICM)
    SRV - File not found [Auto | Stopped] -- -- (MSSQL$MSSMLBIZ)
    SRV - File not found [Auto | Stopped] -- -- (mqdmserd)
    SRV - File not found [Auto | Stopped] -- -- (MagicTune)
    SRV - File not found [Auto | Stopped] -- -- (lxcz_device)
    SRV - File not found [Auto | Stopped] -- -- (lxcf_device)
    SRV - File not found [Auto | Stopped] -- -- (lvtuner)
    SRV - File not found [Auto | Stopped] -- -- (lpx)
    SRV - File not found [Auto | Stopped] -- -- (jtagserver)
    SRV - File not found [Auto | Stopped] -- -- (ivscheduler)
    SRV - File not found [Auto | Stopped] -- -- (IJPLMSVC)
    SRV - File not found [Auto | Stopped] -- -- (ICM10USB)
    SRV - File not found [Auto | Stopped] -- -- (i81x)
    SRV - File not found [Auto | Stopped] -- -- (https-nassry)
    SRV - File not found [Auto | Stopped] -- -- (gdihook5)
    SRV - File not found [Auto | Stopped] -- -- (FlexBios)
    SRV - File not found [Auto | Stopped] -- -- (emproxy)
    SRV - File not found [Auto | Stopped] -- -- (emclisrv)
    SRV - File not found [Auto | Stopped] -- -- (elnkfwppservice)
    SRV - File not found [Auto | Stopped] -- -- (eeyeevnt)
    SRV - File not found [Auto | Stopped] -- -- (DXEC02)
    SRV - File not found [Auto | Stopped] -- -- (dlcg_device)
    SRV - File not found [Auto | Stopped] -- -- (cvsnt)
    SRV - File not found [Auto | Stopped] -- -- (CTERFXFX.DLL)
    SRV - File not found [Auto | Stopped] -- -- (client32)
    SRV - File not found [Auto | Stopped] -- -- (citrixxteserver)
    SRV - File not found [Auto | Stopped] -- -- (cachemgr)
    SRV - File not found [Auto | Stopped] -- -- (botcbs)
    SRV - File not found [Auto | Stopped] -- -- (b57w2k)
    SRV - File not found [Auto | Stopped] -- -- (automate6)
    SRV - File not found [Auto | Stopped] -- -- (atikmdag)
    SRV - File not found [Auto | Stopped] -- -- (apache2)
    SRV - File not found [Auto | Stopped] -- -- (agnwifi)
    SRV - [2011/06/12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
    SRV - [2010/04/04 20:00:44 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2009/11/20 14:52:36 | 000,072,704 | ---- | M] (WoltersKluwerLWW) [On_Demand | Stopped] -- C:\Program Files\Common Files\WoltersKluwerLWW Shared\Service\LWWLicenseService.exe -- (LWWLicenseService)
    SRV - [2009/09/19 06:04:50 | 000,045,312 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe -- (NTI BackupNowEZSvr)
    SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2009/06/04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
    SRV - [2008/07/27 00:50:44 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
    SRV - [2008/07/27 00:29:11 | 000,072,704 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
    SRV - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
    SRV - [2007/09/07 09:25:12 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
    SRV - [2007/08/29 12:25:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
    DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
    DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
    DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
    DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010/11/20 05:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
    DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
    DRV - [2010/06/14 09:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
    DRV - [2009/10/15 00:28:44 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
    DRV - [2009/10/15 00:28:44 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
    DRV - [2009/10/15 00:28:44 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
    DRV - [2009/09/28 08:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
    DRV - [2009/07/13 17:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
    DRV - [2008/05/04 04:25:24 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2008/03/06 02:58:44 | 000,111,616 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
    DRV - [2008/03/04 00:05:34 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
    DRV - [2008/03/04 00:05:18 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
    DRV - [2007/09/07 09:26:04 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2007/09/06 11:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2007/09/06 11:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2007/09/06 11:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49192

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49192



    IE - HKU\S-1-5-21-513177211-2312190473-767099015-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKU\S-1-5-21-513177211-2312190473-767099015-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-513177211-2312190473-767099015-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-513177211-2312190473-767099015-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    IE - HKU\S-1-5-21-513177211-2312190473-767099015-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:58444

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "AIM Search"
    FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
    FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1319
    FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query="


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Stephanie\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
    FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/18 00:01:59 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/17 11:29:27 | 000,000,000 | ---D | M]

    [2009/10/26 22:18:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stephanie\AppData\Roaming\mozilla\Extensions
    [2009/07/30 19:57:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stephanie\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
    [2011/08/16 21:39:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stephanie\AppData\Roaming\mozilla\Firefox\Profiles\svaf87ir.default\extensions
    [2010/04/27 20:26:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Stephanie\AppData\Roaming\mozilla\Firefox\Profiles\svaf87ir.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2009/10/26 22:18:27 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Stephanie\AppData\Roaming\mozilla\Firefox\Profiles\svaf87ir.default\extensions\moveplayer@movenetworks.com
    [2009/10/26 22:18:27 | 000,000,000 | ---D | M] (Tegrity Plugin) -- C:\Users\Stephanie\AppData\Roaming\mozilla\Firefox\Profiles\svaf87ir.default\extensions\tegplug@tegrity.com
    [2009/10/27 09:51:12 | 000,004,554 | ---- | M] () -- C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\svaf87ir.default\searchplugins\aim-search.xml
    [2011/09/26 18:50:58 | 000,001,595 | ---- | M] () -- C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\svaf87ir.default\searchplugins\amazondotcom.xml
    [2009/04/14 13:50:18 | 000,001,595 | ---- | M] () -- C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\svaf87ir.default\searchplugins\ebay.xml
    [2011/11/10 09:52:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/11/04 19:25:24 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2010/10/16 19:46:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2012/02/18 00:01:59 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2007/07/18 11:19:40 | 002,998,784 | ---- | M] (Tamarack Software, Inc.) -- C:\Program Files\mozilla firefox\plugins\nptgeqplugin.dll
    [2008/11/27 12:20:11 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
    [2011/05/05 19:19:37 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2011/11/10 09:52:16 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/02/23 17:21:36 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
    O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
    O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
    O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
    O4 - HKU\S-1-5-21-513177211-2312190473-767099015-1000..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
    O4 - HKU\S-1-5-21-513177211-2312190473-767099015-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
    O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-513177211-2312190473-767099015-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-513177211-2312190473-767099015-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - Reg Error: Value error. File not found
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9AB5326-DD3A-4AFE-9181-F079A36DB03C}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
    O24 - Desktop WallPaper: C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: cvsnt - File not found
    NetSvcs: padfsvr - File not found
    NetSvcs: SANDRA - File not found
    NetSvcs: TNaviSrv - File not found
    NetSvcs: SE27mdm - File not found
    NetSvcs: i81x - File not found
    NetSvcs: wanatw - File not found
    NetSvcs: IJPLMSVC - File not found
    NetSvcs: RMSvc - File not found
    NetSvcs: botcbs - File not found
    NetSvcs: ONSIO - File not found
    NetSvcs: nlsvc - File not found
    NetSvcs: DXEC02 - File not found
    NetSvcs: b57w2k - File not found
    NetSvcs: se2Cunic - File not found
    NetSvcs: eeyeevnt - File not found
    NetSvcs: citrixxteserver - File not found
    NetSvcs: lpx - File not found
    NetSvcs: SE2Dobex - File not found
    NetSvcs: dlcg_device - File not found
    NetSvcs: wstcodec - File not found
    NetSvcs: gdihook5 - File not found
    NetSvcs: lvtuner - File not found
    NetSvcs: webdriveservice - File not found
    NetSvcs: atikmdag - File not found
    NetSvcs: MSSQL$MSSMLBIZ - File not found
    NetSvcs: cachemgr - File not found
    NetSvcs: automate6 - File not found
    NetSvcs: s716bus - File not found
    NetSvcs: yukonwxp - File not found
    NetSvcs: nmservice - File not found
    NetSvcs: toside - File not found
    NetSvcs: agnwifi - File not found
    NetSvcs: qconsvc - File not found
    NetSvcs: nsm1mdm - File not found
    NetSvcs: tifmsony - File not found
    NetSvcs: sweepsrv.sys - File not found
    NetSvcs: MagicTune - File not found
    NetSvcs: nsm1serd - File not found
    NetSvcs: RIOXDRV - File not found
    NetSvcs: NICM - File not found
    NetSvcs: oracleorahometnslistener - File not found
    NetSvcs: sisperf - File not found
    NetSvcs: emproxy - File not found
    NetSvcs: mqdmserd - File not found
    NetSvcs: tmesrv3 - File not found
    NetSvcs: teefer - File not found
    NetSvcs: nipxirmu - File not found
    NetSvcs: emclisrv - File not found
    NetSvcs: lxcf_device - File not found
    NetSvcs: tosrfusb - File not found
    NetSvcs: apache2 - File not found
    NetSvcs: se45mdm - File not found
    NetSvcs: wanusb - File not found
    NetSvcs: lxcz_device - File not found
    NetSvcs: client32 - File not found
    NetSvcs: ICM10USB - File not found
    NetSvcs: elnkfwppservice - File not found
    NetSvcs: FlexBios - File not found
    NetSvcs: https-nassry - File not found
    NetSvcs: s116obex - File not found
    NetSvcs: ntcharge - File not found
    NetSvcs: plsremotesvc - File not found
    NetSvcs: vtserver - File not found
    NetSvcs: ivscheduler - File not found
    NetSvcs: CTERFXFX.DLL - File not found
    NetSvcs: jtagserver - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/02/23 20:09:10 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Stephanie\Desktop\OTL.exe
    [2012/02/23 17:23:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/02/23 17:23:25 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/02/23 17:23:25 | 000,000,000 | ---D | C] -- C:\Users\Stephanie\AppData\Local\temp
    [2012/02/23 15:02:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/02/23 15:02:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/02/23 15:02:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/02/23 14:16:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/02/23 14:11:08 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/02/23 13:56:58 | 004,417,295 | R--- | C] (Swearware) -- C:\Users\Stephanie\Desktop\ComboFix.exe
    [2012/02/23 13:31:07 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\Stephanie\Desktop\aswMBR.exe
    [2012/02/23 12:11:40 | 000,000,000 | ---D | C] -- C:\Users\Stephanie\AppData\Local\{567BB608-E1DC-4272-9DD0-6066FC42988B}
    [2012/02/23 12:11:19 | 000,000,000 | ---D | C] -- C:\Users\Stephanie\AppData\Local\{0AE2DBB3-2C92-4FF1-836A-886A380C5CF0}
    [2012/02/23 12:11:18 | 000,000,000 | ---D | C] -- C:\Users\Stephanie\AppData\Local\{A4A86364-B68F-4BC2-9D2E-B16A30EA8D9E}
    [2012/02/23 11:28:18 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/02/22 16:32:29 | 000,000,000 | ---D | C] -- C:\Users\Stephanie\Documents\Simply Super Software
    [2012/02/22 11:48:33 | 000,000,000 | ---D | C] -- C:\Users\Stephanie\AppData\Roaming\AVG
    [2012/02/16 01:54:59 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
    [2012/02/15 19:34:16 | 002,060,336 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Stephanie\Desktop\TDSSKiller.exe
    [2012/02/13 11:06:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2012/02/13 11:05:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2012/02/06 16:04:42 | 000,000,000 | ---D | C] -- C:\Users\Stephanie\Desktop\Myth PPs
    [2012/01/26 14:28:14 | 000,000,000 | ---D | C] -- C:\Users\Stephanie\Desktop\Oral Medicine
    [2012/01/26 12:06:24 | 000,000,000 | ---D | C] -- C:\Users\Stephanie\AppData\Roaming\DiskAid
    [2012/01/26 11:53:13 | 000,000,000 | ---D | C] -- C:\Users\Stephanie\Desktop\Music - iPod
    [1 C:\Users\Stephanie\Desktop\*.tmp files -> C:\Users\Stephanie\Desktop\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/02/23 20:09:11 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Stephanie\Desktop\OTL.exe
    [2012/02/23 20:00:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/02/23 17:21:36 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/02/23 15:28:18 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/02/23 15:28:18 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/02/23 15:19:27 | 2810,740,736 | -HS- | M] () -- C:\hiberfil.sys
    [2012/02/23 13:57:02 | 004,417,295 | R--- | M] (Swearware) -- C:\Users\Stephanie\Desktop\ComboFix.exe
    [2012/02/23 13:43:20 | 000,568,832 | ---- | M] () -- C:\Users\Stephanie\Desktop\BTKR_RunBox.exe
    [2012/02/23 13:41:56 | 000,000,512 | ---- | M] () -- C:\Users\Stephanie\Desktop\MBR.dat
    [2012/02/23 13:32:03 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Stephanie\Desktop\aswMBR.exe
    [2012/02/23 10:48:53 | 002,060,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Stephanie\Desktop\TDSSKiller.exe
    [2012/02/23 10:47:45 | 002,041,519 | ---- | M] () -- C:\Users\Stephanie\Desktop\tdsskiller.zip
    [2012/02/22 19:06:51 | 000,627,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/02/22 19:06:51 | 000,107,366 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/02/22 10:29:06 | 000,001,029 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/02/16 11:10:49 | 000,409,304 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/01/24 23:45:13 | 000,001,208 | ---- | M] () -- C:\Users\Stephanie\Desktop\Spybot - Search & Destroy.lnk
    [1 C:\Users\Stephanie\Desktop\*.tmp files -> C:\Users\Stephanie\Desktop\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/02/23 15:02:36 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/02/23 15:02:36 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/02/23 15:02:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/02/23 15:02:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/02/23 15:02:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/02/23 13:43:19 | 000,568,832 | ---- | C] () -- C:\Users\Stephanie\Desktop\BTKR_RunBox.exe
    [2012/02/23 13:41:56 | 000,000,512 | ---- | C] () -- C:\Users\Stephanie\Desktop\MBR.dat
    [2012/02/23 10:47:37 | 002,041,519 | ---- | C] () -- C:\Users\Stephanie\Desktop\tdsskiller.zip
    [2012/02/22 16:32:28 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
    [2012/02/22 16:32:28 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar3.dll
    [2012/02/22 16:32:28 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
    [2012/02/22 16:32:28 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
    [2012/02/22 10:29:06 | 000,001,029 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2011/12/30 18:15:27 | 000,001,420 | -HS- | C] () -- C:\Users\Stephanie\AppData\Local\dnk32af86pm3ibfhwdpn718537f4qpv130p30bwvxt1
    [2011/12/30 18:15:27 | 000,001,420 | -HS- | C] () -- C:\ProgramData\dnk32af86pm3ibfhwdpn718537f4qpv130p30bwvxt1
    [2011/12/30 12:23:41 | 000,001,400 | -HS- | C] () -- C:\Users\Stephanie\AppData\Local\270ada28s631jp14y5rpx6e834418a01p1736
    [2011/12/30 12:23:41 | 000,001,400 | -HS- | C] () -- C:\ProgramData\270ada28s631jp14y5rpx6e834418a01p1736
    [2011/11/23 15:45:58 | 000,004,608 | ---- | C] () -- C:\Users\Stephanie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/05/29 10:17:06 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
    [2011/05/29 10:15:57 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
    [2010/11/28 17:04:01 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
    [2010/11/28 17:04:01 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys

    ========== LOP Check ==========

    [2012/01/17 20:31:37 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\56959
    [2009/10/26 22:17:44 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\acccore
    [2012/02/22 11:49:05 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\AVG
    [2012/01/17 20:31:37 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\C2656
    [2012/01/26 12:06:24 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\DiskAid
    [2011/09/28 18:39:57 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\DriverFinder
    [2010/06/18 20:01:51 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\Facebook
    [2009/10/26 22:17:47 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\goombah
    [2010/10/25 15:48:06 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\ooVoo Details
    [2010/12/19 23:30:39 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\PCDr
    [2010/02/02 21:00:52 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\Research In Motion
    [2009/10/26 22:18:28 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\Ruckus Network
    [2010/11/28 17:22:12 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\Samsung
    [2011/06/27 19:19:28 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\SecondLife
    [2008/09/17 16:47:14 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\tmp
    [2009/10/26 22:18:29 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\TomTom
    [2010/03/14 14:10:29 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\Uniblue
    [2012/01/20 13:43:42 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\Video Converter Pro
    [2012/01/24 20:37:34 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2010/11/20 07:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
    [2009/10/27 01:47:26 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2012/02/23 17:23:24 | 000,012,855 | ---- | M] () -- C:\ComboFix.txt
    [2009/06/10 16:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2008/07/27 03:13:01 | 000,005,282 | RH-- | M] () -- C:\dell.sdr
    [2012/02/23 15:19:27 | 2810,740,736 | -HS- | M] () -- C:\hiberfil.sys
    [2009/01/16 13:34:22 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2011/01/20 20:12:47 | 000,001,912 | -H-- | M] () -- C:\IPH.PH
    [2009/01/16 13:34:22 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2012/02/23 15:19:33 | 3747,655,680 | -HS- | M] () -- C:\pagefile.sys
    [2008/07/27 00:55:42 | 000,000,071 | ---- | M] () -- C:\SystemInfo.ini
    [2012/02/23 11:29:33 | 000,087,152 | ---- | M] () -- C:\TDSSKiller.2.7.13.0_23.02.2012_10.59.56_log.txt
    [2010/02/22 14:56:56 | 000,000,347 | ---- | M] () -- C:\WirelessDiagLog.csv

    < %systemroot%\Fonts\*.com >
    [2009/07/13 23:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/13 23:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/13 23:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/13 23:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 16:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2006/11/02 03:46:04 | 000,070,144 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\1_CNBPP3.DLL
    [2006/11/02 03:46:04 | 000,070,144 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\2_CNBPP3.DLL
    [2006/11/02 03:46:04 | 000,070,144 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\3_CNBPP3.DLL
    [2006/11/02 03:46:04 | 000,070,144 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\4_CNBPP3.DLL
    [2006/11/02 03:46:04 | 000,070,144 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\5_CNBPP3.DLL
    [2006/11/02 03:46:04 | 000,070,144 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\6_CNBPP3.DLL
    [2006/11/02 03:46:04 | 000,070,144 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNBPP3.DLL
    [2009/03/17 05:00:00 | 000,027,648 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNMPD9W.DLL
    [2009/03/17 05:00:00 | 000,070,656 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNMPP9W.DLL
    [2009/07/13 20:15:25 | 000,319,488 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpfppw73.dll
    [2007/03/28 13:57:34 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzpp5ha.dll
    [2009/07/13 20:15:26 | 000,280,064 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzppw71.dll
    [2009/07/13 20:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
    [2003/07/21 09:13:34 | 000,078,336 | ---- | M] () -- C:\Windows\system32\spool\prtprocs\w32x86\LXBFPP5C.DLL
    [2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll
    [2010/11/20 07:21:36 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\winprint.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2011/05/13 15:42:24 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >
    [2009/07/17 16:01:00 | 000,225,280 | ---- | M] (TODO: <Company name>) -- C:\Users\Stephanie\AppData\Roaming\Microsoft\AdjMmsVista.dll

    < %PROGRAMFILES%\*.* >
    [2009/07/13 23:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/06/30 17:08:31 | 000,000,286 | -HS- | M] () -- C:\Users\Stephanie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
    [2011/04/16 15:08:23 | 000,000,221 | -HS- | M] () -- C:\Users\Stephanie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012/02/23 13:32:03 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Stephanie\Desktop\aswMBR.exe
    [2012/02/23 13:43:20 | 000,568,832 | ---- | M] () -- C:\Users\Stephanie\Desktop\BTKR_RunBox.exe
    [2012/02/23 13:57:02 | 004,417,295 | R--- | M] (Swearware) -- C:\Users\Stephanie\Desktop\ComboFix.exe
    [2012/02/23 20:09:11 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Stephanie\Desktop\OTL.exe
    [2012/02/23 10:48:53 | 002,060,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Stephanie\Desktop\TDSSKiller.exe
    [1 C:\Users\Stephanie\Desktop\*.tmp files -> C:\Users\Stephanie\Desktop\*.tmp -> ]

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2011/05/29 10:53:53 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
    [2011/05/29 10:53:53 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
    [2011/05/29 10:53:52 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
    [2011/05/29 10:53:53 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
    [2011/05/29 10:53:52 | 000,786,432 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
    [2011/05/29 10:53:53 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2012/02/16 11:11:28 | 000,000,402 | -HS- | M] () -- C:\Users\Stephanie\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >
     
  20. Steph19

    Steph19 TS Rookie Topic Starter Posts: 22

    OTL log (part 2)

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/12/30 12:23:46 | 000,001,400 | -HS- | M] () -- C:\ProgramData\270ada28s631jp14y5rpx6e834418a01p1736
    [2011/12/30 18:15:27 | 000,001,420 | -HS- | M] () -- C:\ProgramData\dnk32af86pm3ibfhwdpn718537f4qpv130p30bwvxt1
    [2011/02/04 13:20:46 | 000,012,429 | ---- | M] () -- C:\ProgramData\hpzinstall.log

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >
    [2007/08/13 04:05:24 | 000,600,328 | ---- | M] (Intel Corporation) -- C:\Windows\Installer\iProInst.exe
    [3 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0B4227B4
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34

    < End of report >
     
  21. Steph19

    Steph19 TS Rookie Topic Starter Posts: 22

    Extras log

    OTL Extras logfile created on: 2/23/2012 8:11:28 PM - Run 1
    OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Stephanie\Desktop
    Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.49 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 67.15% Memory free
    6.98 Gb Paging File | 5.96 Gb Available in Paging File | 85.39% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 220.32 Gb Total Space | 153.51 Gb Free Space | 69.68% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 4.90 Gb Free Space | 49.05% Space Free | Partition Type: NTFS

    Computer Name: STEPHANIE-PC | User Name: Stephanie | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-513177211-2312190473-767099015-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
    "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{255909FA-8E58-4BC2-A83A-3C71EB5DD6EC}" = EarthLink Setup Files
    "{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 24
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
    "{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
    "{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
    "{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
    "{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
    "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
    "{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
    "{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B639110D-747F-40DC-9682-95D94EF73790}" = dj_sf_software
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
    "{B9ECA41B-55CC-4654-B6B5-6731D009EC69}" = NTI Backup Now EZ
    "{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
    "{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
    "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
    "{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
    "{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
    "{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
    "{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
    "{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "Advanced Audio FX Engine" = Advanced Audio FX Engine
    "Advanced Video FX Engine" = Advanced Video FX Engine
    "AIM_7" = AIM 7
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
    "Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
    "Dell Webcam Center" = Dell Webcam Center
    "Dell Webcam Manager" = Dell Webcam Manager
    "GoToAssist" = GoToAssist 8.0.0.514
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
    "InstallShield_{B9ECA41B-55CC-4654-B6B5-6731D009EC69}" = NTI Backup Now EZ
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
    "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
    "ProInst" = Intel(R) PROSet/Wireless Software
    "SoftwareUpdUtility" = Download Updater (AOL LLC)
    "SpywareBlaster_is1" = SpywareBlaster 4.2
    "TVWiz" = Intel(R) TV Wizard
    "WinLiveSuite" = Windows Live Essentials
    "Yahoo! Messenger" = Yahoo! Messenger

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-513177211-2312190473-767099015-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Facebook Plug-In" = Facebook Plug-In

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 2/22/2012 9:33:31 PM | Computer Name = Stephanie-PC | Source = Windows Backup | ID = 4104
    Description =

    Error - 2/22/2012 11:46:22 PM | Computer Name = Stephanie-PC | Source = Application Hang | ID = 1002
    Description = The program firefox.exe version 10.0.2.4428 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 1384 Start
    Time: 01ccf1d1cdbcf0b2 Termination Time: 60000 Application Path: C:\Program Files\Mozilla
    Firefox\firefox.exe Report Id: c2c70656-5dd0-11e1-b0cf-001d095e1261

    Error - 2/22/2012 11:56:03 PM | Computer Name = Stephanie-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 2/23/2012 11:11:21 AM | Computer Name = Stephanie-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 2/23/2012 12:31:17 PM | Computer Name = Stephanie-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 2/23/2012 2:11:53 PM | Computer Name = Stephanie-PC | Source = SideBySide | ID = 16842827
    Description = Activation context generation failed for "C:\Program Files\Skype\Toolbars\Internet
    Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
    Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2. Multiple
    requestedPrivileges elements are not allowed in manifest.

    Error - 2/23/2012 2:13:55 PM | Computer Name = Stephanie-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\program files\spybot
    - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
    - search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
    in element "assemblyIdentity" is invalid.

    Error - 2/23/2012 3:17:44 PM | Computer Name = Stephanie-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 2/23/2012 4:08:22 PM | Computer Name = Stephanie-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 2/23/2012 4:19:51 PM | Computer Name = Stephanie-PC | Source = WinMgmt | ID = 10
    Description =

    [ Media Center Events ]
    Error - 1/7/2010 12:25:01 AM | Computer Name = Stephanie-PC | Source = MCUpdate | ID = 0
    Description = 11:25:00 PM - Error connecting to the internet. 11:25:00 PM - Unable
    to contact server..

    Error - 1/12/2010 1:57:55 PM | Computer Name = Stephanie-PC | Source = MCUpdate | ID = 0
    Description = 12:57:55 PM - Error connecting to the internet. 12:57:55 PM - Unable
    to contact server..

    Error - 1/12/2010 1:58:04 PM | Computer Name = Stephanie-PC | Source = MCUpdate | ID = 0
    Description = 12:58:00 PM - Error connecting to the internet. 12:58:00 PM - Unable
    to contact server..

    Error - 1/12/2010 2:58:11 PM | Computer Name = Stephanie-PC | Source = MCUpdate | ID = 0
    Description = 1:58:11 PM - Error connecting to the internet. 1:58:11 PM - Unable
    to contact server..

    Error - 1/12/2010 2:58:19 PM | Computer Name = Stephanie-PC | Source = MCUpdate | ID = 0
    Description = 1:58:16 PM - Error connecting to the internet. 1:58:16 PM - Unable
    to contact server..

    Error - 1/17/2010 8:36:46 PM | Computer Name = Stephanie-PC | Source = MCUpdate | ID = 0
    Description = 7:36:45 PM - Failed to retrieve MCEClientUX (Error: The underlying
    connection was closed: Could not establish trust relationship for the SSL/TLS secure
    channel.)

    Error - 2/2/2010 8:41:34 PM | Computer Name = Stephanie-PC | Source = MCUpdate | ID = 0
    Description = 7:41:34 PM - Failed to retrieve Directory (Error: The remote name
    could not be resolved: 'data.tvdownload.microsoft.com')

    Error - 2/2/2010 8:42:11 PM | Computer Name = Stephanie-PC | Source = MCUpdate | ID = 0
    Description = 7:41:59 PM - Failed to retrieve ClientUpdate (Error: The remote name
    could not be resolved: 'data.tvdownload.microsoft.com')

    Error - 2/2/2010 8:42:33 PM | Computer Name = Stephanie-PC | Source = MCUpdate | ID = 0
    Description = 7:42:23 PM - Failed to retrieve NetTV (Error: The remote name could
    not be resolved: 'data.tvdownload.microsoft.com')

    Error - 2/15/2010 1:43:24 PM | Computer Name = Stephanie-PC | Source = MCUpdate | ID = 0
    Description = 12:43:19 PM - Failed to retrieve SportsV2 (Error: The underlying connection
    was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


    [ System Events ]
    Error - 2/23/2012 6:23:33 PM | Computer Name = Stephanie-PC | Source = Service Control Manager | ID = 7001
    Description = The Peer Networking Grouping service depends on the Peer Name Resolution
    Protocol service which failed to start because of the following error: %%-2140993535

    Error - 2/23/2012 9:00:49 PM | Computer Name = Stephanie-PC | Source = PNRPSvc | ID = 102
    Description =

    Error - 2/23/2012 9:00:49 PM | Computer Name = Stephanie-PC | Source = PNRPSvc | ID = 102
    Description =

    Error - 2/23/2012 9:00:50 PM | Computer Name = Stephanie-PC | Source = PNRPSvc | ID = 102
    Description =

    Error - 2/23/2012 9:00:49 PM | Computer Name = Stephanie-PC | Source = Service Control Manager | ID = 7023
    Description = The Peer Name Resolution Protocol service terminated with the following
    error: %%-2140993535

    Error - 2/23/2012 9:00:49 PM | Computer Name = Stephanie-PC | Source = Service Control Manager | ID = 7001
    Description = The Peer Networking Grouping service depends on the Peer Name Resolution
    Protocol service which failed to start because of the following error: %%-2140993535

    Error - 2/23/2012 9:00:49 PM | Computer Name = Stephanie-PC | Source = Service Control Manager | ID = 7023
    Description = The Peer Name Resolution Protocol service terminated with the following
    error: %%-2140993535

    Error - 2/23/2012 9:00:49 PM | Computer Name = Stephanie-PC | Source = Service Control Manager | ID = 7001
    Description = The Peer Networking Grouping service depends on the Peer Name Resolution
    Protocol service which failed to start because of the following error: %%-2140993535

    Error - 2/23/2012 9:00:50 PM | Computer Name = Stephanie-PC | Source = Service Control Manager | ID = 7023
    Description = The Peer Name Resolution Protocol service terminated with the following
    error: %%-2140993535

    Error - 2/23/2012 9:00:50 PM | Computer Name = Stephanie-PC | Source = Service Control Manager | ID = 7001
    Description = The Peer Networking Grouping service depends on the Peer Name Resolution
    Protocol service which failed to start because of the following error: %%-2140993535


    < End of report >
     
  22. Steph19

    Steph19 TS Rookie Topic Starter Posts: 22

    Answer to your question

    Computer is running well, just a couple minor problems stated below. Before I had uninstalled AVG, I hadn't been getting Threat Alert pop ups anymore, so that's great. I don't believe I've been getting random pop-ups while on the internet and haven't gotten re-directed through searches, so that's great too.

    1) My touchpad scroll doesn't work anymore.
    2) I used to be able to right click and left click at the same time to open links into a new tab and can't do that anymore.

    Also some icons are missing in the cache, which I don't mind because I don't even remember what they were, I'm just saying in case it matters. The only one I had remembered missing was Dell QuickSet, so when I change the volume I can see at what level it's at. I put that back and is working normally.


    ---Edit---
    I shut down and turned on the comp, the scroll and click work now. The other icons are also back in the cache. Sorry, never mind!


    Thank you for all your help so far :)
     
  23. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    It'd be a subject to a different forum.
    Possibly reinstalling touchpad drivers will help.

    You can reinstall AVG now.

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
      IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49192
      IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
      IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49192
      IE - HKU\S-1-5-21-513177211-2312190473-767099015-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:58444
      O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - Reg Error: Value error. File not found
      O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      [2011/12/30 18:15:27 | 000,001,420 | -HS- | C] () -- C:\Users\Stephanie\AppData\Local\dnk32af86pm3ibfhwdpn718537f4qpv130p30bwvxt 1
      [2011/12/30 18:15:27 | 000,001,420 | -HS- | C] () -- C:\ProgramData\dnk32af86pm3ibfhwdpn718537f4qpv130p30bwvxt1
      [2011/12/30 12:23:41 | 000,001,400 | -HS- | C] () -- C:\Users\Stephanie\AppData\Local\270ada28s631jp14y5rpx6e834418a01p1736
      [2011/12/30 12:23:41 | 000,001,400 | -HS- | C] () -- C:\ProgramData\270ada28s631jp14y5rpx6e834418a01p1736
      [2012/01/17 20:31:37 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\56959
      [2012/01/17 20:31:37 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\C2656
      [2010/03/14 14:10:29 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\Uniblue
      @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0B4227B4
      @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ====================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  24. Steph19

    Steph19 TS Rookie Topic Starter Posts: 22

    OTL log

    All processes killed
    ========== OTL ==========
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
    HKU\S-1-5-21-513177211-2312190473-767099015-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85d1f590-48f4-11d9-9669-0800200c9a66}\ not found.
    Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
    C:\Windows\Downloaded Program Files\OnlineScanner.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    File C:\Users\Stephanie\AppData\Local\dnk32af86pm3ibfhwdpn718537f4qpv130p30bwvxt 1 not found.
    C:\ProgramData\dnk32af86pm3ibfhwdpn718537f4qpv130p30bwvxt1 moved successfully.
    C:\Users\Stephanie\AppData\Local\270ada28s631jp14y5rpx6e834418a01p1736 moved successfully.
    C:\ProgramData\270ada28s631jp14y5rpx6e834418a01p1736 moved successfully.
    C:\Users\Stephanie\AppData\Roaming\56959 folder moved successfully.
    C:\Users\Stephanie\AppData\Roaming\C2656 folder moved successfully.
    C:\Users\Stephanie\AppData\Roaming\Uniblue\RegistryBooster\_temp folder moved successfully.
    C:\Users\Stephanie\AppData\Roaming\Uniblue\RegistryBooster\history folder moved successfully.
    C:\Users\Stephanie\AppData\Roaming\Uniblue\RegistryBooster\backup folder moved successfully.
    C:\Users\Stephanie\AppData\Roaming\Uniblue\RegistryBooster folder moved successfully.
    C:\Users\Stephanie\AppData\Roaming\Uniblue folder moved successfully.
    ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
    ADS C:\ProgramData\TEMP:5C321E34 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56504 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Stephanie
    ->Temp folder emptied: 406517043 bytes
    ->Temporary Internet Files folder emptied: 1032534097 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 55977595 bytes
    ->Apple Safari cache emptied: 4176896 bytes
    ->Flash cache emptied: 4855 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 124 bytes
    RecycleBin emptied: 3632927 bytes

    Total Files Cleaned = 1,433.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: Stephanie
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    User: Stephanie
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.33.2 log created on 02232012_234509

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
  25. Steph19

    Steph19 TS Rookie Topic Starter Posts: 22

    SecurityCheck log

    Results of screen317's Security Check version 0.99.24
    Windows 7 Service Pack 1 x86 (UAC is enabled)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    AVG 2012
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    SpywareBlaster 4.2
    Spybot - Search & Destroy
    SpywareBlaster 4.2 Out of Date!
    Java(TM) 6 Update 24
    Out of date Java installed!
    Adobe Flash Player 11.1.102.55
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Spybot Teatimer.exe is disabled!
    AVG avgwdsvc.exe
    AVG avgtray.exe
    AVG avgrsx.exe
    AVG avgnsx.exe
    AVG avgemc.exe
    ``````````End of Log````````````
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...