TechSpot

PC Performance and Stability analysis report

By drewmon
May 23, 2011
  1. Help. I'm constantly getting pop up on my screen the above message from a program called windows 7 recovery .
    Having read various peoples problems i now know im not the only one who am encountering this and have realised its some kind of malware.
    So can anyone help me remove this as im struggling getting the information i require thanks.

    I've run the Anti-malware program that you recommend which has been semi successful in the fact that it has stopped the pop ups telling me i had all the problems. I have posted the results of the anti-malware scan below.


    www.malwarebytes.org

    Database version: 6644

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    5/23/2011 4:31:33 AM
    mbam-log-2011-05-23 (04-31-33).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 591180
    Time elapsed: 5 hour(s), 38 minute(s), 8 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 6

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\programdata\34987768.exe (Rogue.WindowsRecoveryConsole) -> Quarantined and deleted successfully.
    c:\programdata\kjocbjshlcalp.exe (Trojan.FakeMS.Gen) -> Quarantined and deleted successfully.
    c:\Users\drewmon\AppData\Local\Temp\tmp99BA.tmp (Trojan.FakeMS.Gen) -> Quarantined and deleted successfully.
    c:\Users\drewmon\AppData\LocalLow\Sun\Java\deployment\cache\6.0\1\41b70341-7f5724d9 (Trojan.FakeMS.Gen) -> Quarantined and deleted successfully.
    c:\Windows.old\Windows\Temp\Low\{c2dca7eb-22d2-4fd2-86a9-f99fcc8122bb}\update.exe (PUP.Fbsearch) -> Quarantined and deleted successfully.
    c:\Windows.old\Windows\Temp\Low\{c2dca7eb-22d2-4fd2-86a9-f99fcc8122bb}\fastbrowsersearchprotection.exe (PUP.Fbsearch) -> Quarantined and deleted successfully.
     
  2. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. drewmon

    drewmon TS Rookie Topic Starter Posts: 29

    Antivirus and Malwarebytes' logs

    Avast antivirus logs:

    C:\Windows\System32\excoglib.dll
    Threat: Rootkit: hidden file

    C:\Windows\System32\voxocgif\keyucusb\subethex.dll
    Threat: Rootkit: hidden file

    C:\Users\drewmon\AppData\Local\Microsoft\Windows\TemporyInternetFiles\Low\Content.IE5\76LAWPU\5e174[1].pdf
    Threat: JS:pdfka-gen[Expl]

    C:\Users\drewmon\AppData\Local\Microsoft\Windosws\TemporaryInternetFiles\Low\Content.IE5\7YBQAYO8\roomkop4_com[1].htm
    Threat: HTML:Iframe-inf



    Malwarebytes’ logs:

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6665

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    5/25/2011 12:42:22 AM
    mbam-log-2011-05-25 (00-42-22).txt

    Scan type: Quick scan
    Objects scanned: 190954
    Time elapsed: 11 minute(s), 58 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  4. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Go on.........
     
  5. drewmon

    drewmon TS Rookie Topic Starter Posts: 29

    gmer.log

    GMER 1.0.15.15627 - http://www.gmer.net
    Rootkit quick scan 2011-05-25 01:05:17
    Windows 6.1.7600 Harddisk0\DR0 -> \Device\00000060 ST325031 rev.4.AD
    Running: hywyfxhf.exe; Driver: C:\Users\MOM&DA~1\AppData\Local\Temp\fxdiifob.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbd.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
    AttachedDevice \FileSystem\Ntfs \Ntfs tcpabmat.sys
    AttachedDevice \FileSystem\fastfat \Fat ssfs0bbd.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\fastfat \Fat tcpabmat.sys
    AttachedDevice \Driver\tdx \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

    ---- EOF - GMER 1.0.15 ----
     
  6. drewmon

    drewmon TS Rookie Topic Starter Posts: 29

    define script blocking protection

    please tell me how to do this?
     
  7. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Do you use Spybot, or Windows Defender?
     
  8. drewmon

    drewmon TS Rookie Topic Starter Posts: 29

    Windows Defender
     
  9. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Disable Windows Defender, as it'll interfere with cleaning process:
    - Open Windows Defender by clicking the Start, clicking All Programs, and then clicking Windows Defender.
    - Click Tools
    then...

    ++ Windows XP:
    - Click General Settings
    - Scroll down to Real Time Protection Options
    - Uncheck Turn on Real Time Protection
    - After you uncheck this, click on the Save button
    - Close Windows Defender

    ++ Windows Vista:
    - Click Options
    - Under Administrator options, clear the Use Windows Defender check box, and then click Save.

    Enable Windows Defender, when all cleaning is done.
     
  10. drewmon

    drewmon TS Rookie Topic Starter Posts: 29

    Is reason I should run Windows Defender and Malwarebyte's protection simultaneously or should I disable one of them?

    Secondly, when I double click on dds, it's either running in the background or not running at all. I have not seen any logs or prompts from it. How long should I wait?
     
  11. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Unless you have paid Malwarebytes version, it doesn't run in real time, so it doesn't bother anything.
    Windows Defender is pretty much worthless program, so you can keep it disabled.

    I still need DDS logs.
     
  12. drewmon

    drewmon TS Rookie Topic Starter Posts: 29

    I did buy the full version. I could not get logs from dds program. I downloaded it, double clicked it. A few seconds later saw a quick flash of a small black window, then nothing else.

    However, my IE just started working fast. It was really slow before.
     
  13. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    You still can run MBAM along with your AV program. They won't bite each other.
    But, you better disable Windows Defender.

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  14. drewmon

    drewmon TS Rookie Topic Starter Posts: 29

    2011/05/26 05:07:52.0660 6208 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
    2011/05/26 05:07:52.0956 6208 ================================================================================
    2011/05/26 05:07:52.0956 6208 SystemInfo:
    2011/05/26 05:07:52.0956 6208
    2011/05/26 05:07:52.0956 6208 OS Version: 6.1.7600 ServicePack: 0.0
    2011/05/26 05:07:52.0956 6208 Product type: Workstation
    2011/05/26 05:07:52.0956 6208 ComputerName: DREWMON-PC
    2011/05/26 05:07:52.0956 6208 UserName: Mom & Dad
    2011/05/26 05:07:52.0956 6208 Windows directory: C:\Windows
    2011/05/26 05:07:52.0956 6208 System windows directory: C:\Windows
    2011/05/26 05:07:52.0956 6208 Processor architecture: Intel x86
    2011/05/26 05:07:52.0956 6208 Number of processors: 1
    2011/05/26 05:07:52.0956 6208 Page size: 0x1000
    2011/05/26 05:07:52.0956 6208 Boot type: Normal boot
    2011/05/26 05:07:52.0956 6208 ================================================================================
    2011/05/26 05:07:54.0235 6208 Initialize success
    2011/05/26 05:07:55.0951 1192 ================================================================================
    2011/05/26 05:07:55.0951 1192 Scan started
    2011/05/26 05:07:55.0951 1192 Mode: Manual;
    2011/05/26 05:07:55.0951 1192 ================================================================================
    2011/05/26 05:07:57.0386 1192 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
    2011/05/26 05:07:57.0480 1192 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
    2011/05/26 05:07:57.0574 1192 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
    2011/05/26 05:07:57.0683 1192 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
    2011/05/26 05:07:57.0854 1192 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
    2011/05/26 05:07:58.0057 1192 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
    2011/05/26 05:07:58.0291 1192 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
    2011/05/26 05:07:58.0354 1192 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
    2011/05/26 05:07:58.0432 1192 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
    2011/05/26 05:07:58.0681 1192 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
    2011/05/26 05:07:58.0775 1192 amacpi (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\DRIVERS\null.sys
    2011/05/26 05:07:58.0900 1192 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
    2011/05/26 05:07:59.0024 1192 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
    2011/05/26 05:07:59.0227 1192 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/05/26 05:07:59.0352 1192 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
    2011/05/26 05:07:59.0446 1192 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
    2011/05/26 05:07:59.0570 1192 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
    2011/05/26 05:07:59.0633 1192 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\DRIVERS\amdxata.sys
    2011/05/26 05:07:59.0804 1192 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
    2011/05/26 05:08:00.0007 1192 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
    2011/05/26 05:08:00.0070 1192 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
    2011/05/26 05:08:00.0257 1192 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) C:\Windows\system32\drivers\aswFsBlk.sys
    2011/05/26 05:08:00.0350 1192 aswMonFlt (9bdc8e9ce17b773f69d2c6696c768c4f) C:\Windows\system32\drivers\aswMonFlt.sys
    2011/05/26 05:08:00.0444 1192 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) C:\Windows\system32\drivers\aswRdr.sys
    2011/05/26 05:08:00.0584 1192 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) C:\Windows\system32\drivers\aswSnx.sys
    2011/05/26 05:08:00.0787 1192 aswSP (d6788e3211afa9951ed7a4d617f68a4f) C:\Windows\system32\drivers\aswSP.sys
    2011/05/26 05:08:00.0865 1192 aswTdi (4d100c45517809439c7b6dd98997fa00) C:\Windows\system32\drivers\aswTdi.sys
    2011/05/26 05:08:00.0974 1192 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/05/26 05:08:01.0099 1192 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
    2011/05/26 05:08:01.0364 1192 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
    2011/05/26 05:08:01.0520 1192 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
    2011/05/26 05:08:01.0676 1192 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    2011/05/26 05:08:01.0801 1192 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    2011/05/26 05:08:01.0926 1192 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
    2011/05/26 05:08:02.0066 1192 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2011/05/26 05:08:02.0144 1192 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2011/05/26 05:08:02.0269 1192 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    2011/05/26 05:08:02.0316 1192 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    2011/05/26 05:08:02.0363 1192 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2011/05/26 05:08:02.0425 1192 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    2011/05/26 05:08:02.0519 1192 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/05/26 05:08:02.0690 1192 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/05/26 05:08:02.0784 1192 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/05/26 05:08:02.0878 1192 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
    2011/05/26 05:08:02.0971 1192 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    2011/05/26 05:08:03.0143 1192 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/05/26 05:08:03.0221 1192 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
    2011/05/26 05:08:03.0392 1192 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
    2011/05/26 05:08:03.0486 1192 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/05/26 05:08:03.0580 1192 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
    2011/05/26 05:08:03.0689 1192 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
    2011/05/26 05:08:03.0892 1192 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
    2011/05/26 05:08:04.0235 1192 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
    2011/05/26 05:08:04.0406 1192 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    2011/05/26 05:08:04.0500 1192 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
    2011/05/26 05:08:04.0578 1192 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
    2011/05/26 05:08:04.0672 1192 Dot4Print (c25fea07a8e7767e8b89ab96a3b96519) C:\Windows\system32\DRIVERS\Dot4Prt.sys
    2011/05/26 05:08:04.0843 1192 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
    2011/05/26 05:08:04.0937 1192 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    2011/05/26 05:08:05.0030 1192 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/05/26 05:08:05.0296 1192 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
    2011/05/26 05:08:05.0561 1192 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
    2011/05/26 05:08:05.0639 1192 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
    2011/05/26 05:08:05.0857 1192 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    2011/05/26 05:08:05.0935 1192 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    2011/05/26 05:08:06.0029 1192 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
    2011/05/26 05:08:06.0138 1192 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    2011/05/26 05:08:06.0216 1192 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    2011/05/26 05:08:06.0278 1192 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/05/26 05:08:06.0466 1192 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    2011/05/26 05:08:06.0590 1192 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    2011/05/26 05:08:06.0637 1192 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/05/26 05:08:06.0778 1192 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/05/26 05:08:06.0856 1192 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2011/05/26 05:08:06.0934 1192 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    2011/05/26 05:08:07.0168 1192 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    2011/05/26 05:08:07.0277 1192 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
    2011/05/26 05:08:07.0386 1192 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/05/26 05:08:07.0464 1192 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
    2011/05/26 05:08:07.0526 1192 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
    2011/05/26 05:08:07.0729 1192 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
    2011/05/26 05:08:07.0870 1192 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/05/26 05:08:08.0041 1192 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
    2011/05/26 05:08:08.0135 1192 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
    2011/05/26 05:08:08.0275 1192 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
    2011/05/26 05:08:08.0353 1192 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/05/26 05:08:08.0462 1192 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
    2011/05/26 05:08:08.0618 1192 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
    2011/05/26 05:08:08.0868 1192 IntcAzAudAddService (f8f53c5449f15b23d4c61d51d2701da8) C:\Windows\system32\drivers\RTKVHDA.sys
    2011/05/26 05:08:09.0086 1192 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
    2011/05/26 05:08:09.0164 1192 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/05/26 05:08:09.0305 1192 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/05/26 05:08:09.0445 1192 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    2011/05/26 05:08:09.0508 1192 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    2011/05/26 05:08:09.0664 1192 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    2011/05/26 05:08:09.0742 1192 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
    2011/05/26 05:08:09.0851 1192 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/05/26 05:08:09.0976 1192 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/05/26 05:08:10.0069 1192 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/05/26 05:08:10.0147 1192 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
    2011/05/26 05:08:10.0366 1192 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
    2011/05/26 05:08:10.0584 1192 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/05/26 05:08:10.0787 1192 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2011/05/26 05:08:10.0865 1192 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2011/05/26 05:08:11.0052 1192 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2011/05/26 05:08:11.0114 1192 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2011/05/26 05:08:11.0302 1192 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    2011/05/26 05:08:11.0395 1192 MBAMProtector (836e0e09ca9869be7eb39ef2cf3602c7) C:\Windows\system32\drivers\mbam.sys
    2011/05/26 05:08:11.0582 1192 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
    2011/05/26 05:08:11.0660 1192 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
    2011/05/26 05:08:11.0832 1192 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    2011/05/26 05:08:11.0910 1192 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    2011/05/26 05:08:12.0004 1192 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/05/26 05:08:12.0097 1192 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/05/26 05:08:12.0175 1192 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
    2011/05/26 05:08:12.0316 1192 MPFP (4fc96dab9d75c1f544ba45ccbafcae7e) C:\Windows\system32\Drivers\Mpfp.sys
    2011/05/26 05:08:12.0409 1192 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
    2011/05/26 05:08:12.0565 1192 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    2011/05/26 05:08:12.0674 1192 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
    2011/05/26 05:08:12.0752 1192 mrxsmb (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/05/26 05:08:12.0893 1192 mrxsmb10 (e593d45024a3fdd11e93cc4a6ca91101) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/05/26 05:08:13.0049 1192 mrxsmb20 (a9f86c82c9cc3b679cc3957e1183a30f) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/05/26 05:08:13.0158 1192 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
    2011/05/26 05:08:13.0267 1192 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
    2011/05/26 05:08:13.0486 1192 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    2011/05/26 05:08:13.0564 1192 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    2011/05/26 05:08:13.0657 1192 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
    2011/05/26 05:08:13.0766 1192 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/05/26 05:08:13.0907 1192 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/05/26 05:08:14.0016 1192 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    2011/05/26 05:08:14.0094 1192 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    2011/05/26 05:08:14.0234 1192 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/05/26 05:08:14.0297 1192 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    2011/05/26 05:08:14.0422 1192 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
    2011/05/26 05:08:14.0500 1192 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    2011/05/26 05:08:14.0671 1192 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/05/26 05:08:14.0765 1192 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
    2011/05/26 05:08:14.0921 1192 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
    2011/05/26 05:08:14.0983 1192 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/05/26 05:08:15.0108 1192 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/05/26 05:08:15.0233 1192 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/05/26 05:08:15.0326 1192 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
    2011/05/26 05:08:15.0545 1192 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
    2011/05/26 05:08:15.0670 1192 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
    2011/05/26 05:08:16.0013 1192 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
    2011/05/26 05:08:16.0153 1192 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    2011/05/26 05:08:16.0247 1192 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
    2011/05/26 05:08:16.0450 1192 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
    2011/05/26 05:08:16.0559 1192 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    2011/05/26 05:08:16.0668 1192 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
    2011/05/26 05:08:16.0980 1192 nvlddmkm (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    2011/05/26 05:08:17.0401 1192 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
    2011/05/26 05:08:17.0495 1192 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
    2011/05/26 05:08:17.0838 1192 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
    2011/05/26 05:08:17.0932 1192 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
    2011/05/26 05:08:18.0025 1192 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    2011/05/26 05:08:18.0103 1192 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
    2011/05/26 05:08:18.0244 1192 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    2011/05/26 05:08:18.0337 1192 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
    2011/05/26 05:08:18.0509 1192 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
    2011/05/26 05:08:18.0571 1192 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/05/26 05:08:18.0743 1192 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    2011/05/26 05:08:18.0836 1192 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    2011/05/26 05:08:19.0024 1192 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/05/26 05:08:19.0102 1192 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
    2011/05/26 05:08:19.0289 1192 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    2011/05/26 05:08:19.0414 1192 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
    2011/05/26 05:08:19.0523 1192 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
    2011/05/26 05:08:19.0741 1192 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
    2011/05/26 05:08:19.0944 1192 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    2011/05/26 05:08:20.0131 1192 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/05/26 05:08:20.0225 1192 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2011/05/26 05:08:20.0381 1192 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/05/26 05:08:20.0552 1192 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/05/26 05:08:20.0630 1192 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/05/26 05:08:20.0708 1192 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/05/26 05:08:20.0880 1192 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    2011/05/26 05:08:20.0958 1192 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/05/26 05:08:21.0067 1192 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
    2011/05/26 05:08:21.0239 1192 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    2011/05/26 05:08:21.0301 1192 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    2011/05/26 05:08:21.0395 1192 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
    2011/05/26 05:08:21.0504 1192 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
    2011/05/26 05:08:21.0722 1192 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/05/26 05:08:21.0785 1192 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
    2011/05/26 05:08:21.0972 1192 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
    2011/05/26 05:08:22.0050 1192 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
    2011/05/26 05:08:22.0206 1192 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2011/05/26 05:08:22.0378 1192 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
    2011/05/26 05:08:22.0456 1192 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
    2011/05/26 05:08:22.0580 1192 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
    2011/05/26 05:08:22.0768 1192 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
    2011/05/26 05:08:22.0892 1192 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/05/26 05:08:22.0970 1192 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\drivers\sffp_sd.sys
    2011/05/26 05:08:23.0064 1192 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
    2011/05/26 05:08:23.0158 1192 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
    2011/05/26 05:08:23.0251 1192 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2011/05/26 05:08:23.0345 1192 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
    2011/05/26 05:08:23.0516 1192 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    2011/05/26 05:08:23.0719 1192 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    2011/05/26 05:08:23.0844 1192 srv (4a9b0f215de2519e2363f91df25c1e97) C:\Windows\system32\DRIVERS\srv.sys
    2011/05/26 05:08:23.0984 1192 srv2 (14c44875518ae1c982e54ea8c5f7fe28) C:\Windows\system32\DRIVERS\srv2.sys
    2011/05/26 05:08:24.0109 1192 srvnet (07a14223b0a50e76ade003fdf95d4fec) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/05/26 05:08:24.0390 1192 ssfs0bbd (24546f9933e65b49ee131d6c34e85ab0) C:\Windows\system32\DRIVERS\ssfs0bbd.sys
    2011/05/26 05:08:24.0530 1192 sshrmd (2463978717750061daa302b905890ffa) C:\Windows\system32\DRIVERS\sshrmd.sys
    2011/05/26 05:08:24.0655 1192 ssidrv (e4122792a05caa03cca3a6058138a0aa) C:\Windows\system32\DRIVERS\ssidrv.sys
    2011/05/26 05:08:24.0780 1192 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
    2011/05/26 05:08:24.0936 1192 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
    2011/05/26 05:08:25.0014 1192 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
    2011/05/26 05:08:25.0139 1192 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
    2011/05/26 05:08:25.0451 1192 tcpabmat (4c4bc379d2c9dc2a4c53d2da64a427d2) C:\Windows\system32\DRIVERS\tcpabmat.sys
    2011/05/26 05:08:25.0591 1192 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
    2011/05/26 05:08:25.0732 1192 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/05/26 05:08:25.0825 1192 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
    2011/05/26 05:08:25.0903 1192 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
    2011/05/26 05:08:25.0997 1192 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
    2011/05/26 05:08:26.0090 1192 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
    2011/05/26 05:08:26.0215 1192 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
    2011/05/26 05:08:26.0480 1192 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/05/26 05:08:26.0590 1192 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/05/26 05:08:26.0761 1192 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
    2011/05/26 05:08:26.0839 1192 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
    2011/05/26 05:08:27.0136 1192 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
    2011/05/26 05:08:27.0338 1192 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
    2011/05/26 05:08:27.0510 1192 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
    2011/05/26 05:08:27.0666 1192 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
    2011/05/26 05:08:27.0744 1192 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/05/26 05:08:27.0900 1192 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
    2011/05/26 05:08:28.0056 1192 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/05/26 05:08:28.0196 1192 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/05/26 05:08:28.0306 1192 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\DRIVERS\usbohci.sys
    2011/05/26 05:08:28.0462 1192 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/05/26 05:08:28.0696 1192 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
    2011/05/26 05:08:28.0867 1192 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\drivers\USBSTOR.SYS
    2011/05/26 05:08:28.0961 1192 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys
    2011/05/26 05:08:29.0164 1192 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
    2011/05/26 05:08:29.0382 1192 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/05/26 05:08:29.0476 1192 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    2011/05/26 05:08:29.0600 1192 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
    2011/05/26 05:08:29.0710 1192 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
    2011/05/26 05:08:29.0819 1192 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
    2011/05/26 05:08:29.0912 1192 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
    2011/05/26 05:08:30.0053 1192 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
    2011/05/26 05:08:30.0146 1192 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
    2011/05/26 05:08:30.0271 1192 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
    2011/05/26 05:08:30.0349 1192 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    2011/05/26 05:08:30.0443 1192 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
    2011/05/26 05:08:30.0599 1192 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
    2011/05/26 05:08:30.0786 1192 VSTHWBS2 (682fcf7d2eb5158cd30408e976562408) C:\Windows\system32\DRIVERS\VSTBS23.SYS
    2011/05/26 05:08:30.0989 1192 VST_DPV (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
    2011/05/26 05:08:31.0114 1192 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
    2011/05/26 05:08:31.0270 1192 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
    2011/05/26 05:08:31.0394 1192 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/05/26 05:08:31.0457 1192 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/05/26 05:08:31.0738 1192 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
    2011/05/26 05:08:31.0831 1192 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    2011/05/26 05:08:32.0050 1192 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    2011/05/26 05:08:32.0112 1192 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    2011/05/26 05:08:32.0299 1192 winachsf (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
    2011/05/26 05:08:32.0627 1192 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2011/05/26 05:08:32.0845 1192 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/05/26 05:08:32.0954 1192 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
    2011/05/26 05:08:33.0110 1192 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/05/26 05:08:33.0204 1192 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    2011/05/26 05:08:33.0235 1192 ================================================================================
    2011/05/26 05:08:33.0235 1192 Scan finished
    2011/05/26 05:08:33.0235 1192 ================================================================================
    2011/05/26 05:08:33.0251 6576 Detected object count: 0
    2011/05/26 05:08:33.0251 6576 Actual detected object count: 0
     
  15. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    =====================================================================

    Please download Rootkit Unhooker from one of the following links and save it to your desktop.
    In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

    • Double-click on RKUnhookerLE.exe to start the program.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • Click the Report tab, then click Scan.
    • Check Drivers, Stealth, and uncheck the rest.
    • Click OK.
    • Wait until it's finished and then go to File > Save Report.
    • Save the report to your Desktop.
    • Copy and paste the contents of the report into your next reply.
    -- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".
     
  16. drewmon

    drewmon TS Rookie Topic Starter Posts: 29

    aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
    Run date: 2011-05-26 19:47:16
    -----------------------------
    19:47:16.736 OS Version: Windows 6.1.7600
    19:47:16.736 Number of processors: 1 586 0x7F02
    19:47:16.736 ComputerName: DREWMON-PC UserName: Mom & Dad
    19:47:18.561 Initialize success
    19:47:20.418 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000060
    19:47:20.418 Disk 0 Vendor: ST325031 4.AD Size: 238418MB BusType: 3
    19:47:22.446 Disk 0 MBR read successfully
    19:47:22.461 Disk 0 MBR scan
    19:47:22.461 Disk 0 Windows 7 default MBR code
    19:47:24.489 Disk 0 scanning sectors +488278016
    19:47:24.505 Disk 0 scanning C:\Windows\system32\drivers
    19:47:31.478 Service scanning
    19:47:32.851 Disk 0 trace - called modules:
    19:47:32.867 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor.sys
    19:47:32.882 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d43360]
    19:47:32.882 3 CLASSPNP.SYS[8ca7d59e] -> nt!IofCallDriver -> [0x867d2020]
    19:47:32.882 5 ACPI.sys[8400b3b2] -> nt!IofCallDriver -> \Device\00000060[0x867d2c68]
    19:47:32.882 Scan finished successfully
    19:47:58.560 Disk 0 MBR has been saved successfully to "C:\Users\Mom & Dad\Desktop\MBR.dat"
    19:47:58.575 The log file has been saved successfully to "C:\Users\Mom & Dad\Desktop\aswMBR.txt"


    RkU Version: 3.8.388.590, Type LE (SR2)
    ==============================================
    OS Name: Windows 7
    Version 6.1.7600
    Number of processors #1
    ==============================================
    >Drivers
    ==============================================
    0x9380E000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 11001856 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 258.96 )
    0x83049000 C:\Windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
    0x83049000 PnpManager 4259840 bytes
    0x83049000 RAW 4259840 bytes
    0x83049000 WMIxWDM 4259840 bytes
    0x9B990000 Win32k 2404352 bytes
    0x9B990000 C:\Windows\System32\win32k.sys 2404352 bytes (Microsoft Corporation, Multi-User Win32 Driver)
    0x94601000 C:\Windows\system32\drivers\RTKVHDA.sys 2052096 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
    0x91E3B000 C:\Windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)
    0x84207000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
    0x92A34000 C:\Windows\system32\DRIVERS\VSTDPV3.SYS 1056768 bytes (Conexant Systems, Inc., HSF_DP driver)
    0x9428E000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
    0x8C823000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
    0x92B36000 C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)
    0x8369E000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
    0xA1B66000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
    0xA1A3D000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
    0x83749000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
    0x8CB11000 C:\Windows\System32\Drivers\aswSnx.SYS 458752 bytes (AVAST Software, avast! Virtualization Driver)
    0x92525000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
    0x84374000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
    0x9240E000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
    0x92712000 C:\Windows\system32\DRIVERS\nvm62x32.sys 348160 bytes (NVIDIA Corporation, NVIDIA MCP Networking Function Driver.)
    0xA3809000 C:\Windows\System32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
    0x957AE000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
    0x92692000 C:\Windows\system32\DRIVERS\VSTBS23.SYS 311296 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
    0x92638000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
    0x840D8000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
    0x925AF000 C:\Windows\System32\Drivers\aswSP.SYS 303104 bytes (AVAST Software, avast! self protection module)
    0x84002000 C:\Windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
    0x8419F000 C:\Windows\system32\drivers\storport.sys 290816 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
    0x927B0000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
    0x8365C000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
    0x924C4000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
    0x9567A000 C:\Windows\system32\DRIVERS\udfs.sys 262144 bytes (Microsoft Corporation, UDF File System Driver)
    0x8C946000 C:\Windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
    0x8C8DA000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
    0xA1B10000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
    0x94345000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
    0x95736000 C:\Windows\system32\drivers\aswMonFlt.sys 229376 bytes (AVAST Software, avast! File System Minifilter for Windows 2003/Vista)
    0x83012000 ACPI_HAL 225280 bytes
    0x83012000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
    0x837C8000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
    0x926DE000 C:\Windows\system32\DRIVERS\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
    0x8CA36000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
    0x8CA00000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
    0x91F84000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
    0xA38C1000 C:\Windows\System32\Drivers\RDPWD.SYS 200704 bytes (Microsoft Corporation, RDP Terminal Stack Driver)
    0x83609000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
    0x8C99C000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
    0x84336000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
    0xA385B000 C:\Windows\System32\Drivers\fastfat.SYS 172032 bytes (Microsoft Corporation, Fast FAT File System Driver)
    0x8405B000 C:\Windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
    0x91FB5000 C:\Windows\System32\Drivers\Mpfp.sys 167936 bytes (McAfee, Inc., McAfee Personal Firewall Plus Driver)
    0x8CA79000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
    0x956E5000 C:\Windows\System32\Drivers\dump_nvstor.sys 151552 bytes
    0x8C918000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
    0x8417A000 C:\Windows\system32\drivers\nvstor.sys 151552 bytes (NVIDIA Corporation, NVIDIA® nForce(TM) Sata Performance Driver)
    0xA3885000 C:\Windows\System32\drivers\rdpdr.sys 151552 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
    0x95656000 C:\Windows\system32\DRIVERS\Dot4.sys 147456 bytes (Microsoft Corporation, IEEE-1284.4-1999 Driver)
    0x84157000 C:\Windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
    0xA1AED000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
    0x943C0000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
    0xA3969000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
    0xA1A0A000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
    0x8C800000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
    0x8CB94000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
    0x8CAF2000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
    0x92A00000 C:\Windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
    0x92474000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
    0x9B8E0000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
    0x840AC000 C:\Windows\system32\DRIVERS\ssidrv.sys 114688 bytes (Webroot Software, Inc. (www.webroot.com), Spy Sweeper Interdiction Driver)
    0x9571B000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
    0xA1B4B000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
    0x95771000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
    0xA1AC2000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
    0x92611000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
    0x92589000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
    0x9439D000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
    0x943E2000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
    0x92767000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
    0x9277E000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
    0x91FE9000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
    0x843E8000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
    0x84138000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
    0x91E00000 C:\Windows\system32\DRIVERS\ipfltdrv.sys 86016 bytes (Microsoft Corporation, IP FILTER DRIVER)
    0x8C9E1000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
    0x84361000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
    0x9579B000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
    0x924A1000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
    0x9438B000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
    0x91E1F000 C:\Windows\system32\DRIVERS\amdk8.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
    0xA1ADB000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
    0x8CA68000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
    0x9570A000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
    0x841EF000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
    0x92600000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
    0x84090000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
    0x83643000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
    0x9578B000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
    0x8C9C9000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
    0x924B4000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
    0x840C8000 C:\Windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
    0x8C985000 C:\Windows\system32\DRIVERS\tcpabmat.sys 61440 bytes (-, -)
    0x92683000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
    0x925A1000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
    0x92493000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
    0x8CBE5000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
    0x8412A000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
    0x843D1000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
    0x927A2000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
    0x95626000 C:\Windows\system32\DRIVERS\usbscan.sys 57344 bytes (Microsoft Corporation, USB Scanner Driver)
    0x837BA000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
    0x9437E000 C:\Windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
    0x956CE000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
    0x9563F000 C:\Windows\system32\DRIVERS\dot4usb.sys 53248 bytes (Microsoft Corporation, DOT4USB filter driver)
    0x92A25000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
    0x92BEB000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
    0x92795000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
    0xA1A2B000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
    0xA38B4000 C:\Windows\System32\DRIVERS\tssecsrv.sys 53248 bytes (Microsoft Corporation, TS Security Filter Driver)
    0x8CBB5000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
    0x92519000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
    0x927F4000 C:\Windows\system32\DRIVERS\kbdhid.sys 49152 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
    0x8CB88000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
    0xA399F000 C:\Users\MOM&DA~1\AppData\Local\Temp\aswMBR.sys 45056 bytes
    0x9262A000 C:\Windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
    0x83638000 C:\Windows\system32\mcupdate_AuthenticAMD.dll 45056 bytes (Microsoft Corporation, AMD Microcode Update Library)
    0x956C3000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
    0x8CBF3000 C:\Windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)
    0x8CBDA000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
    0x943B5000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
    0x91FDE000 C:\Windows\System32\Drivers\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
    0x95634000 C:\Windows\system32\DRIVERS\usbprint.sys 45056 bytes (Microsoft Corporation, USB Printer driver)
    0x84085000 C:\Windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
    0x91E15000 C:\Windows\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)
    0x956DB000 C:\Windows\System32\Drivers\dump_diskdump.sys 40960 bytes
    0x9564C000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
    0x9250F000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
    0x92505000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
    0x93800000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
    0xA1A00000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
    0xA38AA000 C:\Windows\system32\drivers\tdtcp.sys 40960 bytes (Microsoft Corporation, TCP Transport Driver)
    0x92400000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
    0x841E6000 C:\Windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
    0xA3960000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
    0x8414E000 C:\Windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
    0x956BA000 C:\Windows\system32\DRIVERS\Dot4Prt.sys 36864 bytes (Microsoft Corporation, IEEE-1284.4 Print Class Driver)
    0x843DF000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
    0xA39AA000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
    0x83600000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
    0x9BBF0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
    0x8C93D000 C:\Windows\system32\DRIVERS\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
    0x8404A000 C:\Windows\system32\DRIVERS\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
    0x83654000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
    0x8C9D9000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
    0x80BC9000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
    0x84053000 C:\Windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
    0x8CBC2000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
    0x8CBCA000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
    0x8CBD2000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
    0x8C994000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
    0x8CB81000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
    0x947F6000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
    0x8CA9E000 C:\Windows\system32\DRIVERS\null.sys 28672 bytes (Microsoft Corporation, NULL Driver)
    0x84123000 C:\Windows\system32\DRIVERS\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
    0x9246D000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
    0x92A1F000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
    0x840A6000 C:\Windows\system32\DRIVERS\ssfs0bbd.sys 24576 bytes (Webroot Software, Inc. (www.webroot.com), Spy Sweeper FileSystem Filter Driver)
    0x92468000 C:\Windows\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
    0x840A1000 C:\Windows\system32\DRIVERS\sshrmd.sys 20480 bytes (Webroot Software, Inc. (www.webroot.com), Spy Sweeper Mini Driver)
    0xA38F2000 C:\Windows\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
    0x9576E000 C:\Windows\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
    0x9428C000 C:\Windows\system32\DRIVERS\nvBridge.kmd 8192 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 258.96 )
    0x9380A000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
    0x947FD000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
    ==============================================
    >Stealth
    ==============================================
    0xA3920F2E Unknown thread object [ ETHREAD 0x8687AD48 ] , 600 bytes
     
  17. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  18. drewmon

    drewmon TS Rookie Topic Starter Posts: 29

    ComboFix 11-05-26.02 - Mom & Dad 05/27/2011 5:16.1.1 - x86
    Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3518.2364 [GMT -4:00]
    Running from: c:\users\Mom & Dad\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\SelectRebates
    c:\program files\SelectRebates\FFToolbar\chrome.manifest
    c:\program files\SelectRebates\FFToolbar\chrome\sahtoolbar.jar
    c:\program files\SelectRebates\FFToolbar\defaults\preferences\sahtoolbar.js
    c:\program files\SelectRebates\FFToolbar\install.rdf
    c:\program files\SelectRebates\SelectAlerts.dat
    c:\program files\SelectRebates\SelectRebates.exe
    c:\program files\SelectRebates\SelectRebates.ini
    c:\program files\SelectRebates\SelectRebatesA.dat
    c:\program files\SelectRebates\SelectRebatesApi.exe
    c:\program files\SelectRebates\SelectRebatesB.dat
    c:\program files\SelectRebates\SelectRebatesBT.dat
    c:\program files\SelectRebates\SelectRebatesDownload.exe
    c:\program files\SelectRebates\SelectRebatesUninstall.exe
    c:\program files\SelectRebates\SRebates.dll
    c:\program files\SelectRebates\SRFF3.dll
    c:\program files\SelectRebates\Toolbar\AddtoList.bmp
    c:\program files\SelectRebates\Toolbar\basis.xml
    c:\program files\SelectRebates\Toolbar\Basis.xml.dym
    c:\program files\SelectRebates\Toolbar\Blank.bmp
    c:\program files\SelectRebates\Toolbar\CashBack.bmp
    c:\program files\SelectRebates\Toolbar\Coupons.bmp
    c:\program files\SelectRebates\Toolbar\GroceryCoupon.bmp
    c:\program files\SelectRebates\Toolbar\i_magnifying.bmp
    c:\program files\SelectRebates\Toolbar\icons.bmp
    c:\program files\SelectRebates\Toolbar\logo.bmp
    c:\program files\SelectRebates\Toolbar\logo_24.bmp
    c:\program files\SelectRebates\Toolbar\logo_HotSpots.bmp
    c:\program files\SelectRebates\Toolbar\ReviewSite.bmp
    c:\program files\SelectRebates\Toolbar\RightControls.dym
    c:\program files\SelectRebates\Toolbar\sahtb-alert.bmp
    c:\program files\SelectRebates\Toolbar\sahtb-go.bmp
    c:\program files\SelectRebates\Toolbar\sahtb-grocerycoupons.bmp
    c:\program files\SelectRebates\Toolbar\sahtb-icons.bmp
    c:\program files\SelectRebates\Toolbar\sahtb-restaurant.bmp
    c:\program files\SelectRebates\Toolbar\sahtb-wishlist.bmp
    c:\program files\SelectRebates\Toolbar\Scissors.bmp
    c:\program files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
    c:\windows\system32\comanbat.dll
    c:\windows\system32\disebsel.dll
    c:\windows\system32\svromime.exe
    .
    c:\windows\system32\userinit.exe . . . is infected!!
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-04-27 to 2011-05-27 )))))))))))))))))))))))))))))))
    .
    .
    2011-05-27 09:42 . 2011-05-27 09:42 -------- d-----w- c:\users\Mcx1-DREWMON-PC\AppData\Local\temp
    2011-05-27 09:42 . 2011-05-27 09:42 -------- d-----w- c:\users\drewmon\AppData\Local\temp
    2011-05-27 09:41 . 2011-05-27 09:46 -------- d-----w- c:\users\Mom & Dad\AppData\Local\temp
    2011-05-27 09:41 . 2011-05-27 09:41 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-05-27 09:41 . 2011-05-27 09:41 -------- d-----w- c:\users\Monroe Family\AppData\Local\temp
    2011-05-27 09:10 . 2011-05-27 09:10 -------- d-----w- C:\32788R22FWJFW
    2011-05-27 00:21 . 2011-05-27 00:21 -------- d-----w- c:\users\Mom & Dad\AppData\Local\{CA08045C-6F40-424F-8F5E-CA456F87B60E}
    2011-05-26 10:31 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
    2011-05-26 03:02 . 1997-08-28 21:00 416768 ----a-w- c:\windows\system32\cpeaut32.dll
    2011-05-26 03:00 . 1998-10-29 20:45 306688 ----a-w- c:\windows\IsUninst.exe
    2011-05-26 03:00 . 2011-05-26 03:00 -------- d-----w- c:\users\Mom & Dad\temp
    2011-05-25 23:07 . 2011-04-22 19:36 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
    2011-05-25 22:19 . 2011-05-25 22:19 -------- d-----w- c:\users\Mom & Dad\AppData\Local\{162F0102-53F9-41B8-924A-C166B72D3BAE}
    2011-05-25 06:55 . 2011-05-18 16:37 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{22AB956D-2494-4224-8581-70D74C01C51C}\mpengine.dll
    2011-05-25 05:38 . 2011-05-25 05:38 -------- d-----w- c:\users\Mom & Dad\AppData\Local\{50F51F28-3B71-406B-9CDA-59BBB9C22586}
    2011-05-25 01:27 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-05-25 01:27 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-05-25 01:27 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-05-25 01:27 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-05-25 01:27 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-05-25 01:27 . 2011-05-10 11:59 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-05-25 01:26 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
    2011-05-25 01:26 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
    2011-05-25 01:26 . 2011-05-25 01:26 -------- d-----w- c:\programdata\AVAST Software
    2011-05-25 01:26 . 2011-05-25 01:26 -------- d-----w- c:\program files\AVAST Software
    2011-05-24 02:22 . 2011-05-24 02:22 -------- d-----w- c:\users\Mom & Dad\AppData\Local\{EC204A63-3248-4196-9AC7-698C88A78A38}
    2011-05-23 08:35 . 2011-05-23 08:35 -------- d-----w- c:\users\drewmon\AppData\Roaming\Malwarebytes
    2011-05-22 23:47 . 2011-05-22 23:47 -------- d-----w- c:\users\Mom & Dad\AppData\Roaming\Malwarebytes
    2011-05-22 23:47 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-22 23:47 . 2011-05-22 23:47 -------- d-----w- c:\programdata\Malwarebytes
    2011-05-22 23:47 . 2011-05-22 23:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-05-22 23:47 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-21 11:04 . 2011-05-21 11:05 -------- d--h--w- c:\users\drewmon\AppData\Local\{EBF7B340-B279-4EB9-87BB-D8644739B7F0}
    2011-05-20 23:04 . 2011-05-20 23:04 -------- d--h--w- c:\users\drewmon\AppData\Local\{3AF37AF7-F5D6-4AA0-8DEE-6C95F8392653}
    2011-05-20 23:02 . 2011-05-20 23:02 -------- d-----w- c:\users\Mom & Dad\AppData\Local\{32560F2F-DC55-4592-A5AF-2B28C4C37892}
    2011-05-18 18:23 . 2011-05-18 18:23 -------- d-----w- c:\program files\Conduit
    2011-05-18 18:23 . 2011-05-18 18:23 -------- d-----w- c:\program files\Coupons.com
    2011-05-18 13:49 . 2011-05-18 13:49 -------- d-----w- c:\users\Mom & Dad\AppData\Local\{75B55CB4-4910-49D8-A1D7-0F7C21E2FA56}
    2011-05-18 01:48 . 2011-05-18 01:49 -------- d-----w- c:\users\Mom & Dad\AppData\Local\{E8A8581E-A8E5-42AE-B1F6-1333CF34E3D7}
    2011-05-18 01:46 . 2011-05-18 01:47 -------- d--h--w- c:\users\drewmon\AppData\Local\{43D75651-A8E1-43D8-B293-162C16750BD3}
    2011-05-16 21:14 . 2011-05-16 21:14 -------- d-----w- c:\users\Mom & Dad\AppData\Local\{B7E235A8-08E8-417A-A5A5-8A58C680750C}
    2011-05-11 10:20 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-05-11 10:20 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-05-11 08:54 . 2011-03-25 03:06 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
    2011-05-11 08:54 . 2011-03-25 03:06 284160 ----a-w- c:\windows\system32\drivers\usbport.sys
    2011-05-11 08:54 . 2011-03-25 03:06 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2011-05-11 08:54 . 2011-03-25 03:06 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2011-05-11 08:54 . 2011-03-25 03:06 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
    2011-05-11 08:54 . 2011-03-25 03:06 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
    2011-05-11 08:54 . 2011-03-25 03:06 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
    2011-05-08 16:18 . 2011-05-08 16:18 -------- d--h--w- c:\users\drewmon\AppData\Local\{3B5FE1A7-F820-4018-902B-4D19255E553A}
    2011-05-08 16:09 . 2011-05-08 16:10 -------- d-----w- c:\users\Mom & Dad\AppData\Local\{B2A5FEBE-ABEB-4D03-AA47-DC2B84AFDD2D}
    2011-05-05 22:41 . 2011-05-05 22:41 -------- d-----w- c:\program files\Common Files\Java
    2011-05-05 22:41 . 2011-05-05 22:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-05-05 22:40 . 2011-05-05 22:40 -------- d-----w- c:\program files\Java
    2011-05-04 21:06 . 2011-05-04 21:06 -------- d--h--w- c:\users\drewmon\AppData\Local\{C577A6B8-B311-4817-9080-9CD6CF684C2B}
    2011-05-02 01:25 . 2011-02-18 05:33 31232 ----a-w- c:\windows\system32\prevhost.exe
    2011-05-02 01:24 . 2011-03-11 05:44 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
    2011-05-02 01:24 . 2011-03-11 05:44 1210240 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2011-05-02 01:24 . 2011-03-11 05:44 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
    2011-05-02 01:24 . 2011-03-11 05:39 1686016 ----a-w- c:\windows\system32\esent.dll
    2011-05-02 01:24 . 2011-03-11 05:44 146304 ----a-w- c:\windows\system32\drivers\storport.sys
    2011-05-02 01:24 . 2011-03-11 05:43 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
    2011-05-02 01:24 . 2011-03-11 05:37 74240 ----a-w- c:\windows\system32\fsutil.exe
    2011-05-02 01:24 . 2011-03-12 11:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-05-02 01:24 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\explorer.exe
    2011-04-30 21:26 . 2011-04-30 21:26 -------- d--h--w- c:\users\drewmon\AppData\Local\{E98EB52A-A7FA-46D9-8136-B059C463187B}
    2011-04-30 19:02 . 2011-03-11 05:43 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-05-05 15:39 . 2011-04-21 15:34 525856 ----a-w- c:\users\Mom & Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe
    2011-04-13 00:05 . 2011-04-13 00:05 4283672 ---ha-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
    2011-04-13 00:05 . 2011-04-13 00:05 42776 ---ha-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
    2011-03-11 05:40 . 2011-04-14 22:14 1137664 ----a-w- c:\windows\system32\mfc42.dll
    2011-03-11 05:40 . 2011-04-14 22:14 1164288 ----a-w- c:\windows\system32\mfc42u.dll
    2011-03-10 07:02 . 2010-06-24 15:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-03-08 05:38 . 2011-04-14 22:15 740864 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-03 05:29 . 2011-04-14 22:17 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
    2011-03-03 05:27 . 2011-04-14 22:17 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
    2011-03-03 03:31 . 2011-04-14 22:16 2331136 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{37153479-1976-43c3-a1ee-557513977b64}"= "c:\program files\Coupons.com\tbCoup.dll" [2010-12-09 3911776]
    .
    [HKEY_CLASSES_ROOT\clsid\{37153479-1976-43c3-a1ee-557513977b64}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37153479-1976-43c3-a1ee-557513977b64}]
    2010-12-09 16:51 3911776 ----a-w- c:\program files\Coupons.com\tbCoup.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{37153479-1976-43c3-a1ee-557513977b64}"= "c:\program files\Coupons.com\tbCoup.dll" [2010-12-09 3911776]
    .
    [HKEY_CLASSES_ROOT\clsid\{37153479-1976-43c3-a1ee-557513977b64}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{37153479-1976-43C3-A1EE-557513977B64}"= "c:\program files\Coupons.com\tbCoup.dll" [2010-12-09 3911776]
    .
    [HKEY_CLASSES_ROOT\clsid\{37153479-1976-43c3-a1ee-557513977b64}]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^drewmon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    path=c:\users\drewmon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-06-09 08:06 976832 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-03-07 19:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
    2008-02-26 14:57 128296 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-05-14 15:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-21 1343400]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
    S0 amacpi;Microsoft Away Mode System;c:\windows\system32\DRIVERS\null.sys [2009-07-13 4608]
    S0 ssfs0bbd;ssfs0bbd;c:\windows\system32\DRIVERS\ssfs0bbd.sys [2010-05-06 28936]
    S0 tcpabmat;tcpabmat;c:\windows\system32\DRIVERS\tcpabmat.sys [2009-07-14 44544]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
    S2 JuniperAccessService;Juniper Unified Network Service;c:\program files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [2010-05-26 132464]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-20 20952]
    S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
    S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
    DPF: {F9CD2233-6744-47C1-A6AE-00C30A35F73D} - hxxps://myaccount.cox.net/internettools/scripts/Inspector.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    MSConfigStartUp-SelectRebates - c:\program files\SelectRebates\SelectRebates.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2234436012-652195838-273927476-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-2234436012-652195838-273927476-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvvsvc.exe
    c:\windows\system32\nvvsvc.exe
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\windows\system32\taskhost.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\system32\conhost.exe
    c:\windows\system32\DllHost.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\system32\RunDll32.exe
    .
    **************************************************************************
    .
    Completion time: 2011-05-27 05:58:39 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-05-27 09:58
    .
    Pre-Run: 22,966,202,368 bytes free
    Post-Run: 36,278,022,144 bytes free
    .
    - - End Of File - - 81AF4015032161C4C2B38A155367BB58
     
  19. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    64-bit users go HERE
    • Double-click SystemLook.exe to run it.
    • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
    • Copy the content of the following box into the main textfield:
      Code:
      :filefind
      userinit.exe
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
     
  20. drewmon

    drewmon TS Rookie Topic Starter Posts: 29

    SystemLook 04.09.10 by jpshortstuff
    Log created at 22:32 on 27/05/2011 by Mom & Dad
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "userinit.exe"
    C:\Windows\ERDNT\cache\userinit.exe --a---- 26112 bytes [09:56 27/05/2011] [01:14 14/07/2009] 6DE80F60D7DE9CE6B8C2DDFDF79EF175
    C:\Windows\System32\userinit.exe --a---- 26112 bytes [23:34 13/07/2009] [01:14 14/07/2009] 6DE80F60D7DE9CE6B8C2DDFDF79EF175
    C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe --a---- 26112 bytes [23:34 13/07/2009] [01:14 14/07/2009] 6DE80F60D7DE9CE6B8C2DDFDF79EF175
    C:\Windows.old\Windows\System32\userinit.exe --a---- 25088 bytes [02:34 21/01/2008] [02:34 21/01/2008] 0E135526E9785D085BCD9AEDE6FBCBF9
    C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe --a---- 25088 bytes [02:34 21/01/2008] [02:34 21/01/2008] 0E135526E9785D085BCD9AEDE6FBCBF9

    -= EOF =-

    Also, computer is acting slow again.
     
  21. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.
    Upload following files to http://www.virustotal.com/ for security check:
    - c:\windows\system32\userinit.exe
    IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
    Post scan results.
     
  22. drewmon

    drewmon TS Rookie Topic Starter Posts: 29

    0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 1 VT Community user(s) with a total of 1 reputation credit(s) say(s) this sample is malware.
    File name: userinit.exe
    Submission date: 2011-05-28 10:30:40 (UTC)
    Current status: queued (#58) queued (#60) analysing finished


    Result: 0/ 42 (0.0%)
    VT Community

    malware
    Safety score: 0.0%
    Compact Print results Antivirus Version Last Update Result
    AhnLab-V3 2011.05.28.00 2011.05.28 -
    AntiVir 7.11.8.160 2011.05.27 -
    Antiy-AVL 2.0.3.7 2011.05.28 -
    Avast 4.8.1351.0 2011.05.28 -
    Avast5 5.0.677.0 2011.05.28 -
    AVG 10.0.0.1190 2011.05.28 -
    BitDefender 7.2 2011.05.28 -
    CAT-QuickHeal 11.00 2011.05.28 -
    ClamAV 0.97.0.0 2011.05.28 -
    Commtouch 5.3.2.6 2011.05.28 -
    Comodo 8866 2011.05.28 -
    DrWeb 5.0.2.03300 2011.05.28 -
    eSafe 7.0.17.0 2011.05.26 -
    eTrust-Vet 36.1.8353 2011.05.27 -
    F-Prot 4.6.2.117 2011.05.27 -
    F-Secure 9.0.16440.0 2011.05.28 -
    Fortinet 4.2.257.0 2011.05.28 -
    GData 22 2011.05.28 -
    Ikarus T3.1.1.104.0 2011.05.28 -
    Jiangmin 13.0.900 2011.05.27 -
    K7AntiVirus 9.104.4730 2011.05.27 -
    Kaspersky 9.0.0.837 2011.05.28 -
    McAfee 5.400.0.1158 2011.05.28 -
    McAfee-GW-Edition 2010.1D 2011.05.28 -
    Microsoft 1.6903 2011.05.28 -
    NOD32 6159 2011.05.28 -
    Norman 6.07.07 2011.05.26 -
    nProtect 2011-05-28.01 2011.05.28 -
    Panda 10.0.3.5 2011.05.27 -
    PCTools 7.0.3.5 2011.05.19 -
    Prevx 3.0 2011.05.28 -
    Rising 23.59.04.03 2011.05.27 -
    Sophos 4.65.0 2011.05.28 -
    SUPERAntiSpyware 4.40.0.1006 2011.05.28 -
    Symantec 20111.1.0.186 2011.05.28 -
    TheHacker 6.7.0.1.211 2011.05.27 -
    TrendMicro 9.200.0.1012 2011.05.28 -
    TrendMicro-HouseCall 9.200.0.1012 2011.05.28 -
    VBA32 3.12.16.0 2011.05.27 -
    VIPRE 9413 2011.05.28 -
    ViRobot 2011.5.28.4484 2011.05.28 -
    VirusBuster 13.6.374.0 2011.05.27 -
    Additional informationShow all
    MD5 : 6de80f60d7de9ce6b8c2ddfdf79ef175
    SHA1 : 8d439a6186ff526403989ac217dfe8e3a2d8bc2c
    SHA256: 7784a6cada74e314e7d79573ad9e490f4a36e0deb86c07732a75856a7e8f1e3a
    ssdeep: 384:Oj+CsDNjesrHdlvJhRLYZpgKeGf5F/hyWeR22PXG/7LKpuZeRsJCKWuVymWB:OxstZlRhNY
    ZpgpuFeR22vo7L3O1
    File size : 26112 bytes
    First seen: 2009-08-11 16:56:55
    Last seen : 2011-05-28 10:30:40
    TrID:
    Win32 Executable MS Visual C++ (generic) (65.2%)
    Win32 Executable Generic (14.7%)
    Win32 Dynamic Link Library (generic) (13.1%)
    Generic Win/DOS Executable (3.4%)
    DOS Executable Generic (3.4%)
    sigcheck:
    publisher....: Microsoft Corporation
    copyright....: (c) Microsoft Corporation. All rights reserved.
    product......: Microsoft_ Windows_ Operating System
    description..: Userinit Logon Application
    original name: USERINIT.EXE
    internal name: userinit
    file version.: 6.1.7600.16385 (win7_rtm.090713-1255)
    comments.....: n/a
    signers......: -
    signing date.: -
    verified.....: Unsigned

    PEInfo: PE structure information

    [[ basic data ]]
    entrypointaddress: 0x2B4E
    timedatestamp....: 0x4A5BC47B (Mon Jul 13 23:34:19 2009)
    machinetype......: 0x14c (I386)

    [[ 4 section(s) ]]
    name, viradd, virsiz, rawdsiz, ntropy, md5
    .text, 0x1000, 0x4CC9, 0x4E00, 6.08, 42103130bcecb40c949779c1a865ac9a
    .data, 0x6000, 0x4E8, 0x600, 0.87, 33d7907333f0fbf9350ce65ced1af048
    .rsrc, 0x7000, 0x778, 0x800, 4.05, cb2b29ba8fea6ee6f3666d8bf554071f
    .reloc, 0x8000, 0x410, 0x600, 5.22, ae619042157784c4e0538bf811d6d473

    [[ 7 import(s) ]]
    ntdll.dll: DbgPrint, RtlInitUnicodeString, NtOpenKey, NtClose
    API_MS_Win_Core_LocalRegistry_L1_1_0.dll: RegCreateKeyExW, RegDeleteTreeW, RegSetValueExW, RegQueryValueExW, RegOpenKeyExW, RegCloseKey, RegQueryInfoKeyW
    API_MS_Win_Core_ProcessThreads_L1_1_0.dll: SetThreadPriority, GetCurrentThread, CreateThread, GetCurrentProcess, CreateProcessW, OpenProcessToken
    USER32.dll: CharNextW, GetKeyboardLayout, GetSystemMetrics, ExitWindowsEx, MessageBoxW, LoadStringW, LoadRemoteFonts, DefWindowProcW, RegisterClassExW, DestroyWindow, CreateWindowExW, SystemParametersInfoW
    USERENV.dll: -
    msvcrt.dll: _ismbblead, _XcptFilter, _exit, _cexit, exit, _wcsicmp, memset, memmove, _vsnwprintf, _initterm, _acmdln, _amsg_exit, __setusermatherr, __p__fmode, __set_app_type, _terminate@@YAXXZ, _except_handler4_common, _controlfp, __getmainargs, __p__commode
    KERNEL32.dll: GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, GetStartupInfoA, InterlockedExchange, LoadLibraryA, RegOpenKeyExA, RegQueryValueExA, ExpandEnvironmentStringsA, LoadLibraryExA, InterlockedCompareExchange, DelayLoadFailureHook, HeapSetInformation, SetCurrentDirectoryW, FormatMessageW, GetFileAttributesExW, GetSystemDirectoryW, SetLastError, ExpandEnvironmentStringsW, GetUserDefaultLangID, SetEvent, OpenEventW, Sleep, WaitForSingleObject, CloseHandle, GetLastError, SetEnvironmentVariableW, SearchPathW, GetCurrentThreadId, CompareFileTime, LoadLibraryW, GetProcAddress, FreeLibrary, GetEnvironmentVariableW, LocalAlloc, LocalFree, GetVersionExW, lstrlenW

    ExifTool:
    file metadata
    CharacterSet: Unicode
    CodeSize: 19968
    CompanyName: Microsoft Corporation
    EntryPoint: 0x2b4e
    FileDescription: Userinit Logon Application
    FileFlagsMask: 0x003f
    FileOS: Windows NT 32-bit
    FileSize: 26 kB
    FileSubtype: 0
    FileType: Win32 EXE
    FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
    FileVersionNumber: 6.1.7600.16385
    ImageVersion: 6.1
    InitializedDataSize: 5120
    InternalName: userinit
    LanguageCode: English (U.S.)
    LegalCopyright: Microsoft Corporation. All rights reserved.
    LinkerVersion: 9.0
    MIMEType: application/octet-stream
    MachineType: Intel 386 or later, and compatibles
    OSVersion: 6.1
    ObjectFileType: Executable application
    OriginalFilename: USERINIT.EXE
    PEType: PE32
    ProductName: Microsoft Windows Operating System
    ProductVersion: 6.1.7600.16385
    ProductVersionNumber: 6.1.7600.16385
    Subsystem: Windows GUI
    SubsystemVersion: 6.1
    TimeStamp: 2009:07:14 01:34:19+02:00
    UninitializedDataSize: 0
     
  23. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Very well :)

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  24. drewmon

    drewmon TS Rookie Topic Starter Posts: 29

    OTL logfile created on: 5/28/2011 7:20:29 PM - Run 1
    OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Mom & Dad\Desktop
    An unknown product (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.44 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 72.00% Memory free
    6.87 Gb Paging File | 5.96 Gb Available in Paging File | 86.73% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 222.78 Gb Total Space | 33.98 Gb Free Space | 15.25% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 0.00 Gb Free Space | 0.04% Space Free | Partition Type: NTFS
    Drive E: | 6.57 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: DREWMON-PC | User Name: Mom & Dad | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/05/28 19:18:38 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Mom & Dad\Desktop\OTL.exe
    PRC - [2011/05/10 08:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2011/05/10 08:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2010/08/19 18:29:18 | 000,232,912 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10i_ActiveX.exe
    PRC - [2010/05/26 19:30:10 | 000,132,464 | ---- | M] (Juniper Networks) -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
    PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2008/01/17 07:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
    PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/05/28 19:18:38 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Mom & Dad\Desktop\OTL.exe
    MOD - [2011/05/10 08:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
    MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/05/10 08:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2010/08/21 03:01:28 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2010/05/26 19:30:10 | 000,132,464 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe -- (JuniperAccessService)
    SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
    SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/05/10 08:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2011/05/10 08:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2011/05/10 08:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2011/05/10 07:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2011/05/10 07:59:44 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2011/05/10 07:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2010/07/15 15:18:22 | 000,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
    DRV - [2010/07/10 05:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2010/05/06 18:50:02 | 000,118,280 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ssidrv.sys -- (ssidrv)
    DRV - [2010/05/06 18:50:02 | 000,023,560 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\sshrmd.sys -- (sshrmd)
    DRV - [2010/05/06 18:50:00 | 000,028,936 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ssfs0bbd.sys -- (ssfs0bbd)
    DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
    DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
    DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
    DRV - [2009/07/13 21:16:20 | 000,044,544 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\tcpabmat.sys -- (tcpabmat)
    DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
    DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
    DRV - [2009/07/13 18:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
    DRV - [2009/07/13 18:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\URLSearchHook: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files\Coupons.com\tbCoup.dll (Conduit Ltd.)


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2234436012-652195838-273927476-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-2234436012-652195838-273927476-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-2234436012-652195838-273927476-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 4A 1C CB 56 96 CB 01 [binary data]
    IE - HKU\S-1-5-21-2234436012-652195838-273927476-1004\..\URLSearchHook: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files\Coupons.com\tbCoup.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-2234436012-652195838-273927476-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2234436012-652195838-273927476-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



    O1 HOSTS File: ([2011/05/27 05:45:36 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Coupons.com Toolbar) - {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files\Coupons.com\tbCoup.dll (Conduit Ltd.)
    O2 - BHO: (no name) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - No CLSID value found.
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (Coupons.com Toolbar) - {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files\Coupons.com\tbCoup.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKU\S-1-5-21-2234436012-652195838-273927476-1004\..\Toolbar\WebBrowser: (Coupons.com Toolbar) - {37153479-1976-43C3-A1EE-557513977B64} - C:\Program Files\Coupons.com\tbCoup.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2234436012-652195838-273927476-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2234436012-652195838-273927476-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-2234436012-652195838-273927476-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-2234436012-652195838-273927476-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKU\S-1-5-21-2234436012-652195838-273927476-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
    O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab (Verizon Wireless Media Upload)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://dnet-i2.dom.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
    O16 - DPF: {F9CD2233-6744-47C1-A6AE-00C30A35F73D} https://myaccount.cox.net/internettools/scripts/Inspector.cab (CAssessmentCtl Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
    O18 - Protocol\Handler\vsharechrome - No CLSID value found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)


    ========== Files/Folders - Created Within 30 Days ==========

    [2011/05/28 19:18:29 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Mom & Dad\Desktop\OTL.exe
    [2011/05/27 05:58:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/05/27 05:41:40 | 000,000,000 | ---D | C] -- C:\Users\Mom & Dad\AppData\Local\temp
    [2011/05/27 05:41:37 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/05/27 05:11:00 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/05/27 05:11:00 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/05/27 05:11:00 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/05/27 05:10:48 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/05/27 05:10:44 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/05/27 05:10:36 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
    [2011/05/27 05:05:42 | 004,295,610 | R--- | C] (Swearware) -- C:\Users\Mom & Dad\Desktop\ComboFix.exe
    [2011/05/26 20:21:37 | 000,000,000 | ---D | C] -- C:\Users\Mom & Dad\AppData\Local\{CA08045C-6F40-424F-8F5E-CA456F87B60E}
    [2011/05/26 19:47:00 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Users\Mom & Dad\Desktop\aswMBR.exe
    [2011/05/25 23:03:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSpice Student
    [2011/05/25 23:03:00 | 000,200,704 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\Windows\System32\THREED32.OCX
    [2011/05/25 23:03:00 | 000,105,984 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\p2bdao.dll
    [2011/05/25 23:03:00 | 000,064,000 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\p2irdao.dll
    [2011/05/25 23:03:00 | 000,054,272 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\p2ctdao.dll
    [2011/05/25 23:02:59 | 003,572,224 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\crpe32.dll
    [2011/05/25 23:02:59 | 000,416,768 | ---- | C] (Seagate Software) -- C:\Windows\System32\cpeaut32.dll
    [2011/05/25 23:02:59 | 000,183,296 | ---- | C] (Seagate Software, Information Management Group, Inc.) -- C:\Windows\System32\crpaig32.dll
    [2011/05/25 23:02:58 | 000,000,000 | ---D | C] -- C:\Program Files\OrCAD_Demo
    [2011/05/25 23:02:58 | 000,000,000 | ---D | C] -- C:\Windows\Crystal
    [2011/05/25 23:00:27 | 000,000,000 | ---D | C] -- C:\Users\Mom & Dad\temp
    [2011/05/25 19:06:15 | 000,606,738 | R--- | C] (Swearware) -- C:\Users\Mom & Dad\Desktop\dds.scr
    [2011/05/25 18:33:46 | 000,000,000 | ---D | C] -- C:\Users\Mom & Dad\Desktop\drewmon
    [2011/05/25 18:19:45 | 000,000,000 | ---D | C] -- C:\Users\Mom & Dad\AppData\Local\{162F0102-53F9-41B8-924A-C166B72D3BAE}
    [2011/05/25 07:10:16 | 001,431,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Mom & Dad\Desktop\TDSSKiller.exe
    [2011/05/25 01:38:44 | 000,000,000 | ---D | C] -- C:\Users\Mom & Dad\AppData\Local\{50F51F28-3B71-406B-9CDA-59BBB9C22586}
    [2011/05/24 21:27:40 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2011/05/24 21:27:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2011/05/24 21:27:39 | 000,307,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2011/05/24 21:27:36 | 000,049,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2011/05/24 21:27:36 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2011/05/24 21:27:35 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
    [2011/05/24 21:27:32 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2011/05/24 21:26:26 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2011/05/24 21:26:26 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2011/05/24 21:26:18 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2011/05/24 21:26:18 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2011/05/23 22:22:16 | 000,000,000 | ---D | C] -- C:\Users\Mom & Dad\AppData\Local\{EC204A63-3248-4196-9AC7-698C88A78A38}
    [2011/05/22 19:47:48 | 000,000,000 | ---D | C] -- C:\Users\Mom & Dad\AppData\Roaming\Malwarebytes
    [2011/05/22 19:47:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2011/05/22 19:47:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/05/22 19:47:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/05/22 19:47:36 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011/05/22 19:47:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/05/20 19:02:43 | 000,000,000 | ---D | C] -- C:\Users\Mom & Dad\AppData\Local\{32560F2F-DC55-4592-A5AF-2B28C4C37892}
    [2011/05/18 14:23:11 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
    [2011/05/18 14:23:01 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons.com
    [2011/05/18 09:49:21 | 000,000,000 | ---D | C] -- C:\Users\Mom & Dad\AppData\Local\{75B55CB4-4910-49D8-A1D7-0F7C21E2FA56}
    [2011/05/17 21:48:59 | 000,000,000 | ---D | C] -- C:\Users\Mom & Dad\AppData\Local\{E8A8581E-A8E5-42AE-B1F6-1333CF34E3D7}
    [2011/05/16 17:14:18 | 000,000,000 | ---D | C] -- C:\Users\Mom & Dad\AppData\Local\{B7E235A8-08E8-417A-A5A5-8A58C680750C}
    [2011/05/08 12:09:52 | 000,000,000 | ---D | C] -- C:\Users\Mom & Dad\AppData\Local\{B2A5FEBE-ABEB-4D03-AA47-DC2B84AFDD2D}
    [2011/05/05 18:41:57 | 000,000,000 | -H-D | C] -- C:\ProgramData\Sun
    [2011/05/05 18:41:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2011/05/05 18:40:52 | 000,000,000 | ---D | C] -- C:\Program Files\Java

    ========== Files - Modified Within 30 Days ==========

    [2011/05/28 19:18:38 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Mom & Dad\Desktop\OTL.exe
    [2011/05/28 16:25:55 | 000,021,360 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/05/28 16:25:55 | 000,021,360 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/05/28 16:24:40 | 000,623,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/05/28 16:24:40 | 000,106,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/05/28 16:17:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/05/28 16:17:24 | 2767,052,800 | -HS- | M] () -- C:\hiberfil.sys
    [2011/05/27 22:32:20 | 000,075,264 | ---- | M] () -- C:\Users\Mom & Dad\Desktop\SystemLook.exe
    [2011/05/27 05:45:36 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/05/27 05:05:50 | 004,295,610 | R--- | M] (Swearware) -- C:\Users\Mom & Dad\Desktop\ComboFix.exe
    [2011/05/26 19:54:28 | 000,040,694 | ---- | M] () -- C:\Users\Mom & Dad\Desktop\RKUnhookerLE report
    [2011/05/26 19:48:28 | 000,133,632 | ---- | M] () -- C:\Users\Mom & Dad\Desktop\RKUnhookerLE.EXE
    [2011/05/26 19:47:58 | 000,000,512 | ---- | M] () -- C:\Users\Mom & Dad\Desktop\MBR.dat
    [2011/05/26 19:47:04 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\Mom & Dad\Desktop\aswMBR.exe
    [2011/05/26 05:07:09 | 001,431,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mom & Dad\Desktop\TDSSKiller.exe
    [2011/05/26 05:05:23 | 001,301,452 | ---- | M] () -- C:\Users\Mom & Dad\Desktop\tdsskiller.zip
    [2011/05/25 23:46:47 | 000,002,700 | ---- | M] () -- C:\Windows\PSPICEEV.INI
    [2011/05/25 23:12:47 | 000,001,098 | ---- | M] () -- C:\Users\Mom & Dad\Desktop\Capture Student.lnk
    [2011/05/25 19:06:28 | 000,606,738 | R--- | M] (Swearware) -- C:\Users\Mom & Dad\Desktop\dds.scr
    [2011/05/25 18:58:40 | 000,001,924 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2011/05/25 18:58:27 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2011/05/25 00:57:04 | 000,302,080 | ---- | M] () -- C:\Users\Mom & Dad\Desktop\hywyfxhf.exe
    [2011/05/22 19:47:40 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/05/22 17:39:39 | 000,000,040 | -H-- | M] () -- C:\ProgramData\~34987768
    [2011/05/10 08:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2011/05/10 08:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2011/05/10 08:03:54 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
    [2011/05/10 08:03:44 | 000,307,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2011/05/10 08:02:37 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2011/05/10 07:59:56 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2011/05/10 07:59:44 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2011/05/10 07:59:35 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2011/05/03 14:36:18 | 000,027,588 | ---- | M] () -- C:\Windows\System32\tmpextbl.dll

    ========== Files Created - No Company Name ==========

    [2011/05/27 22:32:19 | 000,075,264 | ---- | C] () -- C:\Users\Mom & Dad\Desktop\SystemLook.exe
    [2011/05/27 05:11:00 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/05/27 05:11:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/05/27 05:11:00 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/05/27 05:11:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/05/27 05:11:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/05/26 19:54:28 | 000,040,694 | ---- | C] () -- C:\Users\Mom & Dad\Desktop\RKUnhookerLE report
    [2011/05/26 19:48:24 | 000,133,632 | ---- | C] () -- C:\Users\Mom & Dad\Desktop\RKUnhookerLE.EXE
    [2011/05/26 19:47:58 | 000,000,512 | ---- | C] () -- C:\Users\Mom & Dad\Desktop\MBR.dat
    [2011/05/26 05:05:16 | 001,301,452 | ---- | C] () -- C:\Users\Mom & Dad\Desktop\tdsskiller.zip
    [2011/05/25 23:12:47 | 000,001,098 | ---- | C] () -- C:\Users\Mom & Dad\Desktop\Capture Student.lnk
    [2011/05/25 23:03:01 | 000,002,700 | ---- | C] () -- C:\Windows\PSPICEEV.INI
    [2011/05/25 23:03:00 | 000,046,080 | ---- | C] () -- C:\Windows\System32\lftif60n.dll
    [2011/05/25 23:03:00 | 000,043,008 | ---- | C] () -- C:\Windows\System32\ltfil60n.dll
    [2011/05/25 23:03:00 | 000,019,968 | ---- | C] () -- C:\Windows\System32\lftga60n.dll
    [2011/05/25 23:03:00 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwpg60n.dll
    [2011/05/25 23:03:00 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwmf60n.dll
    [2011/05/25 23:02:59 | 000,176,128 | ---- | C] () -- C:\Windows\System32\lffax60n.dll
    [2011/05/25 23:02:59 | 000,141,824 | ---- | C] () -- C:\Windows\System32\lfcmp60n.dll
    [2011/05/25 23:02:59 | 000,110,080 | ---- | C] () -- C:\Windows\System32\lfpng60n.dll
    [2011/05/25 23:02:59 | 000,023,552 | ---- | C] () -- C:\Windows\System32\lfpcx60n.dll
    [2011/05/25 23:02:59 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfpct60n.dll
    [2011/05/25 23:02:59 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfeps60n.dll
    [2011/05/25 23:02:59 | 000,022,016 | ---- | C] () -- C:\Windows\System32\lfbmp60n.dll
    [2011/05/25 23:02:59 | 000,020,480 | ---- | C] () -- C:\Windows\System32\lfpsd60n.dll
    [2011/05/25 23:02:59 | 000,018,432 | ---- | C] () -- C:\Windows\System32\lfmsp60n.dll
    [2011/05/25 23:02:59 | 000,017,920 | ---- | C] () -- C:\Windows\System32\lfmac60n.dll
    [2011/05/25 23:02:59 | 000,017,920 | ---- | C] () -- C:\Windows\System32\implode.dll
    [2011/05/25 00:56:59 | 000,302,080 | ---- | C] () -- C:\Users\Mom & Dad\Desktop\hywyfxhf.exe
    [2011/05/24 21:27:40 | 000,001,924 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2011/05/22 19:47:40 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/05/22 17:39:36 | 000,000,040 | -H-- | C] () -- C:\ProgramData\~34987768
    [2011/03/12 21:47:48 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2011/01/30 20:49:52 | 000,000,093 | ---- | C] () -- C:\Windows\ka.ini
    [2011/01/30 20:40:27 | 000,000,038 | ---- | C] () -- C:\Windows\p4k.ini
    [2010/08/26 16:42:33 | 000,027,588 | ---- | C] () -- C:\Windows\System32\tmpextbl.dll
    [2010/08/25 15:07:01 | 000,165,665 | ---- | C] () -- C:\Windows\hpoins28.dat
    [2010/08/25 15:07:01 | 000,000,442 | ---- | C] () -- C:\Windows\hpomdl28.dat
    [2010/08/18 23:18:04 | 000,212,992 | ---- | C] () -- C:\Windows\System32\WMIMPLEX.dll
    [2010/08/18 23:18:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\maplec.dll
    [2010/08/18 23:18:04 | 000,020,480 | ---- | C] () -- C:\Windows\System32\maplecompat.dll
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
    [2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/14 00:33:53 | 000,329,832 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2009/07/13 22:05:48 | 000,623,940 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2009/07/13 22:05:48 | 000,106,316 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2009/07/13 20:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
    [2009/07/13 19:55:01 | 006,623,232 | ---- | C] () -- C:\Windows\System32\msulexc.exe
    [2009/07/13 19:55:01 | 001,671,168 | ---- | C] () -- C:\Windows\System32\winahurl.dll
    [2009/07/13 19:55:01 | 001,331,200 | ---- | C] () -- C:\Windows\System32\dskikvga.dll
    [2009/07/13 19:55:01 | 000,313,782 | ---- | C] () -- C:\Windows\System32\wowocwin32.dll
    [2009/07/13 19:55:01 | 000,044,544 | ---- | C] () -- C:\Windows\System32\drivers\tcpabmat.sys
    [2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
    [2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
    [2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

    ========== LOP Check ==========

    [2011/05/25 18:51:47 | 000,000,000 | ---D | M] -- C:\Users\drewmon\AppData\Roaming\gtk-2.0
    [2011/05/25 18:51:47 | 000,000,000 | ---D | M] -- C:\Users\drewmon\AppData\Roaming\Juniper Networks
    [2011/05/25 18:51:48 | 000,000,000 | ---D | M] -- C:\Users\drewmon\AppData\Roaming\Maple
    [2010/08/19 00:25:46 | 000,000,000 | ---D | M] -- C:\Users\drewmon\AppData\Roaming\National Instruments
    [2010/09/17 12:56:57 | 000,000,000 | ---D | M] -- C:\Users\drewmon\AppData\Roaming\Windows Live Writer
    [2011/04/21 11:34:50 | 000,000,000 | ---D | M] -- C:\Users\Mom & Dad\AppData\Roaming\Catalina Marketing Corp
    [2011/01/24 19:44:45 | 000,000,000 | ---D | M] -- C:\Users\Mom & Dad\AppData\Roaming\Juniper Networks
    [2010/09/26 08:11:00 | 000,000,000 | ---D | M] -- C:\Users\Mom & Dad\AppData\Roaming\Maple
    [2011/01/07 02:53:17 | 000,000,000 | ---D | M] -- C:\Users\Mom & Dad\AppData\Roaming\Windows Live Writer
    [2011/05/11 20:19:20 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < >

    < %SYSTEMDRIVE%\*.* >
    [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/07/13 21:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
    [2010/08/19 01:58:55 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2011/05/27 05:58:42 | 000,018,933 | ---- | M] () -- C:\ComboFix.txt
    [2009/06/10 17:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2008/11/13 23:05:24 | 000,005,060 | RH-- | M] () -- C:\dell.sdr
    [2011/05/28 16:17:24 | 2767,052,800 | -HS- | M] () -- C:\hiberfil.sys
    [2011/01/30 20:39:56 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2011/01/30 20:39:56 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2011/05/28 16:17:26 | 3689,406,464 | -HS- | M] () -- C:\pagefile.sys
    [2011/05/26 05:11:12 | 000,067,614 | ---- | M] () -- C:\TDSSKiller.2.5.3.0_26.05.2011_05.07.52_log.txt

    < %systemroot%\Fonts\*.com >
    [2009/07/14 00:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 00:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 00:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 00:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 17:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2009/07/13 21:15:26 | 000,280,064 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzppw71.dll
    [2009/07/13 21:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
    [2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
    [2009/07/13 21:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2011/05/10 08:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/14 00:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/01/07 03:05:54 | 000,000,221 | -HS- | M] () -- C:\Users\Mom & Dad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2010/12/03 13:25:02 | 003,018,064 | ---- | M] (Siber Systems) -- C:\Users\Mom & Dad\Desktop\AiRoboForm.exe
    [2011/05/26 19:47:04 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\Mom & Dad\Desktop\aswMBR.exe
    [2011/05/27 05:05:50 | 004,295,610 | R--- | M] (Swearware) -- C:\Users\Mom & Dad\Desktop\ComboFix.exe
    [2011/05/25 00:57:04 | 000,302,080 | ---- | M] () -- C:\Users\Mom & Dad\Desktop\hywyfxhf.exe
    [2011/05/28 19:18:38 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Mom & Dad\Desktop\OTL.exe
    [2011/05/26 19:48:28 | 000,133,632 | ---- | M] () -- C:\Users\Mom & Dad\Desktop\RKUnhookerLE.EXE
    [2011/05/27 22:32:20 | 000,075,264 | ---- | M] () -- C:\Users\Mom & Dad\Desktop\SystemLook.exe
    [2011/05/26 05:07:09 | 001,431,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mom & Dad\Desktop\TDSSKiller.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/09/09 19:43:26 | 000,000,402 | -HS- | M] () -- C:\Users\Mom & Dad\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/09/09 21:09:11 | 000,001,807 | ---- | M] () -- C:\ProgramData\hpzinstall.log
    [2011/03/12 21:47:49 | 000,000,362 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2011/05/22 17:39:39 | 000,000,040 | -H-- | M] () -- C:\ProgramData\~34987768

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < >

    < End of report >
     
  25. drewmon

    drewmon TS Rookie Topic Starter Posts: 29

    OTL Extras logfile created on: 5/28/2011 7:20:29 PM - Run 1
    OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Mom & Dad\Desktop
    An unknown product (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.44 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 72.00% Memory free
    6.87 Gb Paging File | 5.96 Gb Available in Paging File | 86.73% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 222.78 Gb Total Space | 33.98 Gb Free Space | 15.25% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 0.00 Gb Free Space | 0.04% Space Free | Partition Type: NTFS
    Drive E: | 6.57 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: DREWMON-PC | User Name: Mom & Dad | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{035FDE60-7CEC-4C60-9B7B-84B9CE3AC6AB}" = WRSSMini
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
    "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
    "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
    "{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
    "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
    "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
    "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
    "{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
    "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
    "{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
    "{30320C4A-0358-11D6-A7DD-E0E0ECBBEB2A}" = Phonics 4 Kids Advanced Flash Cards
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2
    "{363CEA5C-C9D0-45DD-9511-A461DBDEE94B}" = DJ_AIO_03_F4200_Software_Min
    "{398169AD-EB4F-4C76-A6F1-8BF9178D8D57}" = QICii_USB
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
    "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
    "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
    "{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
    "{53CDAAAB-6D41-4A36-BAA4-90261DE31B13}" = NetZero For Cosmi
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
    "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
    "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
    "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
    "{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A00C9114-40E6-4C70-A619-7DF264B23485}" = HP Deskjet F4200 All-In-One Driver Software 13.0 Rel. 3
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
    "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{C2524280-A5CF-4458-B809-167F13FAB56D}" = F4200
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
    "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "avast" = avast! Free Antivirus
    "Caillou's Preschool" = Caillou's Preschool
    "Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
    "Coupons.com Toolbar" = Coupons.com Toolbar
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "HP Imaging Device Functions" = HP Imaging Device Functions 13.0
    "HP Photosmart Essential" = HP Photosmart Essential 3.5
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
    "HPExtendedCapabilities" = HP Customer Participation Program 13.0
    "JumpStart Advanced Kindergarten" = JumpStart Advanced Kindergarten
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Maple 13" = Maple 13
    "MatlabR2010a" = MATLAB Student R2010a
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "NVIDIA Drivers" = NVIDIA Drivers
    "Phonics 4 Kids Video" = Phonics 4 Kids Video
    "PSpice Student" = PSpice Student 9.1
    "Shop for HP Supplies" = Shop for HP Supplies
    "SystemRequirementsLab" = System Requirements Lab
    "Veetle TV" = Veetle TV 0.9.17
    "vShare" = vShare Plugin
    "WinLiveSuite" = Windows Live Essentials

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2234436012-652195838-273927476-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Juniper_Networks_Cache_Cleaner 6.5.0" = Juniper Networks Cache Cleaner 6.5.0
    "Juniper_Setup_Client" = Juniper Networks Setup Client
    "Neoteris_Host_Checker" = Juniper Networks Host Checker

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 5/24/2011 9:07:12 PM | Computer Name = drewmon-PC | Source = McLogEvent | ID = 5004
    Description =

    Error - 5/24/2011 9:07:12 PM | Computer Name = drewmon-PC | Source = McLogEvent | ID = 5022
    Description =

    Error - 5/24/2011 9:07:12 PM | Computer Name = drewmon-PC | Source = McLogEvent | ID = 5004
    Description =

    Error - 5/24/2011 9:07:12 PM | Computer Name = drewmon-PC | Source = McLogEvent | ID = 5022
    Description =

    Error - 5/25/2011 12:15:13 AM | Computer Name = drewmon-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: Explorer.EXE, version: 6.1.7600.16768,
    time stamp: 0x4d6878c3 Faulting module name: excoglib.dll, version: 0.0.0.0, time
    stamp: 0x4ce16a31 Exception code: 0xc0000005 Fault offset: 0x00087260 Faulting process
    id: 0xcb8 Faulting application start time: 0x01cc1a91c74fc680 Faulting application
    path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\system32\excoglib.dll
    Report
    Id: 95f14bd0-8685-11e0-964e-00217049e63b

    Error - 5/25/2011 1:09:34 AM | Computer Name = drewmon-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 8.0.7600.16766,
    time stamp: 0x4d65d5c3 Faulting module name: msxml3.dll, version: 8.110.7600.16723,
    time stamp: 0x4d103aab Exception code: 0xc0000005 Fault offset: 0x0002e64f Faulting
    process id: 0xc5c Faulting application start time: 0x01cc1a99ebc2a430 Faulting application
    path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\System32\msxml3.dll
    Report
    Id: 2d9bf870-868d-11e0-9144-00217049e63b

    Error - 5/25/2011 11:10:00 AM | Computer Name = drewmon-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 8.0.7600.16766,
    time stamp: 0x4d65d5c3 Faulting module name: msvcrt.dll, version: 7.0.7600.16385,
    time stamp: 0x4a5bda6f Exception code: 0x40000015 Fault offset: 0x00056202 Faulting
    process id: 0xac4 Faulting application start time: 0x01cc1ae5cf270680 Faulting application
    path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\system32\msvcrt.dll
    Report
    Id: 0eb22b60-86e1-11e0-b2b8-00217049e63b

    Error - 5/25/2011 7:42:06 PM | Computer Name = drewmon-PC | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 8.0.7600.16766 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 8dc Start
    Time: 01cc1b2f92555320 Termination Time: 0 Application Path: C:\Program Files\Internet
    Explorer\iexplore.exe Report Id:

    Error - 5/27/2011 8:52:07 PM | Computer Name = drewmon-PC | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 8.0.7600.16766 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: ea60 Start
    Time: 01cc1ccccb494300 Termination Time: 16 Application Path: C:\Program Files\Internet
    Explorer\iexplore.exe Report Id:

    Error - 5/28/2011 1:26:20 PM | Computer Name = drewmon-PC | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 8.0.7600.16766 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: bbc Start
    Time: 01cc1d4831159aa0 Termination Time: 0 Application Path: C:\Program Files\Internet
    Explorer\iexplore.exe Report Id:

    [ Media Center Events ]
    Error - 12/28/2010 8:38:55 PM | Computer Name = drewmon-PC | Source = MCUpdate | ID = 0
    Description = 7:38:51 PM - Failed to retrieve Directory (Error: The underlying connection
    was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


    Error - 3/12/2011 9:45:13 PM | Computer Name = drewmon-PC | Source = Microsoft-Windows-Media Center Extender | ID = 550
    Description =

    Error - 5/16/2011 8:39:58 PM | Computer Name = drewmon-PC | Source = MCUpdate | ID = 0
    Description = 8:39:58 PM - Failed to retrieve Directory (Error: The underlying connection
    was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


    [ System Events ]
    Error - 5/2/2011 1:21:28 PM | Computer Name = drewmon-PC | Source = DCOM | ID = 10010
    Description =

    Error - 5/2/2011 7:31:47 PM | Computer Name = drewmon-PC | Source = Schannel | ID = 36887
    Description = The following fatal alert was received: 47.

    Error - 5/2/2011 7:31:47 PM | Computer Name = drewmon-PC | Source = Schannel | ID = 36887
    Description = The following fatal alert was received: 47.

    Error - 5/2/2011 7:31:48 PM | Computer Name = drewmon-PC | Source = Schannel | ID = 36887
    Description = The following fatal alert was received: 47.

    Error - 5/2/2011 7:31:48 PM | Computer Name = drewmon-PC | Source = Schannel | ID = 36887
    Description = The following fatal alert was received: 47.

    Error - 5/2/2011 7:31:48 PM | Computer Name = drewmon-PC | Source = Schannel | ID = 36887
    Description = The following fatal alert was received: 47.

    Error - 5/2/2011 7:31:48 PM | Computer Name = drewmon-PC | Source = Schannel | ID = 36887
    Description = The following fatal alert was received: 47.

    Error - 5/2/2011 7:31:48 PM | Computer Name = drewmon-PC | Source = Schannel | ID = 36887
    Description = The following fatal alert was received: 47.

    Error - 5/2/2011 7:31:56 PM | Computer Name = drewmon-PC | Source = Schannel | ID = 36887
    Description = The following fatal alert was received: 47.

    Error - 5/2/2011 7:31:56 PM | Computer Name = drewmon-PC | Source = Schannel | ID = 36887
    Description = The following fatal alert was received: 47.


    < End of report >
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...