TechSpot

Redirect from Google search to AskTheCrew ad site

By cr1100
Feb 10, 2012
  1. Hello, having the same problem another user had. I run a search on google, and the search returns links which redirect me to the ad site AskTheCrew. I tried to post this in an existing thread, but it's not allowing me to do so, so apologies for starting a new thread.

    I went ahead and followed the 5 steps and have the logs which were created. Here they are:

    Malwarebytes Anti-Malware (Trial) 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.02.10.02

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Ro Family :: ROFAMILY-PC [administrator]

    Protection: Enabled

    2/9/2012 10:35:40 PM
    mbam-log-2012-02-09 (22-35-40).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 217253
    Time elapsed: 7 minute(s), 44 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-02-09 22:48:52
    Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 WDC_WD3200BEVT-75ZCT0 rev.11.01A11
    Running: kl8ntf7p.exe; Driver: C:\Users\ROFAMI~1\AppData\Local\Temp\axliikow.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
    Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

    ---- Devices - GMER 1.0.15 ----

    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

    AttachedDevice AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

    Device fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

    AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    ---- EOF - GMER 1.0.15 ----


    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
    Run by Ro Family at 22:51:19 on 2012-02-09
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3062.1240 [GMT -7:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
    C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
    C:\Program Files\Epson Software\Event Manager\EEventManager.exe
    C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Logitech\Vid HD\Vid.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\LogonUI.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
    C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
    C:\Windows\notepad.exe
    C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    C:\Program Files\AVG\AVG2012\avgemcx.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\Program Files\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = https://compass.illinois.edu/webct/entryPageIns.dowebct
    uInternet Settings,ProxyOverride = *.local
    mURLSearchHooks: H - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode
    uRun: [EPSON WorkForce 520 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatigia.exe /fu "c:\windows\temp\E_SA9D5.tmp" /EF "HKCU"
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe
    mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
    mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\users\rofami~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    TCP: DhcpNameServer = 71.37.179.38 69.145.232.32 69.144.49.29
    TCP: Interfaces\{7C7DF159-52A2-4DAE-B9C3-EC7F06D2FDC2} : DhcpNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{8D3A1D7F-FDD0-4076-932C-F9C847B78947} : DhcpNameServer = 71.37.179.38 69.145.232.32 69.144.49.29
    TCP: Interfaces\{8D3A1D7F-FDD0-4076-932C-F9C847B78947}\14679616E6F60234F666665656 : DhcpNameServer = 192.168.0.1 205.171.3.25
    TCP: Interfaces\{8D3A1D7F-FDD0-4076-932C-F9C847B78947}\17773383035357 : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{8D3A1D7F-FDD0-4076-932C-F9C847B78947}\3416E646C65677F6F646F57496C6C656474756 : DhcpNameServer = 172.16.0.1
    TCP: Interfaces\{8D3A1D7F-FDD0-4076-932C-F9C847B78947}\34F6D6D6F6E6027427F657E646370223 : DhcpNameServer = 192.168.2.1 192.168.2.1
    TCP: Interfaces\{8D3A1D7F-FDD0-4076-932C-F9C847B78947}\354434F57457563747 : DhcpNameServer = 8.8.8.8 4.2.2.2
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Notify: igfxcui - igfxdev.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\ro family\appdata\roaming\mozilla\firefox\profiles\s6gvcq3w.default\
    FF - prefs.js: browser.startup.homepage - www.espn.com
    FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
    FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\users\ro family\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: c:\users\ro family\appdata\roaming\mozilla\firefox\profiles\s6gvcq3w.default\extensions\{000f1ea4-5e08-4564-a29b-29076f63a37a}\plugins\npsoe.dll
    FF - plugin: c:\users\ro family\appdata\roaming\mozilla\plugins\npatgpc.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-9 652360]
    R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2010-11-27 398176]
    R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-8-19 450848]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-9 20464]
    R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
    R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-4 136176]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-4 136176]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
    S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-27 52224]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-2-18 1343400]
    .
    =============== Created Last 30 ================
    .
    2012-02-10 05:34:48 -------- d-----w- c:\users\ro family\appdata\roaming\Malwarebytes
    2012-02-10 05:34:34 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
    2012-02-10 05:34:30 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-10 05:34:30 -------- d-----w- c:\programdata\Malwarebytes
    2012-02-10 05:34:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-02-10 02:13:01 -------- d-----w- c:\users\ro family\appdata\roaming\OverDrive
    2012-02-10 02:12:33 -------- d-----w- c:\program files\OverDrive Media Console
    2012-01-22 21:43:15 -------- d-----w- c:\program files\iPod
    2012-01-22 21:43:12 -------- d-----w- c:\program files\iTunes
    2012-01-16 18:41:50 -------- d-----w- c:\program files\common files\EPSON
    2012-01-16 18:40:08 80024 ----a-w- c:\windows\system32\PICSDK.dll
    2012-01-16 18:40:08 51360 ----a-w- c:\windows\system32\EpPicPrt.dll
    2012-01-16 18:40:08 51360 ----a-w- c:\windows\system32\EpPicMgr.dll
    2012-01-16 18:40:08 501912 ----a-w- c:\windows\system32\PICSDK2.dll
    2012-01-16 18:40:08 108704 ----a-w- c:\windows\system32\PICEntry.dll
    2012-01-16 18:39:35 93696 ----a-w- c:\windows\system32\E_FLBGIA.DLL
    2012-01-16 18:39:33 63488 ----a-w- c:\windows\system32\E_FD4BGIA.DLL
    2012-01-16 18:39:16 -------- d-----w- c:\programdata\EPSON
    2012-01-16 18:39:00 -------- d-----w- c:\program files\Epson Software
    2012-01-16 18:37:09 341504 ----a-w- c:\windows\system32\esw2ud.dll
    2012-01-16 18:37:09 15872 ----a-w- c:\windows\system32\escdev.dll
    2012-01-16 18:37:09 128392 ----a-w- c:\windows\system32\esdevapp.exe
    2012-01-16 18:37:04 -------- d-----w- c:\program files\epson
    2012-01-15 00:12:58 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-01-15 00:12:58 369352 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-01-15 00:12:58 224768 ----a-w- c:\windows\system32\schannel.dll
    2012-01-15 00:12:58 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-01-15 00:12:58 1038848 ----a-w- c:\windows\system32\lsasrv.dll
    2012-01-15 00:12:57 22528 ----a-w- c:\windows\system32\lsass.exe
    2012-01-15 00:12:56 314880 ----a-w- c:\windows\system32\webio.dll
    2012-01-15 00:12:56 100352 ----a-w- c:\windows\system32\sspicli.dll
    2012-01-15 00:12:54 22016 ----a-w- c:\windows\system32\secur32.dll
    2012-01-15 00:12:54 15872 ----a-w- c:\windows\system32\sspisrv.dll
    2012-01-12 14:46:04 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
    2012-01-12 14:46:04 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
    2012-01-12 14:46:04 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
    2012-01-12 14:46:04 45016 ----a-w- c:\program files\mozilla firefox\mozutils.dll
    2012-01-11 15:32:49 67072 ----a-w- c:\windows\system32\packager.dll
    2012-01-11 15:32:49 1288472 ----a-w- c:\windows\system32\ntdll.dll
    2012-01-11 15:32:48 514560 ----a-w- c:\windows\system32\qdvd.dll
    2012-01-11 15:32:48 1328128 ----a-w- c:\windows\system32\quartz.dll
    .
    ==================== Find3M ====================
    .
    2012-02-10 05:43:07 60 ----a-w- c:\windows\wpd99.drv
    2011-11-24 04:25:27 2342912 ----a-w- c:\windows\system32\win32k.sys
    .
    ============= FINISH: 22:53:00.10 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2/17/2011 11:14:31 PM
    System Uptime: 2/9/2012 5:58:09 PM (5 hours ago)
    .
    Motherboard: Dell Inc. | |
    Processor: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz | Microprocessor | 2000/166mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 298 GiB total, 85.359 GiB free.
    D: is CDROM ()
    E: is FIXED (FAT32) - 596 GiB total, 437.583 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP77: 10/6/2011 6:56:36 PM - Windows Update
    RP78: 10/14/2011 11:06:29 AM - Windows Update
    RP79: 10/14/2011 9:41:42 PM - Installed AVG 2012
    RP80: 10/14/2011 9:42:23 PM - Installed AVG 2012
    RP81: 10/23/2011 8:50:58 PM - Scheduled Checkpoint
    RP82: 10/31/2011 1:48:00 PM - Scheduled Checkpoint
    RP83: 11/10/2011 7:51:45 PM - Scheduled Checkpoint
    RP84: 11/11/2011 8:16:44 AM - Windows Update
    RP85: 11/11/2011 9:04:42 AM - Windows Update
    RP86: 11/19/2011 10:20:30 AM - Scheduled Checkpoint
    RP89: 11/25/2011 5:33:04 PM - Installed DirectX
    RP90: 11/26/2011 9:21:16 PM - Windows Update
    RP91: 12/3/2011 11:43:20 PM - Scheduled Checkpoint
    RP92: 12/12/2011 6:32:01 PM - Scheduled Checkpoint
    RP93: 12/13/2011 10:27:43 PM - Windows Update
    RP94: 12/26/2011 9:23:32 AM - Scheduled Checkpoint
    RP95: 1/3/2012 12:03:12 AM - Windows Update
    RP96: 1/10/2012 6:43:26 PM - Scheduled Checkpoint
    RP97: 1/11/2012 9:12:00 AM - Windows Update
    RP98: 1/14/2012 9:34:13 PM - Windows Update
    RP99: 1/16/2012 11:37:54 AM - Installed Epson Event Manager
    RP101: 1/16/2012 11:40:32 AM - Installed FAX Utility
    RP102: 1/23/2012 5:10:19 PM - Windows Update
    RP103: 1/24/2012 4:23:25 PM - Installed Java(TM) 6 Update 30
    RP104: 2/9/2012 12:00:20 AM - Scheduled Checkpoint
    RP105: 2/9/2012 7:11:44 PM - Installed OverDrive Media Console
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.2)
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft PhotoStudio 5.5
    AVG 2012
    Bonjour
    CameraHelperMsi
    Canon CanoScan LiDE 70 User Registration
    Canon CanoScan Toolbox 5.0
    CanoScan LiDE 70
    Clone Wars
    Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Epson Event Manager
    Epson FAX Utility
    Epson PC-FAX Driver
    EPSON Scan
    EPSON WorkForce 520 Series Printer Uninstall
    erLT
    Google Earth Plug-in
    Google Update Helper
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) TV Wizard
    iTunes
    J2SE Runtime Environment 5.0 Update 12
    Java Auto Updater
    Java(TM) 6 Update 30
    Logitech Vid HD
    Logitech Webcam Software
    LWS Facebook
    LWS Gallery
    LWS Help_main
    LWS Launcher
    LWS Motion Detection
    LWS Pictures And Video
    LWS Twitter
    LWS Video Mask Maker
    LWS VideoEffects
    LWS Webcam Software
    LWS WLM Plugin
    LWS YouTube Plugin
    Malwarebytes Anti-Malware version 1.60.1.1000
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft IntelliPoint 8.0
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access database engine 2007 (English)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft WSE 3.0 Runtime
    Mozilla Firefox 10.0 (x86 en-US)
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB973685)
    OverDrive Media Console
    Pdf995
    PMB
    QuickTime
    R for Windows 2.12.2
    RICOH Media Driver ver.2.07.01.04
    SAS 9.2
    SAS Deployment Tester - Client 1.3
    SAS Enterprise Guide 4.3
    SAS Versioned Jar Repository 9.2
    SAS/IML Studio 3.3
    SAS/SECURE Java 9.2
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553353) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Skype™ 5.5
    Spotify
    Unity Web Player
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
    Update for Microsoft Outlook Social Connector (KB2583935)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/9/2012 6:49:30 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    2/9/2012 6:44:30 PM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 2 time(s).
    2/9/2012 6:44:30 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    2/9/2012 6:44:30 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    2/9/2012 6:44:30 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/9/2012 6:44:30 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/9/2012 6:44:30 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    2/9/2012 6:44:30 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/9/2012 6:44:30 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    2/9/2012 6:44:30 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    2/9/2012 6:44:30 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/9/2012 6:25:03 PM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
    2/9/2012 6:25:03 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/9/2012 6:25:03 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/9/2012 6:25:03 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/9/2012 6:25:03 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/9/2012 6:25:03 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/9/2012 6:25:03 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/9/2012 6:25:03 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/9/2012 6:25:03 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/9/2012 6:25:03 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/9/2012 6:25:03 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/9/2012 6:25:03 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/9/2012 6:25:03 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/9/2012 6:25:03 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/9/2012 4:45:29 AM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 3 time(s).
    2/9/2012 4:45:29 AM, Error: Service Control Manager [7034] - The User Profile Service service terminated unexpectedly. It has done this 3 time(s).
    2/9/2012 4:45:29 AM, Error: Service Control Manager [7034] - The Themes service terminated unexpectedly. It has done this 3 time(s).
    2/9/2012 4:45:29 AM, Error: Service Control Manager [7034] - The Task Scheduler service terminated unexpectedly. It has done this 3 time(s).
    2/9/2012 4:45:29 AM, Error: Service Control Manager [7034] - The System Event Notification Service service terminated unexpectedly. It has done this 3 time(s).
    2/9/2012 4:45:29 AM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 3 time(s).
    2/9/2012 4:45:29 AM, Error: Service Control Manager [7034] - The IP Helper service terminated unexpectedly. It has done this 3 time(s).
    2/9/2012 4:45:29 AM, Error: Service Control Manager [7034] - The Group Policy Client service terminated unexpectedly. It has done this 3 time(s).
    2/9/2012 4:45:29 AM, Error: Service Control Manager [7034] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 3 time(s).
    2/9/2012 4:45:29 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    2/9/2012 4:45:28 AM, Error: Service Control Manager [7034] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 3 time(s).
    2/8/2012 10:03:13 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/8/2012 1:44:52 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/8/2012 1:42:59 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.
    2/8/2012 1:42:59 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/7/2012 10:14:13 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.
    2/7/2012 10:13:43 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
    2/7/2012 10:13:12 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
    2/7/2012 10:12:12 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
    2/7/2012 1:23:46 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The pipe has been ended.
    2/7/2012 1:23:24 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    2/6/2012 11:09:25 AM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: A thread could not be created for the service.
    2/3/2012 5:16:17 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ============================================================

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  3. cr1100

    cr1100 TS Rookie Topic Starter Posts: 20

    Sounds good. Just downloaded TDSSKiller. Will run it now.

    btw - Since I did the processes in the 5-step virus/malware/etc preliminary removal, including downloading malware, my computer repeatedly, within 1 min of being booted, went to the dreaded blue screen and rebooted. Since the only thing still around was malware, I uninstalled it from my computer. So far, it has not gone to the blue screen.

    Also, no question, my computer has been running much slower the last week or so.
     
  4. cr1100

    cr1100 TS Rookie Topic Starter Posts: 20

    TDSSKiller log

    Here's the log from TDSSKiller

    10:29:50.0127 2676 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
    10:29:51.0801 2676 ============================================================
    10:29:51.0801 2676 Current date / time: 2012/02/10 10:29:51.0801
    10:29:51.0801 2676 SystemInfo:
    10:29:51.0801 2676
    10:29:51.0802 2676 OS Version: 6.1.7601 ServicePack: 1.0
    10:29:51.0802 2676 Product type: Workstation
    10:29:51.0802 2676 ComputerName: ROFAMILY-PC
    10:29:51.0810 2676 UserName: Ro Family
    10:29:51.0810 2676 Windows directory: C:\Windows
    10:29:51.0810 2676 System windows directory: C:\Windows
    10:29:51.0810 2676 Processor architecture: Intel x86
    10:29:51.0811 2676 Number of processors: 2
    10:29:51.0811 2676 Page size: 0x1000
    10:29:51.0811 2676 Boot type: Normal boot
    10:29:51.0811 2676 ============================================================
    10:29:56.0368 2676 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    10:29:56.0371 2676 Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    10:29:56.0838 2676 \Device\Harddisk0\DR0:
    10:29:56.0839 2676 MBR used
    10:29:56.0839 2676 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
    10:29:56.0839 2676 \Device\Harddisk1\DR1:
    10:29:56.0839 2676 MBR used
    10:29:56.0839 2676 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x4A856E82
    10:29:56.0913 2676 Initialize success
    10:29:56.0913 2676 ============================================================
    10:30:09.0081 2532 ============================================================
    10:30:09.0081 2532 Scan started
    10:30:09.0081 2532 Mode: Manual;
    10:30:09.0081 2532 ============================================================
    10:30:15.0982 2532 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
    10:30:15.0995 2532 1394ohci - ok
    10:30:16.0140 2532 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
    10:30:16.0147 2532 ACPI - ok
    10:30:16.0196 2532 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
    10:30:16.0200 2532 AcpiPmi - ok
    10:30:16.0275 2532 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
    10:30:16.0282 2532 adp94xx - ok
    10:30:16.0347 2532 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
    10:30:16.0353 2532 adpahci - ok
    10:30:16.0382 2532 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
    10:30:16.0404 2532 adpu320 - ok
    10:30:16.0487 2532 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
    10:30:16.0506 2532 AFD - ok
    10:30:16.0549 2532 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
    10:30:16.0551 2532 agp440 - ok
    10:30:16.0615 2532 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
    10:30:16.0619 2532 aic78xx - ok
    10:30:16.0691 2532 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
    10:30:16.0714 2532 aliide - ok
    10:30:16.0747 2532 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
    10:30:16.0762 2532 amdagp - ok
    10:30:16.0782 2532 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
    10:30:16.0811 2532 amdide - ok
    10:30:16.0862 2532 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
    10:30:16.0867 2532 AmdK8 - ok
    10:30:16.0897 2532 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
    10:30:16.0899 2532 AmdPPM - ok
    10:30:16.0954 2532 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
    10:30:16.0981 2532 amdsata - ok
    10:30:17.0108 2532 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
    10:30:17.0519 2532 amdsbs - ok
    10:30:17.0634 2532 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
    10:30:17.0664 2532 amdxata - ok
    10:30:18.0194 2532 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
    10:30:18.0341 2532 AppID - ok
    10:30:19.0134 2532 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
    10:30:19.0180 2532 arc - ok
    10:30:19.0342 2532 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
    10:30:19.0410 2532 arcsas - ok
    10:30:19.0883 2532 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    10:30:19.0893 2532 AsyncMac - ok
    10:30:20.0148 2532 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
    10:30:20.0148 2532 atapi - ok
    10:30:20.0348 2532 AVGIDSDriver (f6878b90a8a9795116bce335238e65af) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
    10:30:20.0351 2532 AVGIDSDriver - ok
    10:30:20.0714 2532 AVGIDSEH (19a08a6728a6e02099d64268218cd799) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
    10:30:20.0729 2532 AVGIDSEH - ok
    10:30:21.0409 2532 AVGIDSFilter (f8927ab1dd086edeff2924a64dc89869) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
    10:30:21.0487 2532 AVGIDSFilter - ok
    10:30:21.0715 2532 AVGIDSShim (dadca567891033dcf2ec4a3f9da46ae4) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
    10:30:21.0738 2532 AVGIDSShim - ok
    10:30:21.0780 2532 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
    10:30:21.0979 2532 Avgldx86 - ok
    10:30:22.0320 2532 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
    10:30:22.0329 2532 Avgmfx86 - ok
    10:30:22.0426 2532 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
    10:30:22.0451 2532 Avgrkx86 - ok
    10:30:22.0733 2532 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
    10:30:22.0869 2532 Avgtdix - ok
    10:30:23.0348 2532 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
    10:30:23.0358 2532 b06bdrv - ok
    10:30:23.0553 2532 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
    10:30:23.0977 2532 b57nd60x - ok
    10:30:24.0195 2532 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    10:30:24.0210 2532 Beep - ok
    10:30:25.0292 2532 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    10:30:25.0293 2532 blbdrive - ok
    10:30:25.0606 2532 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
    10:30:25.0623 2532 bowser - ok
    10:30:25.0872 2532 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    10:30:25.0939 2532 BrFiltLo - ok
    10:30:26.0313 2532 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    10:30:26.0414 2532 BrFiltUp - ok
    10:30:27.0701 2532 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    10:30:27.0779 2532 Brserid - ok
    10:30:27.0804 2532 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    10:30:27.0820 2532 BrSerWdm - ok
    10:30:27.0840 2532 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    10:30:27.0885 2532 BrUsbMdm - ok
    10:30:27.0904 2532 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    10:30:27.0908 2532 BrUsbSer - ok
    10:30:27.0926 2532 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
    10:30:27.0936 2532 BTHMODEM - ok
    10:30:27.0974 2532 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    10:30:28.0017 2532 cdfs - ok
    10:30:28.0085 2532 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
    10:30:28.0089 2532 cdrom - ok
    10:30:28.0149 2532 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
    10:30:28.0215 2532 circlass - ok
    10:30:28.0385 2532 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    10:30:28.0425 2532 CLFS - ok
    10:30:28.0490 2532 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    10:30:28.0560 2532 CmBatt - ok
    10:30:28.0688 2532 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
    10:30:28.0690 2532 cmdide - ok
    10:30:28.0751 2532 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
    10:30:28.0786 2532 CNG - ok
    10:30:28.0824 2532 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    10:30:28.0918 2532 Compbatt - ok
    10:30:28.0973 2532 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
    10:30:28.0975 2532 CompositeBus - ok
    10:30:29.0039 2532 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
    10:30:29.0060 2532 crcdisk - ok
    10:30:29.0129 2532 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
    10:30:29.0184 2532 CSC - ok
    10:30:29.0247 2532 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
    10:30:29.0290 2532 DfsC - ok
    10:30:29.0350 2532 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    10:30:29.0361 2532 discache - ok
    10:30:29.0395 2532 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
    10:30:29.0408 2532 Disk - ok
    10:30:29.0474 2532 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    10:30:29.0530 2532 drmkaud - ok
    10:30:29.0579 2532 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
    10:30:29.0615 2532 DXGKrnl - ok
    10:30:29.0789 2532 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
    10:30:30.0132 2532 ebdrv - ok
    10:30:30.0187 2532 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
    10:30:30.0206 2532 elxstor - ok
    10:30:30.0243 2532 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
    10:30:30.0256 2532 ErrDev - ok
    10:30:30.0306 2532 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    10:30:30.0340 2532 exfat - ok
    10:30:30.0407 2532 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    10:30:30.0428 2532 fastfat - ok
    10:30:30.0470 2532 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
    10:30:30.0476 2532 fdc - ok
    10:30:30.0516 2532 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    10:30:30.0530 2532 FileInfo - ok
    10:30:30.0549 2532 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    10:30:30.0560 2532 Filetrace - ok
    10:30:30.0582 2532 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
    10:30:30.0588 2532 flpydisk - ok
    10:30:30.0620 2532 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    10:30:30.0666 2532 FltMgr - ok
    10:30:30.0689 2532 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    10:30:30.0723 2532 FsDepends - ok
    10:30:30.0740 2532 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
    10:30:30.0745 2532 Fs_Rec - ok
    10:30:30.0799 2532 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
    10:30:30.0807 2532 fvevol - ok
    10:30:30.0850 2532 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
    10:30:30.0951 2532 gagp30kx - ok
    10:30:31.0014 2532 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    10:30:31.0049 2532 GEARAspiWDM - ok
    10:30:31.0221 2532 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    10:30:31.0226 2532 hcw85cir - ok
    10:30:31.0320 2532 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
    10:30:31.0378 2532 HdAudAddService - ok
    10:30:31.0517 2532 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
    10:30:31.0553 2532 HDAudBus - ok
    10:30:31.0613 2532 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
    10:30:31.0635 2532 HidBatt - ok
    10:30:31.0664 2532 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
    10:30:31.0667 2532 HidBth - ok
    10:30:31.0709 2532 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
    10:30:31.0717 2532 HidIr - ok
    10:30:31.0761 2532 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
    10:30:31.0762 2532 HidUsb - ok
    10:30:31.0830 2532 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
    10:30:31.0832 2532 HpSAMD - ok
    10:30:31.0982 2532 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
    10:30:32.0060 2532 HTTP - ok
    10:30:32.0442 2532 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
    10:30:32.0445 2532 hwpolicy - ok
    10:30:32.0521 2532 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
    10:30:32.0526 2532 i8042prt - ok
    10:30:32.0814 2532 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
    10:30:32.0869 2532 iaStorV - ok
    10:30:33.0167 2532 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
    10:30:33.0443 2532 igfx - ok
    10:30:33.0762 2532 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
    10:30:33.0797 2532 iirsp - ok
    10:30:33.0875 2532 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
    10:30:33.0877 2532 intelide - ok
    10:30:33.0918 2532 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
    10:30:33.0920 2532 intelppm - ok
    10:30:33.0962 2532 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    10:30:33.0965 2532 IpFilterDriver - ok
    10:30:34.0013 2532 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
    10:30:34.0134 2532 IPMIDRV - ok
    10:30:34.0211 2532 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    10:30:34.0214 2532 IPNAT - ok
    10:30:34.0286 2532 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    10:30:34.0317 2532 IRENUM - ok
    10:30:34.0363 2532 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
    10:30:34.0424 2532 isapnp - ok
    10:30:34.0478 2532 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
    10:30:34.0496 2532 iScsiPrt - ok
    10:30:34.0601 2532 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
    10:30:34.0632 2532 kbdclass - ok
    10:30:34.0687 2532 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
    10:30:34.0695 2532 kbdhid - ok
    10:30:34.0746 2532 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
    10:30:34.0753 2532 KSecDD - ok
    10:30:34.0769 2532 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
    10:30:34.0803 2532 KSecPkg - ok
    10:30:34.0881 2532 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    10:30:34.0892 2532 lltdio - ok
    10:30:34.0979 2532 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
    10:30:35.0012 2532 LSI_FC - ok
    10:30:35.0054 2532 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
    10:30:35.0068 2532 LSI_SAS - ok
    10:30:35.0089 2532 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    10:30:35.0115 2532 LSI_SAS2 - ok
    10:30:35.0230 2532 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    10:30:35.0234 2532 LSI_SCSI - ok
    10:30:35.0264 2532 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    10:30:35.0283 2532 luafv - ok
    10:30:35.0339 2532 LVRS (7521c0c58ee91be90b6cc33e792d10c7) C:\Windows\system32\DRIVERS\lvrs.sys
    10:30:35.0371 2532 LVRS - ok
    10:30:35.0685 2532 LVUVC (37e57c48af530df01cdd4e8a2ad77b51) C:\Windows\system32\DRIVERS\lvuvc.sys
    10:30:35.0861 2532 LVUVC - ok
    10:30:36.0005 2532 MBAMProtector - ok
    10:30:36.0379 2532 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
    10:30:36.0381 2532 megasas - ok
    10:30:36.0458 2532 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
    10:30:36.0464 2532 MegaSR - ok
    10:30:36.0524 2532 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    10:30:36.0525 2532 Modem - ok
    10:30:36.0582 2532 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    10:30:36.0700 2532 monitor - ok
    10:30:36.0806 2532 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
    10:30:36.0816 2532 mouclass - ok
    10:30:36.0865 2532 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    10:30:36.0871 2532 mouhid - ok
    10:30:37.0023 2532 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
    10:30:37.0034 2532 mountmgr - ok
    10:30:37.0096 2532 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
    10:30:37.0106 2532 mpio - ok
    10:30:37.0134 2532 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    10:30:37.0167 2532 mpsdrv - ok
    10:30:37.0217 2532 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
    10:30:37.0255 2532 MRxDAV - ok
    10:30:37.0303 2532 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
    10:30:37.0321 2532 mrxsmb - ok
    10:30:37.0483 2532 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    10:30:37.0551 2532 mrxsmb10 - ok
    10:30:37.0573 2532 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    10:30:37.0576 2532 mrxsmb20 - ok
    10:30:37.0618 2532 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
    10:30:37.0728 2532 msahci - ok
    10:30:37.0771 2532 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
    10:30:37.0836 2532 msdsm - ok
    10:30:38.0023 2532 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    10:30:38.0093 2532 Msfs - ok
    10:30:38.0299 2532 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    10:30:38.0318 2532 mshidkmdf - ok
    10:30:38.0453 2532 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
    10:30:38.0492 2532 msisadrv - ok
    10:30:38.0672 2532 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    10:30:38.0675 2532 MSKSSRV - ok
    10:30:38.0716 2532 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    10:30:38.0769 2532 MSPCLOCK - ok
    10:30:38.0832 2532 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    10:30:38.0842 2532 MSPQM - ok
    10:30:38.0911 2532 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    10:30:38.0915 2532 MsRPC - ok
    10:30:38.0985 2532 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
    10:30:39.0006 2532 mssmbios - ok
    10:30:39.0125 2532 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    10:30:39.0139 2532 MSTEE - ok
    10:30:39.0195 2532 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
    10:30:39.0209 2532 MTConfig - ok
    10:30:39.0377 2532 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    10:30:39.0379 2532 Mup - ok
    10:30:39.0506 2532 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
    10:30:39.0561 2532 NativeWifiP - ok
    10:30:39.0622 2532 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
    10:30:39.0657 2532 NDIS - ok
    10:30:39.0842 2532 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
    10:30:39.0913 2532 NdisCap - ok
    10:30:40.0120 2532 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
    10:30:40.0206 2532 NdisTapi - ok
    10:30:40.0341 2532 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
    10:30:40.0345 2532 Ndisuio - ok
    10:30:40.0397 2532 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
    10:30:40.0402 2532 NdisWan - ok
    10:30:40.0471 2532 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
    10:30:40.0501 2532 NDProxy - ok
    10:30:40.0551 2532 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
    10:30:40.0559 2532 NetBIOS - ok
    10:30:40.0602 2532 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
    10:30:40.0611 2532 NetBT - ok
    10:30:40.0825 2532 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
    10:30:41.0024 2532 netw5v32 - ok
    10:30:41.0240 2532 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
    10:30:41.0248 2532 nfrd960 - ok
    10:30:41.0535 2532 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    10:30:41.0600 2532 Npfs - ok
    10:30:42.0526 2532 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
    10:30:42.0654 2532 nsiproxy - ok
    10:30:43.0759 2532 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
    10:30:43.0804 2532 Ntfs - ok
    10:30:43.0905 2532 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    10:30:43.0937 2532 Null - ok
    10:30:44.0122 2532 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
    10:30:44.0131 2532 nvraid - ok
    10:30:44.0365 2532 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
    10:30:44.0379 2532 nvstor - ok
    10:30:44.0495 2532 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
    10:30:44.0509 2532 nv_agp - ok
    10:30:44.0583 2532 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
    10:30:44.0616 2532 ohci1394 - ok
    10:30:44.0665 2532 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    10:30:44.0715 2532 Parport - ok
    10:30:44.0758 2532 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
    10:30:44.0781 2532 partmgr - ok
    10:30:44.0812 2532 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    10:30:44.0838 2532 Parvdm - ok
    10:30:44.0929 2532 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
    10:30:44.0986 2532 pci - ok
    10:30:45.0093 2532 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
    10:30:45.0114 2532 pciide - ok
    10:30:45.0180 2532 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
    10:30:45.0270 2532 pcmcia - ok
    10:30:45.0312 2532 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    10:30:45.0315 2532 pcw - ok
    10:30:45.0389 2532 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    10:30:45.0473 2532 PEAUTH - ok
    10:30:45.0910 2532 Point32 (60a044879c4fa76314494f5fddc43b93) C:\Windows\system32\DRIVERS\point32.sys
    10:30:45.0916 2532 Point32 - ok
    10:30:46.0065 2532 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    10:30:46.0067 2532 PptpMiniport - ok
    10:30:46.0164 2532 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
    10:30:46.0204 2532 Processor - ok
    10:30:46.0456 2532 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    10:30:46.0469 2532 Psched - ok
    10:30:46.0718 2532 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
    10:30:46.0794 2532 ql2300 - ok
    10:30:46.0909 2532 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
    10:30:46.0960 2532 ql40xx - ok
    10:30:47.0360 2532 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    10:30:47.0371 2532 QWAVEdrv - ok
    10:30:48.0024 2532 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    10:30:48.0154 2532 RasAcd - ok
    10:30:48.0692 2532 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    10:30:48.0700 2532 RasAgileVpn - ok
    10:30:49.0067 2532 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    10:30:49.0196 2532 Rasl2tp - ok
    10:30:49.0619 2532 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    10:30:49.0707 2532 RasPppoe - ok
    10:30:50.0461 2532 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    10:30:50.0465 2532 RasSstp - ok
    10:30:50.0594 2532 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
    10:30:50.0599 2532 rdbss - ok
    10:30:50.0757 2532 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    10:30:50.0773 2532 rdpbus - ok
    10:30:50.0904 2532 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
    10:30:50.0909 2532 RDPCDD - ok
    10:30:51.0171 2532 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
    10:30:51.0286 2532 RDPDR - ok
    10:30:51.0460 2532 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    10:30:51.0506 2532 RDPENCDD - ok
    10:30:51.0737 2532 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    10:30:51.0751 2532 RDPREFMP - ok
    10:30:52.0183 2532 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
    10:30:52.0201 2532 RDPWD - ok
    10:30:52.0339 2532 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
    10:30:52.0345 2532 rdyboost - ok
    10:30:52.0538 2532 rimmptsk (df672613fbbcd58c38bb0bc2694bcfb0) C:\Windows\system32\DRIVERS\rimmptsk.sys
    10:30:52.0545 2532 rimmptsk - ok
    10:30:52.0657 2532 rimsptsk (9bfb54d3559f2ff7301271d29d383564) C:\Windows\system32\DRIVERS\rimsptsk.sys
    10:30:52.0690 2532 rimsptsk - ok
    10:30:52.0747 2532 rismxdp (dcb87da83cc1010cbc9fc4dc9e395bbc) C:\Windows\system32\DRIVERS\rixdptsk.sys
    10:30:52.0749 2532 rismxdp - ok
    10:30:52.0833 2532 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    10:30:52.0853 2532 rspndr - ok
    10:30:52.0895 2532 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
    10:30:52.0922 2532 s3cap - ok
    10:30:52.0980 2532 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
    10:30:53.0012 2532 sbp2port - ok
    10:30:53.0061 2532 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
    10:30:53.0064 2532 scfilter - ok
    10:30:53.0321 2532 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
    10:30:53.0353 2532 sdbus - ok
    10:30:53.0513 2532 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    10:30:53.0516 2532 secdrv - ok
    10:30:53.0605 2532 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
    10:30:53.0638 2532 Serenum - ok
    10:30:53.0733 2532 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
    10:30:53.0760 2532 Serial - ok
    10:30:53.0882 2532 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
    10:30:53.0939 2532 sermouse - ok
    10:30:54.0011 2532 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
    10:30:54.0056 2532 sffdisk - ok
    10:30:54.0104 2532 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
    10:30:54.0115 2532 sffp_mmc - ok
    10:30:54.0139 2532 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
    10:30:54.0151 2532 sffp_sd - ok
    10:30:54.0223 2532 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
    10:30:54.0259 2532 sfloppy - ok
    10:30:54.0407 2532 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
    10:30:54.0427 2532 sisagp - ok
    10:30:54.0605 2532 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    10:30:54.0619 2532 SiSRaid2 - ok
    10:30:54.0724 2532 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
    10:30:54.0783 2532 SiSRaid4 - ok
    10:30:54.0826 2532 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    10:30:54.0888 2532 Smb - ok
    10:30:54.0973 2532 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    10:30:54.0979 2532 spldr - ok
    10:30:55.0029 2532 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
    10:30:55.0091 2532 srv - ok
    10:30:55.0161 2532 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
    10:30:55.0239 2532 srv2 - ok
    10:30:55.0316 2532 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
    10:30:55.0451 2532 SrvHsfHDA - ok
    10:30:55.0514 2532 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
    10:30:55.0548 2532 SrvHsfV92 - ok
    10:30:55.0590 2532 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
    10:30:55.0655 2532 SrvHsfWinac - ok
    10:30:55.0733 2532 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
    10:30:55.0736 2532 srvnet - ok
    10:30:55.0787 2532 sscdbus (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\Windows\system32\DRIVERS\sscdbus.sys
    10:30:55.0802 2532 sscdbus - ok
    10:30:55.0855 2532 sscdmdfl (8a1be0c347814f482f493aea619d57f6) C:\Windows\system32\DRIVERS\sscdmdfl.sys
    10:30:55.0915 2532 sscdmdfl - ok
    10:30:55.0944 2532 sscdmdm (5ab0b1987f682a59b15b78f84c6ad7d0) C:\Windows\system32\DRIVERS\sscdmdm.sys
    10:30:55.0998 2532 sscdmdm - ok
    10:30:56.0167 2532 sscdserd (751e66eb32efa80633b80f5d7ff0a1d8) C:\Windows\system32\DRIVERS\sscdserd.sys
    10:30:56.0174 2532 sscdserd - ok
    10:30:56.0340 2532 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
    10:30:56.0368 2532 stexstor - ok
    10:30:56.0512 2532 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
    10:30:56.0574 2532 storflt - ok
    10:30:56.0712 2532 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
    10:30:56.0714 2532 storvsc - ok
    10:30:56.0757 2532 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
    10:30:56.0758 2532 swenum - ok
    10:30:56.0914 2532 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
    10:30:56.0955 2532 Tcpip - ok
    10:30:57.0064 2532 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
    10:30:57.0078 2532 TCPIP6 - ok
    10:30:57.0124 2532 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
    10:30:57.0164 2532 tcpipreg - ok
    10:30:57.0254 2532 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
    10:30:57.0269 2532 TDPIPE - ok
    10:30:57.0298 2532 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
    10:30:57.0350 2532 TDTCP - ok
    10:30:57.0400 2532 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
    10:30:57.0414 2532 tdx - ok
    10:30:57.0477 2532 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
    10:30:57.0480 2532 TermDD - ok
    10:30:57.0572 2532 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
    10:30:57.0634 2532 tssecsrv - ok
    10:30:57.0709 2532 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
    10:30:57.0711 2532 TsUsbFlt - ok
    10:30:57.0779 2532 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
    10:30:57.0796 2532 tunnel - ok
    10:30:57.0825 2532 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
    10:30:57.0828 2532 uagp35 - ok
    10:30:57.0875 2532 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
    10:30:57.0880 2532 udfs - ok
    10:30:57.0941 2532 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
    10:30:57.0945 2532 uliagpkx - ok
    10:30:57.0993 2532 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
    10:30:58.0002 2532 umbus - ok
    10:30:58.0069 2532 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
    10:30:58.0082 2532 UmPass - ok
    10:30:58.0281 2532 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
    10:30:58.0284 2532 USBAAPL - ok
    10:30:58.0350 2532 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
    10:30:58.0366 2532 usbaudio - ok
    10:30:58.0401 2532 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
    10:30:58.0404 2532 usbccgp - ok
    10:30:58.0527 2532 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
    10:30:58.0538 2532 usbcir - ok
    10:30:58.0585 2532 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
    10:30:58.0702 2532 usbehci - ok
    10:30:58.0813 2532 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
    10:30:58.0882 2532 usbhub - ok
    10:30:58.0931 2532 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
    10:30:58.0951 2532 usbohci - ok
    10:30:59.0053 2532 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
    10:30:59.0083 2532 usbprint - ok
    10:30:59.0267 2532 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
    10:30:59.0348 2532 usbscan - ok
    10:30:59.0393 2532 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    10:30:59.0396 2532 USBSTOR - ok
    10:30:59.0430 2532 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
    10:30:59.0434 2532 usbuhci - ok
    10:30:59.0488 2532 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
    10:30:59.0506 2532 vdrvroot - ok
    10:30:59.0564 2532 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    10:30:59.0614 2532 vga - ok
    10:30:59.0636 2532 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    10:30:59.0655 2532 VgaSave - ok
    10:30:59.0740 2532 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
    10:30:59.0811 2532 vhdmp - ok
    10:30:59.0847 2532 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
    10:30:59.0984 2532 viaagp - ok
    10:31:00.0027 2532 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
    10:31:00.0043 2532 ViaC7 - ok
    10:31:00.0842 2532 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
    10:31:00.0859 2532 viaide - ok
    10:31:01.0467 2532 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
    10:31:01.0534 2532 vmbus - ok
    10:31:01.0611 2532 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
    10:31:01.0625 2532 VMBusHID - ok
    10:31:01.0644 2532 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
    10:31:01.0683 2532 volmgr - ok
    10:31:01.0722 2532 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    10:31:01.0745 2532 volmgrx - ok
    10:31:01.0794 2532 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
    10:31:01.0864 2532 volsnap - ok
    10:31:01.0901 2532 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
    10:31:01.0986 2532 vsmraid - ok
    10:31:02.0118 2532 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
    10:31:02.0127 2532 vwifibus - ok
    10:31:02.0384 2532 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
    10:31:02.0386 2532 WacomPen - ok
    10:31:02.0470 2532 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
    10:31:02.0514 2532 WANARP - ok
    10:31:02.0523 2532 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
    10:31:02.0525 2532 Wanarpv6 - ok
    10:31:02.0588 2532 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
    10:31:02.0651 2532 Wd - ok
    10:31:02.0688 2532 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    10:31:02.0734 2532 Wdf01000 - ok
    10:31:02.0811 2532 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    10:31:02.0896 2532 WfpLwf - ok
    10:31:02.0929 2532 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    10:31:02.0937 2532 WIMMount - ok
    10:31:03.0283 2532 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
    10:31:03.0324 2532 WinUsb - ok
    10:31:03.0416 2532 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
    10:31:03.0474 2532 WmiAcpi - ok
    10:31:03.0542 2532 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    10:31:03.0587 2532 ws2ifsl - ok
    10:31:03.0750 2532 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
    10:31:03.0777 2532 WudfPf - ok
    10:31:03.0809 2532 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
    10:31:03.0843 2532 WUDFRd - ok
    10:31:03.0996 2532 yukonw7 (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys
    10:31:04.0158 2532 yukonw7 - ok
    10:31:04.0249 2532 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0
    10:31:04.0316 2532 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
    10:31:04.0316 2532 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
    10:31:04.0806 2532 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR1
    10:31:04.0810 2532 \Device\Harddisk1\DR1 - ok
    10:31:04.0831 2532 Boot (0x1200) (d9abfae0d898064e87101d2147010fdd) \Device\Harddisk0\DR0\Partition0
    10:31:04.0832 2532 \Device\Harddisk0\DR0\Partition0 - ok
    10:31:04.0839 2532 Boot (0x1200) (f274e216be61760f9abf8a5c5cce6701) \Device\Harddisk1\DR1\Partition0
    10:31:04.0840 2532 \Device\Harddisk1\DR1\Partition0 - ok
    10:31:04.0842 2532 ============================================================
    10:31:04.0843 2532 Scan finished
    10:31:04.0843 2532 ============================================================
    10:31:04.0870 1588 Detected object count: 1
    10:31:04.0870 1588 Actual detected object count: 1
    10:31:17.0287 1588 \Device\Harddisk0\DR0\# - copied to quarantine
    10:31:17.0288 1588 \Device\Harddisk0\DR0 - copied to quarantine
    10:31:17.0321 1588 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
    10:31:17.0323 1588 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
    10:31:17.0335 1588 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
    10:31:17.0337 1588 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
    10:31:17.0339 1588 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
    10:31:17.0343 1588 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
    10:31:17.0356 1588 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
    10:31:17.0398 1588 \Device\Harddisk0\DR0\TDLFS\xh.dll - copied to quarantine
    10:31:17.0403 1588 \Device\Harddisk0\DR0\TDLFS\spr.dll - copied to quarantine
    10:31:17.0413 1588 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
    10:31:17.0414 1588 \Device\Harddisk0\DR0 - ok
    10:31:17.0539 1588 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
    10:35:23.0398 5016 Deinitialize success
     
  5. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Good :)

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ============================================================

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  6. cr1100

    cr1100 TS Rookie Topic Starter Posts: 20

    Good in general or for uninstalling Malware remover (since I uninstalled it, the blue screen has not returned).

    Running the next step now . . .
     
  7. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Good about a rootkit we just removed.
     
  8. cr1100

    cr1100 TS Rookie Topic Starter Posts: 20

    AV software

    Another question: I'm running AVG as my AV software. I've had a number of people say it's fine, but I noticed it isn't on your recommended list. Thoughts?
     
  9. cr1100

    cr1100 TS Rookie Topic Starter Posts: 20

    Here's the aswMBR and Bootkit remover

    aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
    Run date: 2012-02-10 11:09:18
    -----------------------------
    11:09:18.897 OS Version: Windows 6.1.7601 Service Pack 1
    11:09:18.897 Number of processors: 2 586 0xF0D
    11:09:18.899 ComputerName: ROFAMILY-PC UserName: Ro Family
    11:09:20.194 Initialize success
    11:10:53.177 AVAST engine defs: 12021000
    11:11:04.568 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
    11:11:04.573 Disk 0 Vendor: WDC_WD3200BEVT-75ZCT0 11.01A11 Size: 305245MB BusType: 11
    11:11:04.591 Disk 0 MBR read successfully
    11:11:04.597 Disk 0 MBR scan
    11:11:04.608 Disk 0 Windows 7 default MBR code
    11:11:04.617 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305243 MB offset 2048
    11:11:04.630 Disk 0 scanning sectors +625139712
    11:11:04.736 Disk 0 scanning C:\Windows\system32\drivers
    11:11:16.681 Service scanning
    11:11:18.064 Modules scanning
    11:11:24.567 Disk 0 trace - called modules:
    11:11:24.600 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
    11:11:24.606 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x861801a0]
    11:11:24.956 3 CLASSPNP.SYS[8b38059e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x85ced908]
    11:11:26.431 AVAST engine scan C:\Windows
    11:11:28.810 AVAST engine scan C:\Windows\system32
    11:14:26.933 AVAST engine scan C:\Windows\system32\drivers
    11:14:45.400 AVAST engine scan C:\Users\Ro Family
    11:15:13.393 Disk 0 MBR has been saved successfully to "C:\Users\Ro Family\Desktop\MBR.dat"
    11:15:13.403 The log file has been saved successfully to "C:\Users\Ro Family\Desktop\aswMBR.txt"


    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Service Pack 1 (build 7601), 32-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00100000
    Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...
     
  10. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    AVG is a fine program.
     
  11. cr1100

    cr1100 TS Rookie Topic Starter Posts: 20

    btw - AVG just had a Trojan Horse it found and removed . . . wondering if what we're doing is related . . .

    And I'm just now noticing that the location looks identical to the one which aswMBR seems to have found (since the font is in the color red in aswMBR)
     
  12. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  13. cr1100

    cr1100 TS Rookie Topic Starter Posts: 20

    ComboFix 12-02-10.03 - Ro Family 02/10/2012 11:35:24.1.2 - x86
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3062.1807 [GMT -7:00]
    Running from: c:\users\Ro Family\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Ro Family\Favorites\bookmarks-2010-02-27.json
    c:\users\Ro Family\Favorites\Bookmarks 2009-04-23.json
    E:\autorun.inf
    E:\Setup.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-10 to 2012-02-10 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-10 18:43 . 2012-02-10 18:43 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-02-10 17:31 . 2012-02-10 17:31 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-02-10 05:34 . 2012-02-10 05:34 -------- d-----w- c:\users\Ro Family\AppData\Roaming\Malwarebytes
    2012-02-10 05:34 . 2012-02-10 18:29 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
    2012-02-10 05:34 . 2012-02-10 05:34 -------- d-----w- c:\programdata\Malwarebytes
    2012-02-10 05:34 . 2012-02-10 17:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-02-10 02:13 . 2012-02-10 02:13 -------- d-----w- c:\users\Ro Family\AppData\Roaming\OverDrive
    2012-02-10 02:12 . 2012-02-10 02:12 -------- d-----w- c:\program files\OverDrive Media Console
    2012-02-09 08:08 . 2012-02-09 08:08 -------- d-----w- c:\users\Default\AppData\Roaming\Apple Computer
    2012-02-09 08:08 . 2012-02-09 08:08 -------- d-----w- c:\users\Default\AppData\Local\Apple Computer
    2012-01-22 21:43 . 2012-01-22 21:43 -------- d-----w- c:\program files\iPod
    2012-01-22 21:43 . 2012-01-22 21:44 -------- d-----w- c:\program files\iTunes
    2012-01-22 21:21 . 2012-01-22 21:21 -------- d-----w- c:\windows\Sun
    2012-01-16 18:41 . 2012-01-16 18:41 -------- d-----w- c:\program files\Common Files\EPSON
    2012-01-16 18:41 . 2012-01-17 00:37 -------- d-----w- c:\users\Ro Family\AppData\Roaming\Epson
    2012-01-16 18:40 . 2006-10-31 07:10 51360 ----a-w- c:\windows\system32\EpPicPrt.dll
    2012-01-16 18:40 . 2006-10-31 07:10 51360 ----a-w- c:\windows\system32\EpPicMgr.dll
    2012-01-16 18:40 . 2006-10-20 07:10 80024 ----a-w- c:\windows\system32\PICSDK.dll
    2012-01-16 18:40 . 2006-10-20 07:10 501912 ----a-w- c:\windows\system32\PICSDK2.dll
    2012-01-16 18:40 . 2006-10-20 07:10 108704 ----a-w- c:\windows\system32\PICEntry.dll
    2012-01-16 18:40 . 2012-01-16 18:40 -------- d-----w- c:\users\Ro Family\AppData\Roaming\InstallShield
    2012-01-16 18:39 . 2008-11-11 19:00 93696 ----a-w- c:\windows\system32\E_FLBGIA.DLL
    2012-01-16 18:39 . 2009-09-30 21:01 63488 ----a-w- c:\windows\system32\E_FD4BGIA.DLL
    2012-01-16 18:39 . 2012-01-16 18:41 -------- d-----w- c:\programdata\EPSON
    2012-01-16 18:39 . 2012-01-16 18:40 -------- d-----w- c:\program files\Epson Software
    2012-01-16 18:37 . 2009-11-20 07:00 341504 ----a-w- c:\windows\system32\esw2ud.dll
    2012-01-16 18:37 . 2009-05-01 07:00 15872 ----a-w- c:\windows\system32\escdev.dll
    2012-01-16 18:37 . 2009-05-01 07:00 128392 ----a-w- c:\windows\system32\esdevapp.exe
    2012-01-16 18:37 . 2012-01-16 18:42 -------- d-----w- c:\program files\epson
    2012-01-15 00:12 . 2011-11-17 05:41 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-01-15 00:12 . 2011-11-17 05:41 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-01-15 00:12 . 2011-11-17 05:39 369352 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-01-15 00:12 . 2011-11-17 05:34 224768 ----a-w- c:\windows\system32\schannel.dll
    2012-01-15 00:12 . 2011-11-17 05:32 1038848 ----a-w- c:\windows\system32\lsasrv.dll
    2012-01-15 00:12 . 2011-11-17 05:29 22528 ----a-w- c:\windows\system32\lsass.exe
    2012-01-15 00:12 . 2011-11-17 05:35 314880 ----a-w- c:\windows\system32\webio.dll
    2012-01-15 00:12 . 2011-11-17 05:34 100352 ----a-w- c:\windows\system32\sspicli.dll
    2012-01-15 00:12 . 2011-11-17 05:34 15872 ----a-w- c:\windows\system32\sspisrv.dll
    2012-01-15 00:12 . 2011-11-17 05:34 22016 ----a-w- c:\windows\system32\secur32.dll
    2012-01-12 14:46 . 2012-01-31 18:22 45016 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
    2012-01-12 14:46 . 2012-01-12 14:46 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
    2012-01-12 14:46 . 2012-01-12 14:46 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
    2012-01-12 14:46 . 2012-01-12 14:46 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-24 04:25 . 2011-12-14 02:02 2342912 ----a-w- c:\windows\system32\win32k.sys
    2011-11-19 14:01 . 2012-01-11 15:32 67072 ----a-w- c:\windows\system32\packager.dll
    2011-11-17 05:38 . 2012-01-11 15:32 1288472 ----a-w- c:\windows\system32\ntdll.dll
    2012-01-31 18:22 . 2011-05-06 04:53 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
    "PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]
    "EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
    "FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-03 847872]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-17 421736]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg&inst=MC0w&prod=90&ver=2012.0.1913&mid=3486a95c6d3a47d68b38d168dd39be10-4f46c09110d57a04b77b77e401bc4970e1973a2f" [?]
    .
    c:\users\Ro Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-04 136176]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-04 136176]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-18 1343400]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
    S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]
    S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
    S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
    S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
    S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
    S4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
    S4 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
    S4 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
    S4 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [x]
    S4 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
    S4 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ASWMBR
    *Deregistered* - aswMBR
    *Deregistered* - Avgldx86
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-04 18:28]
    .
    2012-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-04 18:28]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = https://compass.illinois.edu/webct/entryPageIns.dowebct
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: DhcpNameServer = 71.37.179.38 69.145.232.32 69.144.49.29
    FF - ProfilePath - c:\users\Ro Family\AppData\Roaming\Mozilla\Firefox\Profiles\s6gvcq3w.default\
    FF - prefs.js: browser.startup.homepage - www.espn.com
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    HKLM-Run-Malwarebytes' Anti-Malware - c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-02-10 11:46:29
    ComboFix-quarantined-files.txt 2012-02-10 18:46
    .
    Pre-Run: 91,767,738,368 bytes free
    Post-Run: 93,732,556,800 bytes free
    .
    - - End Of File - - A90D0053A92F30CBA3F6F88AA1F0FA95
     
  14. cr1100

    cr1100 TS Rookie Topic Starter Posts: 20

    Ok, there it is . . . I'm hoping i'm good to go.

    It could just be a psychological thing, but i think the laptop is running faster (hence cleaner). Certainly firefox fires up quicker, and i think it's opening pages (gmail, this website) quicker.
     
  15. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Combofix log looks good.

    Any current issues?

    You can reinstall AVG now.

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  16. cr1100

    cr1100 TS Rookie Topic Starter Posts: 20

    Text is too long, so i'll submit as 2 posts. OTL first

    OTL logfile created on: 2/10/2012 12:15:28 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ro Family\Desktop
    Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.99 Gb Total Physical Memory | 1.77 Gb Available Physical Memory | 59.29% Memory free
    5.98 Gb Paging File | 4.27 Gb Available in Paging File | 71.48% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 298.09 Gb Total Space | 86.91 Gb Free Space | 29.16% Space Free | Partition Type: NTFS
    Drive E: | 596.02 Gb Total Space | 462.21 Gb Free Space | 77.55% Space Free | Partition Type: FAT32

    Computer Name: ROFAMILY-PC | User Name: Ro Family | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/02/10 12:13:29 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ro Family\Desktop\OTL.exe
    PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/08/19 02:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    PRC - [2011/08/12 11:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
    PRC - [2011/08/12 11:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
    PRC - [2011/08/12 11:18:30 | 000,265,240 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    PRC - [2011/03/18 22:59:40 | 001,422,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
    PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2011/01/12 19:01:28 | 006,129,496 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Vid HD\Vid.exe
    PRC - [2010/12/21 01:07:48 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
    PRC - [2010/11/27 00:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
    PRC - [2010/11/27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
    PRC - [2010/11/20 05:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2009/12/03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
    PRC - [2009/12/03 00:00:00 | 000,847,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
    PRC - [2009/09/13 18:00:00 | 000,200,704 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGIA.EXE


    ========== Modules (No Company Name) ==========

    MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/08/22 14:47:44 | 000,336,408 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
    MOD - [2011/08/19 02:26:16 | 000,183,320 | ---- | M] () -- C:\Program Files\Common Files\logishrd\SharedBin\LvApi11.dll
    MOD - [2011/08/12 11:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
    MOD - [2011/08/12 11:18:30 | 000,265,240 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    MOD - [2011/03/01 22:15:28 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
    MOD - [2011/03/01 22:15:28 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
    MOD - [2011/03/01 22:15:04 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
    MOD - [2011/03/01 22:14:42 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
    MOD - [2011/03/01 22:14:30 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
    MOD - [2011/01/12 18:57:34 | 000,751,616 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\vpxmd.dll
    MOD - [2011/01/12 18:55:28 | 000,027,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\SDL.dll
    MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    MOD - [2009/04/22 14:53:56 | 000,969,040 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtNetwork4.dll
    MOD - [2009/04/09 16:04:56 | 002,141,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtCore4.dll
    MOD - [2009/03/03 15:18:08 | 000,138,064 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
    MOD - [2009/03/03 15:18:06 | 000,035,152 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qico4.dll
    MOD - [2009/03/03 15:18:06 | 000,029,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qgif4.dll
    MOD - [2009/03/03 15:17:46 | 011,311,952 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtWebKit4.dll
    MOD - [2009/03/03 15:17:46 | 000,363,856 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtXml4.dll
    MOD - [2009/03/03 15:17:44 | 000,200,016 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtSql4.dll
    MOD - [2009/03/03 15:17:40 | 000,475,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtOpenGL4.dll
    MOD - [2009/03/03 15:17:38 | 007,704,400 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtGui4.dll
    MOD - [2009/03/03 15:17:32 | 000,291,664 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\phonon4.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/08/19 02:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
    SRV - [2011/06/12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
    SRV - [2011/02/18 03:01:25 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2010/11/27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
    SRV - [2009/07/13 18:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
    SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | Disabled | Running] -- -- (Avgtdix)
    DRV - File not found [File_System | Disabled | Running] -- -- (Avgrkx86)
    DRV - File not found [Kernel | Disabled | Running] -- -- (AVGIDSShim)
    DRV - File not found [Kernel | Disabled | Running] -- -- (AVGIDSFilter)
    DRV - File not found [Kernel | Disabled | Running] -- -- (AVGIDSEH)
    DRV - File not found [Kernel | Disabled | Running] -- -- (AVGIDSDriver)
    DRV - [2011/08/19 02:26:50 | 004,334,624 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 9000(UVC)
    DRV - [2011/08/19 02:26:46 | 000,315,808 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
    DRV - [2010/11/20 05:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
    DRV - [2010/11/20 05:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
    DRV - [2010/11/20 05:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
    DRV - [2010/11/20 03:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010/11/20 02:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2010/11/20 02:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
    DRV - [2010/11/20 02:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
    DRV - [2009/07/13 15:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
    DRV - [2009/07/13 15:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
    DRV - [2009/06/25 15:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2009/06/25 15:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2009/06/25 15:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2005/08/17 06:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG CDMA Modem Diagnostic Serial Port (WDM)
    DRV - [2005/08/17 06:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
    DRV - [2005/08/17 06:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
    DRV - [2005/08/17 06:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2066902144-2231887002-4265874029-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://compass.illinois.edu/webct/entryPageIns.dowebct
    IE - HKU\S-1-5-21-2066902144-2231887002-4265874029-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-2066902144-2231887002-4265874029-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C6 DD 1C F3 71 D7 CB 01 [binary data]
    IE - HKU\S-1-5-21-2066902144-2231887002-4265874029-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2066902144-2231887002-4265874029-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "www.espn.com"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}:5.0.12
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {000F1EA4-5E08-4564-A29B-29076F63A37A}:1.0.3.151
    FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1319

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Ro Family\AppData\Roaming\Mozilla\Firefox\Profiles\s6gvcq3w.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ro Family\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/31 11:22:23 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/12 20:55:55 | 000,000,000 | ---D | M]

    [2011/02/17 12:53:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ro Family\AppData\Roaming\Mozilla\Extensions
    [2012/02/10 10:38:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ro Family\AppData\Roaming\Mozilla\Firefox\Profiles\s6gvcq3w.default\extensions
    [2011/04/01 12:55:54 | 000,000,000 | ---D | M] () -- C:\Users\Ro Family\AppData\Roaming\Mozilla\Firefox\Profiles\s6gvcq3w.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
    [2012/01/31 11:22:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    () (No name found) -- C:\USERS\RO FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S6GVCQ3W.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
    [2012/01/31 11:22:21 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/06/28 20:18:02 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
    [2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2011/10/05 19:20:16 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2011/11/11 08:13:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/02/10 11:44:22 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
    O4 - HKLM..\Run: [MFARestart] C:\ProgramData\MFAData\pack\avgrunasx.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
    O4 - HKU\S-1-5-21-2066902144-2231887002-4265874029-1000..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
    O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
    O4 - Startup: C:\Users\Ro Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2066902144-2231887002-4265874029-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2066902144-2231887002-4265874029-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-21-2066902144-2231887002-4265874029-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-2066902144-2231887002-4265874029-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-2066902144-2231887002-4265874029-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-2066902144-2231887002-4265874029-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 71.37.179.38 69.145.232.32 69.144.49.29
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C7DF159-52A2-4DAE-B9C3-EC7F06D2FDC2}: DhcpNameServer = 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D3A1D7F-FDD0-4076-932C-F9C847B78947}: DhcpNameServer = 71.37.179.38 69.145.232.32 69.144.49.29
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2009/12/10 14:38:02 | 000,000,000 | ---D | M] - E:\autorun -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.i420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/02/10 12:13:26 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Ro Family\Desktop\OTL.exe
    [2012/02/10 11:48:43 | 003,968,384 | ---- | C] (AVG Technologies) -- C:\Users\Ro Family\Desktop\avg_free_stb_all_2012_1913_cnet.exe
    [2012/02/10 11:46:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/02/10 11:43:51 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/02/10 11:42:33 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2012/02/10 11:32:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/02/10 11:32:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/02/10 11:32:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/02/10 11:32:18 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/02/10 11:32:15 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/02/10 11:26:59 | 004,400,207 | R--- | C] (Swearware) -- C:\Users\Ro Family\Desktop\ComboFix.exe
    [2012/02/10 11:08:40 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\Ro Family\Desktop\aswMBR.exe
    [2012/02/10 10:31:17 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/02/10 10:24:42 | 002,059,824 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ro Family\Desktop\tdsskiller.exe
    [2012/02/09 22:51:02 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Ro Family\Desktop\dds.scr
    [2012/02/09 22:34:48 | 000,000,000 | ---D | C] -- C:\Users\Ro Family\AppData\Roaming\Malwarebytes
    [2012/02/09 22:34:34 | 000,000,000 | ---D | C] -- C:\Program Files\MALWAREBYTES ANTI-MALWARE
    [2012/02/09 22:34:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/02/09 22:34:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/02/09 22:33:20 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Ro Family\Desktop\mbam-setup-1.60.1.1000.exe
    [2012/02/09 19:13:01 | 000,000,000 | ---D | C] -- C:\Users\Ro Family\AppData\Roaming\OverDrive
    [2012/02/09 19:12:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OverDrive Media Console
    [2012/02/09 19:12:33 | 000,000,000 | ---D | C] -- C:\Program Files\OverDrive Media Console
    [2012/01/22 14:44:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2012/01/22 14:43:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2012/01/22 14:43:12 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2012/01/22 14:21:40 | 000,000,000 | ---D | C] -- C:\Windows\Sun
    [2012/01/16 13:24:56 | 000,000,000 | R--D | C] -- C:\Users\Ro Family\Documents\Scanned Documents
    [2012/01/16 13:24:56 | 000,000,000 | ---D | C] -- C:\Users\Ro Family\Documents\Fax
    [2012/01/16 11:41:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
    [2012/01/16 11:41:09 | 000,000,000 | ---D | C] -- C:\Users\Ro Family\AppData\Roaming\Epson
    [2012/01/16 11:40:05 | 000,000,000 | ---D | C] -- C:\Users\Ro Family\AppData\Roaming\InstallShield
    [2012/01/16 11:39:16 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
    [2012/01/16 11:39:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
    [2012/01/16 11:39:00 | 000,000,000 | ---D | C] -- C:\Program Files\Epson Software
    [2012/01/16 11:37:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
    [2012/01/16 11:37:04 | 000,000,000 | ---D | C] -- C:\Program Files\epson

    ========== Files - Modified Within 30 Days ==========

    [2012/02/10 12:13:29 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ro Family\Desktop\OTL.exe
    [2012/02/10 12:04:06 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/02/10 11:48:51 | 003,968,384 | ---- | M] (AVG Technologies) -- C:\Users\Ro Family\Desktop\avg_free_stb_all_2012_1913_cnet.exe
    [2012/02/10 11:44:22 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/02/10 11:27:03 | 004,400,207 | R--- | M] (Swearware) -- C:\Users\Ro Family\Desktop\ComboFix.exe
    [2012/02/10 11:15:13 | 000,000,512 | ---- | M] () -- C:\Users\Ro Family\Desktop\MBR.dat
    [2012/02/10 11:09:11 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Ro Family\Desktop\aswMBR.exe
    [2012/02/10 10:44:40 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/02/10 10:44:40 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/02/10 10:37:22 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/02/10 10:36:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/02/10 10:36:39 | 2408,087,552 | -HS- | M] () -- C:\hiberfil.sys
    [2012/02/10 10:24:56 | 002,059,824 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ro Family\Desktop\tdsskiller.exe
    [2012/02/10 10:19:23 | 286,466,118 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/02/09 22:51:03 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Ro Family\Desktop\dds.scr
    [2012/02/09 22:44:45 | 000,302,592 | ---- | M] () -- C:\Users\Ro Family\Desktop\kl8ntf7p.exe
    [2012/02/09 22:43:16 | 000,183,930 | ---- | M] () -- C:\Users\Ro Family\Desktop\UPDATED 5-step Viruses Spyware Malware Preliminary Removal Instructions - TechSpot OpenBoards.pdf
    [2012/02/09 22:43:07 | 000,000,060 | ---- | M] () -- C:\Windows\wpd99.drv
    [2012/02/09 22:33:35 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Ro Family\Desktop\mbam-setup-1.60.1.1000.exe
    [2012/02/09 22:04:57 | 000,026,324 | ---- | M] () -- C:\Users\Ro Family\Desktop\Back up error.jpg
    [2012/02/09 19:12:35 | 000,002,513 | ---- | M] () -- C:\Users\Public\Desktop\OverDrive Media Console.lnk
    [2012/02/09 18:09:29 | 000,641,448 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/02/09 18:09:29 | 000,116,390 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/02/03 17:22:48 | 000,002,006 | ---- | M] () -- C:\Users\Ro Family\Documents\Default.rdp
    [2012/02/01 17:47:11 | 000,050,057 | ---- | M] () -- C:\Users\Ro Family\Desktop\2012 Fitness Sched Campbell Cty Rec Center.pdf
    [2012/01/23 07:57:53 | 000,001,753 | ---- | M] () -- C:\Users\Ro Family\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
    [2012/01/22 14:44:25 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/01/22 14:18:50 | 000,001,266 | ---- | M] () -- C:\Users\Ro Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    [2012/01/21 19:17:36 | 000,001,985 | ---- | M] () -- C:\Users\Ro Family\Desktop\SAS 9.2 (English).lnk
    [2012/01/21 19:17:36 | 000,001,900 | ---- | M] () -- C:\Users\Ro Family\Desktop\Spotify.lnk
    [2012/01/21 19:17:35 | 000,001,331 | ---- | M] () -- C:\Users\Ro Family\Desktop\Ro Family.lnk
    [2012/01/21 19:17:35 | 000,000,383 | ---- | M] () -- C:\Users\Ro Family\Desktop\Computer - Shortcut.lnk
    [2012/01/16 11:55:55 | 000,090,321 | ---- | M] () -- C:\Users\Ro Family\Desktop\bookmarks-2012-01-16.json
    [2012/01/16 11:42:19 | 000,000,107 | ---- | M] () -- C:\Windows\EWF520.ini
    [2012/01/16 11:42:10 | 000,001,148 | ---- | M] () -- C:\Users\Public\Desktop\Epson WorkForce_520_525_User's_Guide.lnk
    [2012/01/16 11:37:10 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk

    ========== Files Created - No Company Name ==========

    [2012/02/10 11:32:23 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/02/10 11:32:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/02/10 11:32:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/02/10 11:32:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/02/10 11:32:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/02/10 11:15:13 | 000,000,512 | ---- | C] () -- C:\Users\Ro Family\Desktop\MBR.dat
    [2012/02/09 22:44:44 | 000,302,592 | ---- | C] () -- C:\Users\Ro Family\Desktop\kl8ntf7p.exe
    [2012/02/09 22:43:01 | 000,183,930 | ---- | C] () -- C:\Users\Ro Family\Desktop\UPDATED 5-step Viruses Spyware Malware Preliminary Removal Instructions - TechSpot OpenBoards.pdf
    [2012/02/09 22:04:57 | 000,026,324 | ---- | C] () -- C:\Users\Ro Family\Desktop\Back up error.jpg
    [2012/02/09 19:12:35 | 000,002,513 | ---- | C] () -- C:\Users\Public\Desktop\OverDrive Media Console.lnk
    [2012/02/01 17:47:08 | 000,050,057 | ---- | C] () -- C:\Users\Ro Family\Desktop\2012 Fitness Sched Campbell Cty Rec Center.pdf
    [2012/01/23 09:46:43 | 286,466,118 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2012/01/23 07:57:53 | 000,001,753 | ---- | C] () -- C:\Users\Ro Family\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
    [2012/01/22 14:44:25 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/01/16 11:55:54 | 000,090,321 | ---- | C] () -- C:\Users\Ro Family\Desktop\bookmarks-2012-01-16.json
    [2012/01/16 11:42:10 | 000,001,148 | ---- | C] () -- C:\Users\Public\Desktop\Epson WorkForce_520_525_User's_Guide.lnk
    [2012/01/16 11:40:08 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
    [2012/01/16 11:40:08 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
    [2012/01/16 11:40:08 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
    [2012/01/16 11:40:08 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
    [2012/01/16 11:40:08 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
    [2012/01/16 11:40:08 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
    [2012/01/16 11:40:08 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
    [2012/01/16 11:40:08 | 000,012,669 | ---- | C] () -- C:\Windows\System32\EPPICLocal_EN.cfg
    [2012/01/16 11:40:08 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
    [2012/01/16 11:40:08 | 000,006,478 | ---- | C] () -- C:\Windows\System32\EPPICLocal_PT.cfg
    [2012/01/16 11:40:08 | 000,006,478 | ---- | C] () -- C:\Windows\System32\EPPICLocal_BP.cfg
    [2012/01/16 11:40:08 | 000,006,366 | ---- | C] () -- C:\Windows\System32\EPPICLocal_FR.cfg
    [2012/01/16 11:40:08 | 000,006,366 | ---- | C] () -- C:\Windows\System32\EPPICLocal_CF.cfg
    [2012/01/16 11:40:08 | 000,006,226 | ---- | C] () -- C:\Windows\System32\EPPICLocal_ES.cfg
    [2012/01/16 11:40:08 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
    [2012/01/16 11:40:08 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
    [2012/01/16 11:40:08 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
    [2012/01/16 11:40:08 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
    [2012/01/16 11:40:08 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
    [2012/01/16 11:40:08 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
    [2012/01/16 11:40:08 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
    [2012/01/16 11:40:08 | 000,000,119 | ---- | C] () -- C:\Windows\System32\epson.sep
    [2012/01/16 11:40:08 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
    [2012/01/16 11:37:10 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
    [2012/01/15 21:46:17 | 000,000,107 | ---- | C] () -- C:\Windows\EWF520.ini
    [2011/08/19 02:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
    [2011/08/19 02:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
    [2011/08/19 02:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
    [2011/08/12 11:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
    [2011/07/25 23:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
    [2011/04/27 00:23:10 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
    [2011/03/01 14:13:47 | 000,077,824 | R--- | C] () -- C:\Windows\System32\sasperf.dll
    [2011/02/17 23:49:10 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
    [2011/02/17 23:38:19 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2011/02/17 23:27:52 | 000,000,060 | ---- | C] () -- C:\Windows\wpd99.drv
    [2011/02/17 23:27:50 | 000,051,716 | ---- | C] () -- C:\Windows\System32\pdf995mon.dll
    [2009/09/23 19:16:08 | 002,050,952 | ---- | C] () -- C:\Windows\System32\igkrng400.bin
    [2009/07/13 21:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/13 21:33:53 | 000,491,816 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2009/07/13 19:05:48 | 000,641,448 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2009/07/13 19:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2009/07/13 19:05:48 | 000,116,390 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2009/07/13 19:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2009/07/13 19:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2009/07/13 19:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2009/07/13 16:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
    [2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
    [2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

    ========== LOP Check ==========

    [2011/01/16 21:21:46 | 000,000,000 | ---D | M] -- C:\Users\Administrator.RoFamily-PC\AppData\Roaming\AVG10
    [2010/06/27 19:13:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator.RoFamily-PC\AppData\Roaming\Epson
    [2011/11/07 07:57:14 | 000,000,000 | ---D | M] -- C:\Users\Ro Family\AppData\Roaming\Canon
    [2011/06/28 20:18:02 | 000,000,000 | ---D | M] -- C:\Users\Ro Family\AppData\Roaming\Catalina Marketing Corp
    [2012/01/16 17:37:42 | 000,000,000 | ---D | M] -- C:\Users\Ro Family\AppData\Roaming\Epson
    [2011/11/29 19:52:20 | 000,000,000 | ---D | M] -- C:\Users\Ro Family\AppData\Roaming\Evodko
    [2011/05/26 15:34:25 | 000,000,000 | ---D | M] -- C:\Users\Ro Family\AppData\Roaming\Leadertech
    [2012/02/09 19:13:01 | 000,000,000 | ---D | M] -- C:\Users\Ro Family\AppData\Roaming\OverDrive
    [2011/03/01 00:44:52 | 000,000,000 | ---D | M] -- C:\Users\Ro Family\AppData\Roaming\pdf995
    [2011/03/02 12:00:55 | 000,000,000 | ---D | M] -- C:\Users\Ro Family\AppData\Roaming\SAS
    [2011/09/22 22:09:18 | 000,000,000 | ---D | M] -- C:\Users\Ro Family\AppData\Roaming\Spotify
    [2011/03/11 20:27:01 | 000,000,000 | ---D | M] -- C:\Users\Ro Family\AppData\Roaming\Unity
    [2011/11/29 19:52:20 | 000,000,000 | ---D | M] -- C:\Users\Ro Family\AppData\Roaming\Zagayr
    [2012/02/10 10:34:51 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < >

    < %SYSTEMDRIVE%\*.* >
    [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2010/11/20 05:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
    [2011/02/18 00:46:21 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2012/02/10 11:46:30 | 000,012,330 | ---- | M] () -- C:\ComboFix.txt
    [2009/06/10 14:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2012/02/10 10:36:39 | 2408,087,552 | -HS- | M] () -- C:\hiberfil.sys
    [2009/04/29 11:09:45 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2009/04/29 11:09:45 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2012/02/10 10:36:39 | 3210,784,768 | -HS- | M] () -- C:\pagefile.sys
    [2009/04/30 08:34:13 | 000,000,020 | ---- | M] () -- C:\rules.qdb
    [2012/02/10 10:35:23 | 000,084,852 | ---- | M] () -- C:\TDSSKiller.2.7.11.0_10.02.2012_10.29.50_log.txt

    < %systemroot%\Fonts\*.com >
    [2009/07/13 21:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/13 21:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/13 21:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/13 21:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 14:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2009/07/13 18:15:05 | 000,070,144 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNBPP3.DLL
    [2009/07/13 18:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
    [2003/06/18 17:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\mdippr.dll
    [2010/11/20 05:21:36 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\winprint.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 21:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/04/07 10:31:38 | 000,000,254 | -HS- | M] () -- C:\Users\Ro Family\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012/02/10 11:09:11 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Ro Family\Desktop\aswMBR.exe
    [2012/02/10 11:48:51 | 003,968,384 | ---- | M] (AVG Technologies) -- C:\Users\Ro Family\Desktop\avg_free_stb_all_2012_1913_cnet.exe
    [2012/02/10 11:27:03 | 004,400,207 | R--- | M] (Swearware) -- C:\Users\Ro Family\Desktop\ComboFix.exe
    [2012/02/09 22:44:45 | 000,302,592 | ---- | M] () -- C:\Users\Ro Family\Desktop\kl8ntf7p.exe
    [2012/02/09 22:33:35 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Ro Family\Desktop\mbam-setup-1.60.1.1000.exe
    [2012/02/10 12:13:29 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ro Family\Desktop\OTL.exe
    [2012/02/10 10:24:56 | 002,059,824 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ro Family\Desktop\tdsskiller.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 14:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/04/27 00:45:01 | 000,000,402 | -HS- | M] () -- C:\Users\Ro Family\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Files - Unicode (All) ==========
    [2011/02/28 11:05:34 | 000,000,000 | ---D | M](C:\Users\Ro Family\Favorites\?csorted Bookmarks) -- C:\Users\Ro Family\Favorites\嶀csorted Bookmarks

    < End of report >
     
  17. cr1100

    cr1100 TS Rookie Topic Starter Posts: 20

    Here's Extras

    OTL Extras logfile created on: 2/10/2012 12:15:28 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ro Family\Desktop
    Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.99 Gb Total Physical Memory | 1.77 Gb Available Physical Memory | 59.29% Memory free
    5.98 Gb Paging File | 4.27 Gb Available in Paging File | 71.48% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 298.09 Gb Total Space | 86.91 Gb Free Space | 29.16% Space Free | Partition Type: NTFS
    Drive E: | 596.02 Gb Total Space | 462.21 Gb Free Space | 77.55% Space Free | Partition Type: FAT32

    Computer Name: ROFAMILY-PC | User Name: Ro Family | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-2066902144-2231887002-4265874029-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00F93853-D9D3-4795-A89E-84CCBA0205C9}" = Microsoft IntelliPoint 8.0
    "{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
    "{083E0D59-B6B4-4570-AA0A-37F5B4526CF5}" = AVG 2012
    "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
    "{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411" = CanoScan LiDE 70
    "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
    "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
    "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
    "{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
    "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 30
    "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
    "{2B818257-E6C7-4841-8C29-C5C9A982BCE5}" = RICOH Media Driver ver.2.07.01.04
    "{3248F0A8-6813-11D6-A77B-00B0D0150120}" = J2SE Runtime Environment 5.0 Update 12
    "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
    "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
    "{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English)
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
    "{A3A13D50-5169-46B6-95F4-2ACA6A97FBDE}" = SAS Enterprise Guide 4.3
    "{A4B0BFFE-DADB-4D00-8C8B-26B6EA87FCC5}" = SAS/IML Studio 3.3
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
    "{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
    "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
    "{D647F06F-2908-487E-9CDA-DE52148CBF49}" = OverDrive Media Console
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
    "{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
    "{F9390B82-786C-43CF-A970-D39E23EF0366}" = SAS 9.2
    "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
    "1d8476e4fcca11dab0f6f685d746a93a" = SAS/SECURE Java 9.2
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Canon CanoScan LiDE 70 User Registration" = Canon CanoScan LiDE 70 User Registration
    "CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
    "d512c678901db9d321c85ecf7c30ae2e" = SAS Deployment Tester - Client 1.3
    "EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
    "EPSON Scanner" = EPSON Scan
    "EPSON WorkForce 520 Series" = EPSON WorkForce 520 Series Printer Uninstall
    "febb569a337f725f5f8607711f665d3b" = SAS Versioned Jar Repository 9.2
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "Logitech Vid" = Logitech Vid HD
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Mozilla Firefox 10.0 (x86 en-US)" = Mozilla Firefox 10.0 (x86 en-US)
    "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
    "Pdf995" = Pdf995
    "R for Windows 2.12.2_is1" = R for Windows 2.12.2
    "TVWiz" = Intel(R) TV Wizard

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2066902144-2231887002-4265874029-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "SOE-Clone Wars" = Clone Wars
    "Spotify" = Spotify
    "UnityWebPlayer" = Unity Web Player

    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >
     
  18. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    I can't continue....

    [​IMG]
     
  19. cr1100

    cr1100 TS Rookie Topic Starter Posts: 20

    Can't continue what? A little confused. Or r u joking? Cause Homer is hilarious.

    I don't appear to have problems. The dreaded blue screen has not appeared. I tried the google searches I did before, and I'm not being redirected to other sites, but i'm no expert.

    How does the log from OTL look?
     
  20. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    That's what I needed to know.

    You forgot to reinstall AVG.
    [​IMG]

    =============================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
      IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
      O15 - HKU\S-1-5-21-2066902144-2231887002-4265874029-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-21-2066902144-2231887002-4265874029-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-21-2066902144-2231887002-4265874029-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-21-2066902144-2231887002-4265874029-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =============================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  21. cr1100

    cr1100 TS Rookie Topic Starter Posts: 20

    Actually, i did reinstall avg, but i haven't rebooted yet. I'll do that now.
     
  22. cr1100

    cr1100 TS Rookie Topic Starter Posts: 20

    Here's the log from the OTL fix. I haven't done the next steps, but wanted to post this ASAP

    All processes killed
    ========== OTL ==========
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    Registry key HKEY_USERS\S-1-5-21-2066902144-2231887002-4265874029-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-2066902144-2231887002-4265874029-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-2066902144-2231887002-4265874029-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-2066902144-2231887002-4265874029-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->FireFox cache emptied: 17174941 bytes
    ->Flash cache emptied: 589 bytes

    User: Administrator.RoFamily-PC
    ->Temp folder emptied: 0 bytes
    ->FireFox cache emptied: 29919054 bytes
    ->Flash cache emptied: 456 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56502 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: RA Media Server
    ->Temp folder emptied: 0 bytes

    User: Ro Family
    ->Temp folder emptied: 3867 bytes
    ->Temporary Internet Files folder emptied: 178105594 bytes
    ->Java cache emptied: 18608597 bytes
    ->FireFox cache emptied: 94747149 bytes
    ->Flash cache emptied: 241069 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 110 bytes
    RecycleBin emptied: 3968384 bytes

    Total Files Cleaned = 327.00 mb


    [EMPTYJAVA]

    User: Administrator

    User: Administrator.RoFamily-PC

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: RA Media Server

    User: Ro Family
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: Administrator.RoFamily-PC
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    User: RA Media Server

    User: Ro Family
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.31.0 log created on 02102012_125729

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
  23. cr1100

    cr1100 TS Rookie Topic Starter Posts: 20

    checkup.txt

    Here are the results from Security Check

    Results of screen317's Security Check version 0.99.24
    Windows 7 Service Pack 1 x86 (UAC is enabled)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    AVG 2012
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    SAS/SECURE Java 9.2
    Java(TM) 6 Update 30
    Adobe Flash Player 11.1.102.55
    Adobe Reader X (10.1.2)
    Mozilla Firefox (x86 en-US..)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    AVG avgwdsvc.exe
    AVG avgtray.exe
    AVG avgrsx.exe
    AVG avgnsx.exe
    AVG avgemc.exe
    ``````````End of Log````````````
     
  24. cr1100

    cr1100 TS Rookie Topic Starter Posts: 20

    FSS.txt

    Results from FSS:

    Farbar Service Scanner Version: 10-02-2012
    Ran by Ro Family (administrator) on 10-02-2012 at 13:09:33
    Running from "C:\Users\Ro Family\Desktop"
    Microsoft Windows 7 Professional Service Pack 1 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ============

    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcore.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll => MD5 is legit
    C:\Windows\system32\es.dll => MD5 is legit
    C:\Windows\system32\cryptsvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit


    **** End of log ****
     
  25. cr1100

    cr1100 TS Rookie Topic Starter Posts: 20

    ESetScan

    The list of threats from ESet

    C:\TDSSKiller_Quarantine\10.02.2012_10.29.51\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\10.02.2012_10.29.51\mbr0000\tdlfs0000\tsk0005.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\10.02.2012_10.29.51\mbr0000\tdlfs0000\tsk0006.dta a variant of Win32/Rootkit.Kryptik.IC trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\10.02.2012_10.29.51\mbr0000\tdlfs0000\tsk0007.dta a variant of Win32/Olmarik.AYG trojan cleaned by deleting - quarantined
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PK9332ZE\coicia_info[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
    C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\3cdec065-130d3909 Java/Exploit.CVE-2011-3544.AG trojan deleted - quarantined
    C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\126a9d6c-54eeb145 Java/Exploit.CVE-2011-3544.AG trojan deleted - quarantined
    C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\5290f5b1-5a4c2f1d a variant of Java/Exploit.CVE-2011-3544.AH trojan deleted - quarantined
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...