Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan Renos (quarantined); Internet Security 2011; now Google redirec

Started by Zara413 , Jan 07 2011 11:58 PM

  • This topic is locked This topic is locked

#1
Zara413
Posted 07 January 2011 - 11:58 PM

Zara413

    New Member

  • Member
  • Pip
  • 7 posts
Hello, My computer was infected about a month ago with a Trojan renos virus that was quarantined by Microsoft Security Essentials. During the infection, a screen popped up "Internet Security Essentials 2011" or something like that and while trying to close that screen, I think that I inadvertantly gave it the ok to invade my system. Tried several cleaners and malware removal tools such as Malwarebytes, Superantispyware, etc. to no avail. Hijack This cannot access host files. I can use the system but I get Google redirects on both IE 8 and Firefox, and cannot open Gmail at all. Thanks very much in advance for any help. :D

Have Windows 7 64 bit

Here is my OTL:

OTL logfile created on: 1/8/2011 12:44:54 AM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\mmclaughlin\Desktop\Appies
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 32.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 56.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 140.79 Gb Total Space | 103.63 Gb Free Space | 73.61% Space Free | Partition Type: NTFS

Computer Name: KALA_JEERA | User Name: mmclaughlin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/08 00:44:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mmclaughlin\Desktop\Appies\OTL.exe
PRC - [2010/11/30 09:53:12 | 000,233,936 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
PRC - [2010/10/21 13:04:14 | 004,550,944 | ---- | M] () -- C:\Program Files (x86)\Data Deposit Box\backup.exe
PRC - [2010/10/06 08:48:51 | 000,580,896 | ---- | M] () -- C:\Program Files (x86)\Data Deposit Box\status.exe
PRC - [2010/05/05 14:45:43 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\457\g2mstart.exe
PRC - [2010/05/05 14:45:43 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\457\g2mlauncher.exe
PRC - [2010/05/05 14:45:43 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\457\g2mcomm.exe
PRC - [2010/04/01 04:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010/03/17 15:53:24 | 000,207,872 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe
PRC - [2009/12/18 13:57:42 | 000,316,704 | ---- | M] () -- C:\Program Files (x86)\Data Deposit Box\starter.exe
PRC - [2009/12/18 13:57:38 | 000,181,536 | ---- | M] () -- C:\Program Files (x86)\Data Deposit Box\nts.exe
PRC - [2009/12/18 13:57:34 | 000,173,464 | ---- | M] () -- C:\Program Files (x86)\Data Deposit Box\startup.exe
PRC - [2009/10/15 12:22:14 | 002,066,968 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2009/10/15 12:22:08 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\AMT\lms.exe
PRC - [2009/06/24 19:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/06/22 17:57:30 | 001,314,816 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
PRC - [2009/06/04 18:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (SafeList) ==========

MOD - [2011/01/08 00:44:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mmclaughlin\Desktop\Appies\OTL.exe
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/06/29 12:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/03/25 23:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/12/08 21:41:46 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010/10/13 17:06:34 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/18 13:57:38 | 000,181,536 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Data Deposit Box\nts.exe -- (Online Backup Service)
SRV - [2009/10/15 12:22:14 | 002,066,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/10/15 12:22:08 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\AMT\lms.exe -- (LMS) Intel®
SRV - [2009/09/20 10:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/07/13 20:16:19 | 000,348,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | Boot | Stopped] -- C:\Windows\SysNative\DRIVERS\PBADRV.sys -- (PBADRV)
DRV:64bit: - [2010/05/04 09:37:29 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/02/17 13:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 13:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/12/08 21:41:46 | 006,171,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/11/05 20:36:26 | 000,293,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel®
DRV:64bit: - [2009/10/22 12:54:24 | 000,040,464 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\97904392.sys -- (97904392)
DRV:64bit: - [2009/10/09 22:30:56 | 000,352,784 | ---- | M] (Kaspersky Lab) [1]drv) setup_9.0.0.722_23.12.2010_14-27[1]drv [File_System | System | Running] -- C:\Windows\SysNative\drivers\9790439.sys -- (setup_9.0.0.722_23.12.2010_14-27[1]drv)
DRV:64bit: - [2009/09/25 16:59:46 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\97904391.sys -- (97904391)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/23 17:28:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/06/22 18:01:26 | 000,497,152 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 21:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV - [2010/03/17 15:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 15:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25480

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "search"
FF - prefs.js..browser.startup.homepage: "https://mace.hayesin...w/Main/WebHome"
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.8
FF - prefs.js..extensions.enabledItems: [email protected]:3.0a4
FF - prefs.js..extensions.enabledItems: [email protected]:4.51
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/17 11:57:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/06/30 11:08:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/11/19 13:48:58 | 000,000,000 | ---D | M]

[2010/05/04 10:31:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mmclaughlin\AppData\Roaming\mozilla\Extensions
[2011/01/05 12:27:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mmclaughlin\AppData\Roaming\mozilla\Firefox\Profiles\97zfrw5x.default\extensions
[2010/09/15 11:19:44 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\mmclaughlin\AppData\Roaming\mozilla\Firefox\Profiles\97zfrw5x.default\extensions\[email protected]
[2010/09/08 11:05:37 | 000,000,000 | ---D | M] (Zotero WinWord Integration) -- C:\Users\mmclaughlin\AppData\Roaming\mozilla\Firefox\Profiles\97zfrw5x.default\extensions\[email protected]
[2010/12/26 14:21:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/10/10 14:31:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/26 12:10:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/26 14:21:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/06/17 11:57:11 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/12/22 20:02:01 | 000,002,874 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 204.152.194.149 www.google.com
O1 - Hosts: 204.152.194.149 google.com
O1 - Hosts: 204.152.194.149 google.com.au
O1 - Hosts: 204.152.194.149 www.google.com.au
O1 - Hosts: 204.152.194.149 google.be
O1 - Hosts: 204.152.194.149 www.google.be
O1 - Hosts: 204.152.194.149 google.com.br
O1 - Hosts: 204.152.194.149 www.google.com.br
O1 - Hosts: 204.152.194.149 google.ca
O1 - Hosts: 204.152.194.149 www.google.ca
O1 - Hosts: 37 more lines...
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Ovid Toolbar BHO) - {E2202548-A1BB-4E98-95E3-2385F565C035} - C:\Program Files (x86)\OvidToolbar\OvidToolbar.dll (Wolters Kluwer Health)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ovid Toolbar) - {50A48C18-E58B-4101-ACDB-9B3B34568FE1} - C:\Program Files (x86)\OvidToolbar\OvidToolbar.dll (Wolters Kluwer Health)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [picon] C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PIconStartup.exe ()
O4:64bit: - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [GoToMeeting] C:\Program Files (x86)\Citrix\GoToMeeting\457\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\mmclaughlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_23.12.2010_14-27[1].lnk = C:\Users\mmclaughlin\Desktop\Virus Removal Tool\setup_9.0.0.722_23.12.2010_14-27[1]\startup.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 71.242.0.12 71.250.0.12
O18:64bit: - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{a54d0637-578a-11df-a759-a4badbf081fb}\Shell - "" = AutoRun
O33 - MountPoints2\{a54d0637-578a-11df-a759-a4badbf081fb}\Shell\AutoRun\command - "" = E:\SETUP.EXE -- File not found
O33 - MountPoints2\{a54d0637-578a-11df-a759-a4badbf081fb}\Shell\configure\command - "" = E:\SETUP.EXE -- File not found
O33 - MountPoints2\{a54d0637-578a-11df-a759-a4badbf081fb}\Shell\install\command - "" = E:\SETUP.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/08 00:44:02 | 000,000,000 | ---D | C] -- C:\Users\mmclaughlin\Desktop\Appies
[2011/01/08 00:34:37 | 000,000,000 | ---D | C] -- C:\Users\mmclaughlin\Desktop\Notes
[2010/12/29 23:58:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2010/12/29 23:00:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/12/29 22:47:14 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\mmclaughlin\Desktop\mbam-setup-1.50.1.1100.exe
[2010/12/28 19:56:09 | 000,000,000 | ---D | C] -- C:\Users\mmclaughlin\AppData\Roaming\U3
[2010/12/27 00:46:31 | 000,000,000 | ---D | C] -- C:\Users\mmclaughlin\AppData\Roaming\SUPERAntiSpyware.com
[2010/12/27 00:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/12/27 00:46:16 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/12/27 00:46:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2010/12/27 00:46:01 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/12/23 08:32:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/12/23 08:32:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/12/23 07:43:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010/12/23 07:42:53 | 000,352,784 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\9790439.sys
[2010/12/23 07:42:53 | 000,157,712 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\97904391.sys
[2010/12/23 07:42:53 | 000,040,464 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\97904392.sys
[2010/12/23 00:41:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live Safety Center
[2010/12/23 00:21:09 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/12/22 21:21:43 | 000,000,000 | ---D | C] -- C:\Users\mmclaughlin\AppData\Roaming\Motive
[2010/12/22 21:21:41 | 000,000,000 | ---D | C] -- C:\Program Files\Verizon
[2010/12/22 21:18:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Motive
[2010/12/22 21:18:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
[2010/12/22 21:18:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Motive
[2010/12/22 20:53:19 | 000,000,000 | ---D | C] -- C:\Users\mmclaughlin\AppData\Local\Diagnostics
[2010/12/22 20:49:01 | 000,000,000 | ---D | C] -- C:\Users\mmclaughlin\AppData\Local\VirtualStore
[2010/12/22 20:00:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\IAGZSV
[2010/12/22 20:00:11 | 000,000,000 | -HSD | C] -- C:\ProgramData\6cfbc4
[2010/12/20 09:39:38 | 000,000,000 | ---D | C] -- C:\Users\mmclaughlin\AppData\Roaming\Malwarebytes
[2010/12/20 09:39:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/12/20 09:39:19 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/12/20 09:39:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

========== Files - Modified Within 30 Days ==========

[2011/01/08 00:06:33 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/08 00:06:33 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/07 23:58:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/07 23:57:54 | 1608,720,384 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/29 22:53:48 | 000,013,136 | ---- | M] () -- C:\Users\mmclaughlin\Desktop\REF cheat sheet.docx
[2010/12/29 22:47:23 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\mmclaughlin\Desktop\mbam-setup-1.50.1.1100.exe
[2010/12/28 19:49:36 | 000,730,384 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/12/28 19:49:36 | 000,626,844 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/12/28 19:49:36 | 000,107,160 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/12/27 14:02:26 | 000,624,128 | ---- | M] () -- C:\Users\mmclaughlin\Desktop\dds.scr
[2010/12/26 16:00:53 | 000,296,448 | ---- | M] () -- C:\Users\mmclaughlin\Desktop\gxslih1v.exe
[2010/12/23 15:11:10 | 000,032,768 | ---- | M] () -- C:\Users\mmclaughlin\Documents\15233_HTCat1255-E-tegrity.doc
[2010/12/23 07:43:54 | 000,002,336 | ---- | M] () -- C:\Users\mmclaughlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_23.12.2010_14-27[1].lnk
[2010/12/22 21:37:35 | 000,002,727 | ---- | M] () -- C:\Users\Public\Desktop\Vz In-Home Agent.lnk
[2010/12/22 20:02:01 | 000,002,874 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101223-115853.backup
[2010/12/22 20:02:01 | 000,002,874 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101223-115851.backup
[2010/12/22 20:02:01 | 000,002,874 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101223-115838.backup
[2010/12/22 20:02:01 | 000,002,874 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101223-115837.backup
[2010/12/22 20:02:01 | 000,002,874 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101223-115836.backup
[2010/12/22 20:02:01 | 000,002,874 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101223-115835.backup
[2010/12/22 20:02:01 | 000,002,874 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101223-115834.backup
[2010/12/22 20:02:01 | 000,002,874 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101223-115833.backup
[2010/12/22 20:02:01 | 000,002,874 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101223-115832.backup
[2010/12/22 20:02:01 | 000,002,874 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/12/22 20:01:09 | 000,001,857 | ---- | M] () -- C:\Users\mmclaughlin\Desktop\Computer.lnk
[2010/12/22 20:01:09 | 000,001,643 | ---- | M] () -- C:\Users\mmclaughlin\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Antivirus 2011.lnk
[2010/12/21 15:10:54 | 000,000,162 | -H-- | M] () -- C:\Users\mmclaughlin\Desktop\~$yes_Style_Guide_06.29.2010 (Repaired).doc
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/12/16 03:24:28 | 000,304,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/12/12 22:43:02 | 000,055,524 | ---- | M] () -- C:\Users\mmclaughlin\Documents\15509_HTB_903_SECCA DAH.docx
[2010/12/12 20:00:37 | 000,149,504 | ---- | M] () -- C:\Users\mmclaughlin\Documents\HTB 1255-E E tegrity-jb mm 12 9 10edit sl.doc
[2010/12/11 19:11:14 | 000,000,162 | -H-- | M] () -- C:\Users\mmclaughlin\Desktop\~$yes_Style_Guide_06.29.2010.doc

========== Files Created - No Company Name ==========

[2010/12/29 17:24:50 | 000,013,136 | ---- | C] () -- C:\Users\mmclaughlin\Desktop\REF cheat sheet.docx
[2010/12/27 14:02:19 | 000,624,128 | ---- | C] () -- C:\Users\mmclaughlin\Desktop\dds.scr
[2010/12/26 16:00:48 | 000,296,448 | ---- | C] () -- C:\Users\mmclaughlin\Desktop\gxslih1v.exe
[2010/12/23 15:11:09 | 000,032,768 | ---- | C] () -- C:\Users\mmclaughlin\Documents\15233_HTCat1255-E-tegrity.doc
[2010/12/23 07:43:54 | 000,002,336 | ---- | C] () -- C:\Users\mmclaughlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_23.12.2010_14-27[1].lnk
[2010/12/22 21:37:35 | 000,002,727 | ---- | C] () -- C:\Users\Public\Desktop\Vz In-Home Agent.lnk
[2010/12/22 20:01:09 | 000,001,857 | ---- | C] () -- C:\Users\mmclaughlin\Desktop\Computer.lnk
[2010/12/22 20:01:09 | 000,001,643 | ---- | C] () -- C:\Users\mmclaughlin\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Antivirus 2011.lnk
[2010/12/21 15:10:54 | 000,000,162 | -H-- | C] () -- C:\Users\mmclaughlin\Desktop\~$yes_Style_Guide_06.29.2010 (Repaired).doc
[2010/12/12 22:43:01 | 000,055,524 | ---- | C] () -- C:\Users\mmclaughlin\Documents\15509_HTB_903_SECCA DAH.docx
[2010/12/12 20:00:34 | 000,149,504 | ---- | C] () -- C:\Users\mmclaughlin\Documents\HTB 1255-E E tegrity-jb mm 12 9 10edit sl.doc
[2010/12/11 19:11:14 | 000,000,162 | -H-- | C] () -- C:\Users\mmclaughlin\Desktop\~$yes_Style_Guide_06.29.2010.doc
[2010/06/17 10:54:32 | 000,002,127 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/06/03 16:09:54 | 000,000,026 | ---- | C] () -- C:\Windows\starter.INI
[2010/05/04 13:49:33 | 000,000,117 | ---- | C] () -- C:\Windows\restore.INI
[2010/05/04 10:26:15 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/05/04 09:47:23 | 000,000,000 | ---D | M] -- C:\Users\mmclaughlin\AppData\Roaming\DAEMON Tools Lite
[2009/07/14 00:08:49 | 000,016,160 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
Zara413
Posted 08 January 2011 - 12:04 AM

Zara413

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Here's the second logfile (Extras) that came along with the OTL:

OTL Extras logfile created on: 1/8/2011 12:44:54 AM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\mmclaughlin\Desktop\Appies
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 32.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 56.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 140.79 Gb Total Space | 103.63 Gb Free Space | 73.61% Space Free | Partition Type: NTFS

Computer Name: KALA_JEERA | User Name: mmclaughlin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0003C1E0-E0E7-49BB-A0F6-4AE6D2B09202}" = UPEK TouchChip Fingerprint Reader
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{11107A2A-AD44-4BC8-ABB5-E88E63BCA785}" = Intel® Network Connections 14.8.43.0
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{933B2CE2-3BA2-7067-0B70-B8A89BEBB0EF}" = ccc-utility64
"{95C9C76F-ECF3-40FA-94F8-5DDFB6BAF40D}" = Microsoft Security Essentials
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"MESOL" = Intel® Active Management Technology
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Essentials" = Microsoft Security Essentials
"PROSetDX" = Intel® Network Connections 14.8.43.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03B2606F-6D79-81DD-6A43-88D7F00CDD09}" = CCC Help Norwegian
"{04F9B48C-CD89-54F0-A1E8-5106C6FFEA06}" = Catalyst Control Center Graphics Full New
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0866F9CF-ABEA-0DCC-BF9F-29CE382B7D8D}" = CCC Help Russian
"{0C7FDF6A-C463-173A-7957-74042481E593}" = Skins
"{0D612E05-3B9F-AE38-66F1-3FC8EF020FE4}" = Catalyst Control Center InstallProxy
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{1078B6F2-93D7-FDB8-E8E2-84A61AB669CA}" = CCC Help Italian
"{11930002-E0AE-B8F7-D4F5-378CF7C37AB2}" = ccc-core-static
"{17271AB7-D7EC-4a95-9861-FAFE5A4664AD}" = 6300Trb
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1950EACB-6D88-F21E-4B25-26ECDD0C62A7}" = CCC Help Dutch
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 23
"{2D1C2307-58C4-86FC-CC3F-F8B5EAD52E5C}" = CCC Help Japanese
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{30F8E944-0BC9-9D90-D5DF-C606BAC6BD10}" = CCC Help German
"{322DAA48-8F9B-FF15-2121-44E685B9F69F}" = CCC Help Greek
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{532B7184-DB64-3DB0-0312-611FFC288F7F}" = CCC Help Chinese Traditional
"{59718697-4BCF-F43F-3E62-727C9ADE899C}" = CCC Help Finnish
"{5DFC26EF-8316-41D5-BCCD-E562A79EC3B2}" = Vz In Home Agent
"{615B68AE-FDAF-937F-229C-10B77F039D55}" = CCC Help Thai
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{683081FF-DED0-CCB2-01C6-DEB1133DC7B1}" = CCC Help Czech
"{6913316C-BD32-1A90-515F-D7B374FAF0B5}" = CCC Help Polish
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{71E65D48-AC13-814E-413B-F31E142D11CE}" = Catalyst Control Center Graphics Full Existing
"{80813829-BE27-4799-8BC7-2F75A7B6CB50}" = IHA_MessageCenter
"{86FB6880-0EE2-6EF4-7539-C0BCE7E5FA83}" = CCC Help Korean
"{89A9984B-F134-3EE4-0790-1FBBF5E7CBF7}" = CCC Help Danish
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_STANDARDR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A6E9B95B-F31A-3EB9-0BF5-5BD50FF540E5}" = Catalyst Control Center Localization All
"{AB2F44D5-B64D-BE46-6347-711597A76709}" = Catalyst Control Center Graphics Previews Common
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{ACB0E869-A344-C30E-D0DB-37AE9203917F}" = CCC Help English
"{AD6A909B-7FCB-43FD-95D9-D8801B8693C7}" = Data Deposit Box
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B87D3639-BEBC-53C4-590F-7C43F2DFE63A}" = Catalyst Control Center Graphics Light
"{BA07DAD3-4C9B-48FE-9CE7-B56147949542}" = Ovid IEToolbar 01.00.01.104
"{BC39DBA4-D1B7-483C-BA0D-9EB0BB0B6DCF}" = 6300
"{BC5B6AD1-0581-3EB5-00FB-39A5203B7CA0}" = Catalyst Control Center Core Implementation
"{BCBEB9CF-2DEA-33F6-2C8D-733C2F243597}" = Catalyst Control Center Graphics Previews Vista
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BDEDBDD9-C97B-4333-B7BE-6979A34F6F74}" = 6300_Help
"{C317E681-9114-153B-D8C5-F82F74DD33CA}" = CCC Help Turkish
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DAE053AB-7E01-1F2B-F6A2-8BF124CF5266}" = CCC Help Hungarian
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DE6846F8-22E3-A581-E29A-61280F94B333}" = CCC Help Chinese Standard
"{E481DB0E-52F2-4EE0-9BDA-9EE173FA6EA2}" = Catalyst Control Center - Branding
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EF1AB451-B478-78E3-F1D0-E3BCB5095C92}" = CCC Help Portuguese
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F7175D1D-E905-B9C7-93E1-81F57AD160E7}" = CCC Help French
"{F7904AF8-BA7C-CF33-538F-CFB4B012FB3A}" = CCC Help Swedish
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FA957EDD-031D-D6EF-BEC5-EA7544D4AD0B}" = CCC Help Spanish
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Belarc Advisor" = Belarc Advisor 8.1
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Spark 2.5.8" = Spark 2.5.8
"STANDARDR" = Microsoft Office Standard 2007
"Verizon Help and Support" = Verizon Help and Support Tool
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.5.0.457

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/1/2010 10:18:28 AM | Computer Name = Kala_Jeera | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16671,
time stamp: 0x4c86f9be Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x88000000 Faulting process id:
0x1288 Faulting application start time: 0x01cb909e54b0152e Faulting application path:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: unknown
Report
Id: dd52bb96-fd55-11df-b644-a4badbf081fb

Error - 12/2/2010 1:33:06 PM | Computer Name = Kala_Jeera | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16671,
time stamp: 0x4c86f9be Faulting module name: IEFRAME.dll, version: 8.0.7600.16671,
time stamp: 0x4c870eab Exception code: 0xc0000005 Fault offset: 0x00065e54 Faulting
process id: 0x1758 Faulting application start time: 0x01cb91c91e26868b Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\system32\IEFRAME.dll Report Id: 3868f497-fe3a-11df-b644-a4badbf081fb

Error - 12/2/2010 5:01:52 PM | Computer Name = Kala_Jeera | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16671,
time stamp: 0x4c86f9be Faulting module name: OvidToolbar.dll, version: 1.0.0.1, time
stamp: 0x4c17b013 Exception code: 0xc000000d Fault offset: 0x00032dd5 Faulting process
id: 0x2380 Faulting application start time: 0x01cb9247139beab3 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Program Files (x86)\OvidToolbar\OvidToolbar.dll Report Id: 62bf82f7-fe57-11df-b644-a4badbf081fb

Error - 12/5/2010 9:52:36 PM | Computer Name = Kala_Jeera | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.2.3828 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 23b0 Start
Time: 01cb929b68e3e15c Termination Time: 2246 Application Path: C:\Program Files
(x86)\Mozilla Firefox\firefox.exe Report Id: 675ae769-00db-11e0-b644-a4badbf081fb


Error - 12/7/2010 8:37:17 AM | Computer Name = Kala_Jeera | Source = Application Hang | ID = 1002
Description = The program AcroRd32.exe version 9.4.0.195 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1adc Start
Time: 01cb92a3ccdb0917 Termination Time: 1295 Application Path: C:\Program Files
(x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe Report Id:

Error - 12/13/2010 4:19:59 PM | Computer Name = Kala_Jeera | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16671,
time stamp: 0x4c86f9be Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x11111111 Faulting process id:
0xf40 Faulting application start time: 0x01cb9a41242fc4df Faulting application path:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: unknown
Report
Id: 5b6fa8f1-06f6-11e0-9b98-a4badbf081fb

Error - 12/18/2010 1:48:59 PM | Computer Name = Kala_Jeera | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16700,
time stamp: 0x4cd23213 Faulting module name: ntdll.dll, version: 6.1.7600.16559,
time stamp: 0x4ba9b29c Exception code: 0xc0000005 Fault offset: 0x0002e1fe Faulting
process id: 0xf04 Faulting application start time: 0x01cb9dee86cc5aed Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\SysWOW64\ntdll.dll Report Id: 171a01dd-0acf-11e0-a7e5-a4badbf081fb

Error - 12/18/2010 2:21:22 PM | Computer Name = Kala_Jeera | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16700,
time stamp: 0x4cd23213 Faulting module name: OvidToolbar.dll, version: 1.0.0.1, time
stamp: 0x4c17b013 Exception code: 0xc000000d Fault offset: 0x00032dd5 Faulting process
id: 0x1cdc Faulting application start time: 0x01cb9edbed23dc41 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Program Files (x86)\OvidToolbar\OvidToolbar.dll Report Id: 9d94aeaf-0ad3-11e0-a7e5-a4badbf081fb

Error - 12/18/2010 5:40:32 PM | Computer Name = Kala_Jeera | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7600.16700 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: b28 Start
Time: 01cb9d8a9d602c5e Termination Time: 6958 Application Path: C:\Program Files
(x86)\Internet Explorer\iexplore.exe Report Id: 511ba467-0aef-11e0-a7e5-a4badbf081fb


Error - 12/20/2010 8:14:55 AM | Computer Name = Kala_Jeera | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16700,
time stamp: 0x4cd23213 Faulting module name: ntdll.dll, version: 6.1.7600.16559,
time stamp: 0x4ba9b29c Exception code: 0xc0000005 Fault offset: 0x000332c4 Faulting
process id: 0x1ad8 Faulting application start time: 0x01cb9fc6461f7a71 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\SysWOW64\ntdll.dll Report Id: c1203664-0c32-11e0-a7e5-a4badbf081fb

[ OSession Events ]
Error - 7/12/2010 8:30:41 PM | Computer Name = Kala_Jeera | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 180689
seconds with 3300 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 9/22/2010 7:07:43 AM | Computer Name = Kala_Jeera | Source = DCOM | ID = 10010
Description =

Error - 9/27/2010 4:40:34 PM | Computer Name = Kala_Jeera | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PBADRV

Error - 9/29/2010 3:18:22 AM | Computer Name = Kala_Jeera | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PBADRV

Error - 9/29/2010 1:57:38 PM | Computer Name = Kala_Jeera | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PBADRV


< End of report >
  • 0

#3
Essexboy
Posted 08 January 2011 - 07:40 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets do this first and then proceed from there

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25480
    FF - prefs.js..browser.search.selectedEngine: "search"
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#4
Zara413
Posted 08 January 2011 - 10:38 AM

Zara413

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hello essexboy, Thanks very much for your help. :D

First is the logfile for the OTL followed by the file for TDDSSKiller (no reboot required-detected suspicious/locked file):

OTL logfile created on: 1/8/2011 11:11:23 AM - Run 2
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\mmclaughlin\Desktop\Appies
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 140.79 Gb Total Space | 103.75 Gb Free Space | 73.69% Space Free | Partition Type: NTFS

Computer Name: KALA_JEERA | User Name: mmclaughlin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/08 00:44:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mmclaughlin\Desktop\Appies\OTL.exe
PRC - [2010/10/21 13:04:14 | 004,550,944 | ---- | M] () -- C:\Program Files (x86)\Data Deposit Box\backup.exe
PRC - [2010/10/06 08:48:51 | 000,580,896 | ---- | M] () -- C:\Program Files (x86)\Data Deposit Box\status.exe
PRC - [2010/05/05 14:45:43 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\457\g2mstart.exe
PRC - [2010/05/05 14:45:43 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\457\g2mlauncher.exe
PRC - [2010/05/05 14:45:43 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\457\g2mcomm.exe
PRC - [2010/04/01 04:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010/03/17 15:53:24 | 000,207,872 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe
PRC - [2009/12/18 13:57:42 | 000,316,704 | ---- | M] () -- C:\Program Files (x86)\Data Deposit Box\starter.exe
PRC - [2009/12/18 13:57:38 | 000,181,536 | ---- | M] () -- C:\Program Files (x86)\Data Deposit Box\nts.exe
PRC - [2009/12/18 13:57:34 | 000,173,464 | ---- | M] () -- C:\Program Files (x86)\Data Deposit Box\startup.exe
PRC - [2009/10/15 12:22:14 | 002,066,968 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2009/10/15 12:22:08 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\AMT\lms.exe
PRC - [2009/10/15 12:17:40 | 000,104,960 | ---- | M] () -- C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PIconStartup.exe
PRC - [2009/06/24 19:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/06/22 17:57:30 | 001,314,816 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
PRC - [2009/06/04 18:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (SafeList) ==========

MOD - [2011/01/08 00:44:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mmclaughlin\Desktop\Appies\OTL.exe
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/06/29 12:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/03/25 23:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/12/08 21:41:46 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010/10/13 17:06:34 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/18 13:57:38 | 000,181,536 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Data Deposit Box\nts.exe -- (Online Backup Service)
SRV - [2009/10/15 12:22:14 | 002,066,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/10/15 12:22:08 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\AMT\lms.exe -- (LMS) Intel®
SRV - [2009/09/20 10:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | Boot | Stopped] -- C:\Windows\SysNative\DRIVERS\PBADRV.sys -- (PBADRV)
DRV:64bit: - [2010/05/04 09:37:29 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/02/17 13:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 13:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/12/08 21:41:46 | 006,171,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/11/05 20:36:26 | 000,293,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel®
DRV:64bit: - [2009/10/22 12:54:24 | 000,040,464 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\97904392.sys -- (97904392)
DRV:64bit: - [2009/10/09 22:30:56 | 000,352,784 | ---- | M] (Kaspersky Lab) [1]drv) setup_9.0.0.722_23.12.2010_14-27[1]drv [File_System | System | Running] -- C:\Windows\SysNative\drivers\9790439.sys -- (setup_9.0.0.722_23.12.2010_14-27[1]drv)
DRV:64bit: - [2009/09/25 16:59:46 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\97904391.sys -- (97904391)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/23 17:28:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/06/22 18:01:26 | 000,497,152 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 21:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV - [2010/03/17 15:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 15:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "https://mace.hayesin...w/Main/WebHome"
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.8
FF - prefs.js..extensions.enabledItems: [email protected]:3.0a4
FF - prefs.js..extensions.enabledItems: [email protected]:4.51
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/17 11:57:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/06/30 11:08:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/11/19 13:48:58 | 000,000,000 | ---D | M]

[2010/05/04 10:31:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mmclaughlin\AppData\Roaming\mozilla\Extensions
[2011/01/05 12:27:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mmclaughlin\AppData\Roaming\mozilla\Firefox\Profiles\97zfrw5x.default\extensions
[2010/09/15 11:19:44 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\mmclaughlin\AppData\Roaming\mozilla\Firefox\Profiles\97zfrw5x.default\extensions\[email protected]
[2010/09/08 11:05:37 | 000,000,000 | ---D | M] (Zotero WinWord Integration) -- C:\Users\mmclaughlin\AppData\Roaming\mozilla\Firefox\Profiles\97zfrw5x.default\extensions\[email protected]
[2010/12/26 14:21:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/10/10 14:31:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/26 12:10:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/26 14:21:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/06/17 11:57:11 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/01/08 11:04:46 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Ovid Toolbar BHO) - {E2202548-A1BB-4E98-95E3-2385F565C035} - C:\Program Files (x86)\OvidToolbar\OvidToolbar.dll (Wolters Kluwer Health)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ovid Toolbar) - {50A48C18-E58B-4101-ACDB-9B3B34568FE1} - C:\Program Files (x86)\OvidToolbar\OvidToolbar.dll (Wolters Kluwer Health)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [picon] C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PIconStartup.exe ()
O4:64bit: - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [GoToMeeting] C:\Program Files (x86)\Citrix\GoToMeeting\457\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\mmclaughlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_23.12.2010_14-27[1].lnk = C:\Users\mmclaughlin\Desktop\Virus Removal Tool\setup_9.0.0.722_23.12.2010_14-27[1]\startup.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 71.242.0.12 71.250.0.12
O18:64bit: - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{a54d0637-578a-11df-a759-a4badbf081fb}\Shell - "" = AutoRun
O33 - MountPoints2\{a54d0637-578a-11df-a759-a4badbf081fb}\Shell\AutoRun\command - "" = E:\SETUP.EXE -- File not found
O33 - MountPoints2\{a54d0637-578a-11df-a759-a4badbf081fb}\Shell\configure\command - "" = E:\SETUP.EXE -- File not found
O33 - MountPoints2\{a54d0637-578a-11df-a759-a4badbf081fb}\Shell\install\command - "" = E:\SETUP.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/08 11:04:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/08 00:44:02 | 000,000,000 | ---D | C] -- C:\Users\mmclaughlin\Desktop\Appies
[2011/01/08 00:34:37 | 000,000,000 | ---D | C] -- C:\Users\mmclaughlin\Desktop\Notes
[2010/12/29 23:58:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2010/12/29 23:00:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/12/29 22:47:14 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\mmclaughlin\Desktop\mbam-setup-1.50.1.1100.exe
[2010/12/28 19:56:09 | 000,000,000 | ---D | C] -- C:\Users\mmclaughlin\AppData\Roaming\U3
[2010/12/27 00:46:31 | 000,000,000 | ---D | C] -- C:\Users\mmclaughlin\AppData\Roaming\SUPERAntiSpyware.com
[2010/12/27 00:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/12/27 00:46:16 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/12/27 00:46:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2010/12/27 00:46:01 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/12/23 08:32:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/12/23 08:32:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/12/23 07:43:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010/12/23 07:42:53 | 000,352,784 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\9790439.sys
[2010/12/23 07:42:53 | 000,157,712 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\97904391.sys
[2010/12/23 07:42:53 | 000,040,464 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\97904392.sys
[2010/12/23 00:41:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live Safety Center
[2010/12/23 00:21:09 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/12/22 21:21:43 | 000,000,000 | ---D | C] -- C:\Users\mmclaughlin\AppData\Roaming\Motive
[2010/12/22 21:21:41 | 000,000,000 | ---D | C] -- C:\Program Files\Verizon
[2010/12/22 21:18:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Motive
[2010/12/22 21:18:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
[2010/12/22 21:18:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Motive
[2010/12/22 20:53:19 | 000,000,000 | ---D | C] -- C:\Users\mmclaughlin\AppData\Local\Diagnostics
[2010/12/22 20:49:01 | 000,000,000 | ---D | C] -- C:\Users\mmclaughlin\AppData\Local\VirtualStore
[2010/12/22 20:00:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\IAGZSV
[2010/12/22 20:00:11 | 000,000,000 | -HSD | C] -- C:\ProgramData\6cfbc4
[2010/12/20 09:39:38 | 000,000,000 | ---D | C] -- C:\Users\mmclaughlin\AppData\Roaming\Malwarebytes
[2010/12/20 09:39:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/12/20 09:39:19 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/12/20 09:39:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

========== Files - Modified Within 30 Days ==========

[2011/01/08 11:08:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/08 11:08:25 | 1608,720,384 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/08 11:04:46 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/01/08 00:06:33 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/08 00:06:33 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/29 22:53:48 | 000,013,136 | ---- | M] () -- C:\Users\mmclaughlin\Desktop\REF cheat sheet.docx
[2010/12/29 22:47:23 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\mmclaughlin\Desktop\mbam-setup-1.50.1.1100.exe
[2010/12/28 19:49:36 | 000,730,384 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/12/28 19:49:36 | 000,626,844 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/12/28 19:49:36 | 000,107,160 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/12/27 14:02:26 | 000,624,128 | ---- | M] () -- C:\Users\mmclaughlin\Desktop\dds.scr
[2010/12/26 16:00:53 | 000,296,448 | ---- | M] () -- C:\Users\mmclaughlin\Desktop\gxslih1v.exe
[2010/12/23 15:11:10 | 000,032,768 | ---- | M] () -- C:\Users\mmclaughlin\Documents\15233_HTCat1255-E-tegrity.doc
[2010/12/23 07:43:54 | 000,002,336 | ---- | M] () -- C:\Users\mmclaughlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_23.12.2010_14-27[1].lnk
[2010/12/22 21:37:35 | 000,002,727 | ---- | M] () -- C:\Users\Public\Desktop\Vz In-Home Agent.lnk
[2010/12/22 20:02:01 | 000,002,874 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101223-115853.backup
[2010/12/22 20:02:01 | 000,002,874 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101223-115851.backup
[2010/12/22 20:02:01 | 000,002,874 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101223-115838.backup
[2010/12/22 20:02:01 | 000,002,874 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101223-115837.backup
[2010/12/22 20:02:01 | 000,002,874 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101223-115836.backup
[2010/12/22 20:02:01 | 000,002,874 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101223-115835.backup
[2010/12/22 20:02:01 | 000,002,874 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101223-115834.backup
[2010/12/22 20:02:01 | 000,002,874 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101223-115833.backup
[2010/12/22 20:02:01 | 000,002,874 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101223-115832.backup
[2010/12/22 20:01:09 | 000,001,857 | ---- | M] () -- C:\Users\mmclaughlin\Desktop\Computer.lnk
[2010/12/22 20:01:09 | 000,001,643 | ---- | M] () -- C:\Users\mmclaughlin\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Antivirus 2011.lnk
[2010/12/21 15:10:54 | 000,000,162 | -H-- | M] () -- C:\Users\mmclaughlin\Desktop\~$yes_Style_Guide_06.29.2010 (Repaired).doc
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/12/16 03:24:28 | 000,304,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/12/12 22:43:02 | 000,055,524 | ---- | M] () -- C:\Users\mmclaughlin\Documents\15509_HTB_903_SECCA DAH.docx
[2010/12/12 20:00:37 | 000,149,504 | ---- | M] () -- C:\Users\mmclaughlin\Documents\HTB 1255-E E tegrity-jb mm 12 9 10edit sl.doc
[2010/12/11 19:11:14 | 000,000,162 | -H-- | M] () -- C:\Users\mmclaughlin\Desktop\~$yes_Style_Guide_06.29.2010.doc

========== Files Created - No Company Name ==========

[2010/12/29 17:24:50 | 000,013,136 | ---- | C] () -- C:\Users\mmclaughlin\Desktop\REF cheat sheet.docx
[2010/12/27 14:02:19 | 000,624,128 | ---- | C] () -- C:\Users\mmclaughlin\Desktop\dds.scr
[2010/12/26 16:00:48 | 000,296,448 | ---- | C] () -- C:\Users\mmclaughlin\Desktop\gxslih1v.exe
[2010/12/23 15:11:09 | 000,032,768 | ---- | C] () -- C:\Users\mmclaughlin\Documents\15233_HTCat1255-E-tegrity.doc
[2010/12/23 07:43:54 | 000,002,336 | ---- | C] () -- C:\Users\mmclaughlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_23.12.2010_14-27[1].lnk
[2010/12/22 21:37:35 | 000,002,727 | ---- | C] () -- C:\Users\Public\Desktop\Vz In-Home Agent.lnk
[2010/12/22 20:01:09 | 000,001,857 | ---- | C] () -- C:\Users\mmclaughlin\Desktop\Computer.lnk
[2010/12/22 20:01:09 | 000,001,643 | ---- | C] () -- C:\Users\mmclaughlin\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Antivirus 2011.lnk
[2010/12/21 15:10:54 | 000,000,162 | -H-- | C] () -- C:\Users\mmclaughlin\Desktop\~$yes_Style_Guide_06.29.2010 (Repaired).doc
[2010/12/12 22:43:01 | 000,055,524 | ---- | C] () -- C:\Users\mmclaughlin\Documents\15509_HTB_903_SECCA DAH.docx
[2010/12/12 20:00:34 | 000,149,504 | ---- | C] () -- C:\Users\mmclaughlin\Documents\HTB 1255-E E tegrity-jb mm 12 9 10edit sl.doc
[2010/12/11 19:11:14 | 000,000,162 | -H-- | C] () -- C:\Users\mmclaughlin\Desktop\~$yes_Style_Guide_06.29.2010.doc
[2010/06/17 10:54:32 | 000,002,127 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/06/03 16:09:54 | 000,000,026 | ---- | C] () -- C:\Windows\starter.INI
[2010/05/04 13:49:33 | 000,000,117 | ---- | C] () -- C:\Windows\restore.INI
[2010/05/04 10:26:15 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/05/04 09:47:23 | 000,000,000 | ---D | M] -- C:\Users\mmclaughlin\AppData\Roaming\DAEMON Tools Lite
[2009/07/14 00:08:49 | 000,016,410 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#5
Zara413
Posted 08 January 2011 - 10:39 AM

Zara413

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
TDDSSKiller logfile:

2011/01/08 11:23:33.0743 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2011/01/08 11:23:33.0743 ================================================================================
2011/01/08 11:23:33.0743 SystemInfo:
2011/01/08 11:23:33.0743
2011/01/08 11:23:33.0743 OS Version: 6.1.7600 ServicePack: 0.0
2011/01/08 11:23:33.0743 Product type: Workstation
2011/01/08 11:23:33.0743 ComputerName: KALA_JEERA
2011/01/08 11:23:33.0743 UserName: mmclaughlin
2011/01/08 11:23:33.0743 Windows directory: C:\Windows
2011/01/08 11:23:33.0743 System windows directory: C:\Windows
2011/01/08 11:23:33.0743 Running under WOW64
2011/01/08 11:23:33.0743 Processor architecture: Intel x64
2011/01/08 11:23:33.0743 Number of processors: 2
2011/01/08 11:23:33.0743 Page size: 0x1000
2011/01/08 11:23:33.0743 Boot type: Normal boot
2011/01/08 11:23:33.0743 ================================================================================
2011/01/08 11:23:33.0743 Utility is running under WOW64
2011/01/08 11:23:37.0347 Initialize success
2011/01/08 11:25:18.0451 ================================================================================
2011/01/08 11:25:18.0451 Scan started
2011/01/08 11:25:18.0451 Mode: Manual;
2011/01/08 11:25:18.0451 ================================================================================
2011/01/08 11:25:18.0919 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/01/08 11:25:19.0012 97904391 (6c5461eeb3ffa1b1dcf9a07f8c3b3afe) C:\Windows\system32\DRIVERS\97904391.sys
2011/01/08 11:25:19.0106 97904392 (3ec7dfda521b4fb22ce9f76df15db099) C:\Windows\system32\DRIVERS\97904392.sys
2011/01/08 11:25:19.0184 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/01/08 11:25:19.0262 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/01/08 11:25:19.0324 ADIHdAudAddService (0fa60a409e1c8ab9a81901311d15393d) C:\Windows\system32\drivers\ADIHdAud.sys
2011/01/08 11:25:19.0433 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/01/08 11:25:19.0511 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/01/08 11:25:19.0605 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/01/08 11:25:19.0714 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/01/08 11:25:19.0808 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/01/08 11:25:19.0901 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/01/08 11:25:19.0948 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/01/08 11:25:20.0011 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/01/08 11:25:20.0057 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/01/08 11:25:20.0120 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/01/08 11:25:20.0198 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/01/08 11:25:20.0245 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/01/08 11:25:20.0323 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/01/08 11:25:20.0432 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/01/08 11:25:20.0479 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/01/08 11:25:20.0557 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/01/08 11:25:20.0619 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/01/08 11:25:20.0822 atikmdag (b5fb227a09a9ec28163fa4b45487c3c7) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/01/08 11:25:21.0025 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/01/08 11:25:21.0118 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/01/08 11:25:21.0212 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/01/08 11:25:21.0305 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/01/08 11:25:21.0368 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/01/08 11:25:21.0430 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/01/08 11:25:21.0461 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/01/08 11:25:21.0493 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/01/08 11:25:21.0524 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/01/08 11:25:21.0586 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/01/08 11:25:21.0617 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/01/08 11:25:21.0664 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/01/08 11:25:21.0742 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/01/08 11:25:21.0836 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/01/08 11:25:21.0929 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/01/08 11:25:21.0976 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/01/08 11:25:22.0117 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/01/08 11:25:22.0163 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/01/08 11:25:22.0210 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/01/08 11:25:22.0273 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/01/08 11:25:22.0304 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/01/08 11:25:22.0366 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/01/08 11:25:22.0429 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
2011/01/08 11:25:22.0538 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/01/08 11:25:22.0600 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/01/08 11:25:22.0647 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/01/08 11:25:22.0756 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
2011/01/08 11:25:22.0819 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/01/08 11:25:22.0881 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/01/08 11:25:22.0975 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/01/08 11:25:23.0053 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
2011/01/08 11:25:23.0131 e1kexpress (711405da1fbc40b820db5a2b4dd939f0) C:\Windows\system32\DRIVERS\e1k62x64.sys
2011/01/08 11:25:23.0255 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/01/08 11:25:23.0443 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/01/08 11:25:23.0489 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/01/08 11:25:23.0583 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/01/08 11:25:23.0630 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/01/08 11:25:23.0692 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/01/08 11:25:23.0739 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/01/08 11:25:23.0770 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/01/08 11:25:23.0817 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/01/08 11:25:23.0864 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/01/08 11:25:23.0926 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/01/08 11:25:23.0957 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/01/08 11:25:24.0020 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/01/08 11:25:24.0067 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/01/08 11:25:24.0129 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/01/08 11:25:24.0176 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/01/08 11:25:24.0223 HECIx64 (e91aff2610114ccaebb90d4d991bb6b2) C:\Windows\system32\DRIVERS\HECIx64.sys
2011/01/08 11:25:24.0269 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/01/08 11:25:24.0316 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/01/08 11:25:24.0347 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/01/08 11:25:24.0394 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/01/08 11:25:24.0503 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/01/08 11:25:24.0613 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/01/08 11:25:24.0675 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/01/08 11:25:24.0722 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/01/08 11:25:24.0800 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
2011/01/08 11:25:24.0893 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/01/08 11:25:25.0003 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/01/08 11:25:25.0065 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/01/08 11:25:25.0127 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/01/08 11:25:25.0174 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/01/08 11:25:25.0205 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/01/08 11:25:25.0252 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/01/08 11:25:25.0299 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/01/08 11:25:25.0330 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/01/08 11:25:25.0377 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/01/08 11:25:25.0424 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/01/08 11:25:25.0471 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/01/08 11:25:25.0517 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/01/08 11:25:25.0564 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/01/08 11:25:25.0627 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/01/08 11:25:25.0705 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/01/08 11:25:25.0783 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/01/08 11:25:25.0845 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/01/08 11:25:25.0876 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/01/08 11:25:25.0923 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/01/08 11:25:25.0970 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/01/08 11:25:26.0063 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/01/08 11:25:26.0110 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/01/08 11:25:26.0157 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/01/08 11:25:26.0204 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/01/08 11:25:26.0235 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/01/08 11:25:26.0313 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/01/08 11:25:26.0360 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/01/08 11:25:26.0422 MpFilter (c4d8c3031c7cd5884ca856b15307e997) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/01/08 11:25:26.0469 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/01/08 11:25:26.0547 MpNWMon (a768f58c55d3f303e686a7646348aec3) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/01/08 11:25:26.0594 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/01/08 11:25:26.0687 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
2011/01/08 11:25:26.0797 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
2011/01/08 11:25:26.0890 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/01/08 11:25:26.0937 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/01/08 11:25:26.0968 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/01/08 11:25:27.0015 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/01/08 11:25:27.0062 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys
2011/01/08 11:25:27.0109 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/01/08 11:25:27.0155 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/01/08 11:25:27.0187 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/01/08 11:25:27.0218 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/01/08 11:25:27.0280 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/01/08 11:25:27.0311 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/01/08 11:25:27.0343 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/01/08 11:25:27.0405 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/01/08 11:25:27.0452 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/01/08 11:25:27.0499 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/01/08 11:25:27.0530 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/01/08 11:25:27.0592 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/01/08 11:25:27.0655 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/01/08 11:25:27.0733 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/01/08 11:25:27.0795 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/01/08 11:25:27.0842 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/01/08 11:25:27.0873 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/01/08 11:25:27.0904 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/01/08 11:25:27.0951 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/01/08 11:25:27.0998 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/01/08 11:25:28.0045 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/01/08 11:25:28.0154 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/01/08 11:25:28.0201 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/01/08 11:25:28.0232 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/01/08 11:25:28.0294 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/01/08 11:25:28.0372 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/01/08 11:25:28.0403 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/01/08 11:25:28.0435 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/01/08 11:25:28.0481 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/01/08 11:25:28.0544 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/01/08 11:25:28.0637 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/01/08 11:25:28.0669 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/01/08 11:25:28.0762 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/01/08 11:25:28.0809 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/01/08 11:25:28.0856 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/01/08 11:25:28.0903 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/01/08 11:25:28.0949 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/01/08 11:25:29.0074 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/01/08 11:25:29.0105 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/01/08 11:25:29.0199 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/01/08 11:25:29.0277 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/01/08 11:25:29.0355 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/01/08 11:25:29.0402 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/01/08 11:25:29.0433 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/01/08 11:25:29.0480 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/01/08 11:25:29.0542 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/01/08 11:25:29.0573 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/01/08 11:25:29.0620 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/01/08 11:25:29.0651 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/01/08 11:25:29.0683 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/01/08 11:25:29.0714 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/01/08 11:25:29.0761 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
2011/01/08 11:25:29.0823 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/01/08 11:25:29.0870 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/01/08 11:25:29.0917 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/01/08 11:25:29.0979 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/01/08 11:25:30.0073 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/01/08 11:25:30.0135 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/01/08 11:25:30.0229 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
2011/01/08 11:25:30.0275 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
2011/01/08 11:25:30.0353 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/01/08 11:25:30.0400 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/01/08 11:25:30.0463 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/01/08 11:25:30.0556 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/01/08 11:25:30.0587 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/01/08 11:25:30.0650 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/01/08 11:25:30.0743 setup_9.0.0.722_23.12.2010_14-27[1]drv (8423db42808e94847ec4e53efda6bee2) C:\Windows\system32\DRIVERS\9790439.sys
2011/01/08 11:25:30.0806 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/01/08 11:25:30.0853 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/01/08 11:25:30.0899 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/01/08 11:25:30.0962 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/01/08 11:25:31.0024 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/01/08 11:25:31.0055 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/01/08 11:25:31.0102 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/01/08 11:25:31.0165 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/01/08 11:25:31.0258 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
2011/01/08 11:25:31.0258 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
2011/01/08 11:25:31.0258 sptd - detected Locked file (1)
2011/01/08 11:25:31.0321 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2011/01/08 11:25:31.0367 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2011/01/08 11:25:31.0414 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/01/08 11:25:31.0508 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/01/08 11:25:31.0586 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/01/08 11:25:31.0648 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
2011/01/08 11:25:31.0679 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/01/08 11:25:31.0789 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/01/08 11:25:31.0929 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/01/08 11:25:31.0991 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/01/08 11:25:32.0023 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/01/08 11:25:32.0069 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/01/08 11:25:32.0116 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/01/08 11:25:32.0147 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/01/08 11:25:32.0225 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/01/08 11:25:32.0303 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/01/08 11:25:32.0350 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/01/08 11:25:32.0413 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
2011/01/08 11:25:32.0475 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/01/08 11:25:32.0537 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/01/08 11:25:32.0569 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/01/08 11:25:32.0615 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/01/08 11:25:32.0662 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/01/08 11:25:32.0709 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/01/08 11:25:32.0771 usbhub (7cc1c95896d60e868aa6dd2dd2f97ead) C:\Windows\system32\DRIVERS\usbhub.sys
2011/01/08 11:25:32.0818 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/01/08 11:25:32.0865 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/01/08 11:25:32.0943 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/01/08 11:25:32.0990 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/01/08 11:25:33.0037 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/01/08 11:25:33.0099 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/01/08 11:25:33.0146 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/01/08 11:25:33.0208 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/01/08 11:25:33.0255 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/01/08 11:25:33.0302 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/01/08 11:25:33.0364 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
2011/01/08 11:25:33.0411 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/01/08 11:25:33.0473 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/01/08 11:25:33.0520 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/01/08 11:25:33.0567 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/01/08 11:25:33.0645 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/01/08 11:25:33.0707 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/01/08 11:25:33.0739 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/01/08 11:25:33.0801 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/08 11:25:33.0832 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/08 11:25:33.0910 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/01/08 11:25:33.0973 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/01/08 11:25:34.0097 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/01/08 11:25:34.0144 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/01/08 11:25:34.0269 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/01/08 11:25:34.0347 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/01/08 11:25:34.0409 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/01/08 11:25:34.0472 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys
2011/01/08 11:25:34.0534 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/01/08 11:25:34.0597 ================================================================================
2011/01/08 11:25:34.0597 Scan finished
2011/01/08 11:25:34.0597 ================================================================================
2011/01/08 11:25:34.0612 Detected object count: 1
2011/01/08 11:30:13.0634 Locked file(sptd) - User select action: Skip


Thanks again!!!!
  • 0

#6
Essexboy
Posted 08 January 2011 - 10:42 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
On completion of this run can you check for re-directs, also let me know of any other problems you are experiencing


Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

#7
Zara413
Posted 08 January 2011 - 11:04 AM

Zara413

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thank you. I can now access gmail, and surfed around with no redirects, which is a refreshing change from what has been happening.
:D


Here is the MBAM logfile:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5482

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

1/8/2011 11:55:24 AM
mbam-log-2011-01-08 (11-55-24).txt

Scan type: Quick scan
Objects scanned: 154722
Time elapsed: 2 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#8
Essexboy
Posted 08 January 2011 - 11:08 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looking at that I am a happy bunny ;)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :D

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.


SPRING CLEAN

To manually create a new Restore Point

  • Go to Control Panel and select System and Maintenance
  • Select System
  • On the left select Advance System Settings and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones

  • Go back to the System and Maintenance page
  • Select Performance Information and Tools
  • On the left select Open Disk Cleanup
  • Select Files from all users and accept the warning if you get one
  • In the drop down box select your main drive i.e. C
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Final stretch


Download and run Puran Disc Defragmenter
For the first run I would recommend a boot defrag and disk check
Posted Image


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe ;)
  • 0

#9
Zara413
Posted 08 January 2011 - 11:19 PM

Zara413

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thank you once again, essexboy. You have been very generous with your knowledge and your time. I will finish up following your instructions. On Monday (Eastern US), I'll be using my system heavily so will let you know if anything else pops up. In the meantime, thanks again, and cheers. Zara :D
  • 0

#10
Essexboy
Posted 09 January 2011 - 05:45 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
And thank you Zara for the donation - it is greatly appreciated :D
  • 0

#11
Zara413
Posted 09 January 2011 - 12:41 PM

Zara413

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
You are most welcome.
  • 0

#12
Essexboy
Posted 12 January 2011 - 09:15 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :D

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP