error msg: Disk Drive C unreadable HELP PLS :(
Started by
love2teach956
, Oct 30 2011 09:28 PM
#16
Posted 15 November 2011 - 05:42 PM
BlackOxide
-
- Malware Removal
-
- 1,976 posts
Trusted Helper
#17
Posted 15 November 2011 - 09:17 PM
love2teach956
- Topic Starter
-
- Member
-
- 132 posts
Member
OTL logfile created on: 11/15/2011 2:55:27 PM - Run 10
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ellery\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.96 Gb Total Physical Memory | 2.85 Gb Available Physical Memory | 72.00% Memory free
7.92 Gb Paging File | 6.60 Gb Available in Paging File | 83.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 405.52 Gb Free Space | 89.90% Space Free | Partition Type: NTFS
Computer Name: ELLERY-PC | User Name: Ellery | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/11/08 19:19:09 | 004,114,432 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AIM\aim.exe
PRC - [2011/11/08 19:19:02 | 000,199,680 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE
PRC - [2011/11/08 19:19:01 | 000,303,104 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2011/11/08 19:12:46 | 000,584,192 | R--- | M] (OldTimer Tools) -- C:\Users\Ellery\Desktop\OTL.exe
PRC - [2011/11/06 21:56:15 | 001,052,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/09/06 09:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 07:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
PRC - [2011/08/18 07:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 09:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2009/10/15 01:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/09/11 10:07:00 | 001,779,952 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/06/24 18:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/06/24 14:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
========== Modules (No Company Name) ==========
MOD - [2011/11/08 19:19:02 | 000,199,680 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE
MOD - [2011/10/17 02:39:20 | 002,295,296 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\6d859463c9e6a7423ddb335211a79dda\System.Core.ni.dll
MOD - [2011/10/17 02:39:16 | 000,997,888 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cc6713be0e405d5a89a2783103f7e771\System.Management.ni.dll
MOD - [2011/10/17 02:31:17 | 000,368,128 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5672e6b9d976feca51deb06d8dd1df0e\PresentationFramework.Aero.ni.dll
MOD - [2011/10/17 02:31:08 | 001,840,640 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\7fb80e48899821b64471f8e7ac2d08b7\System.Web.Services.ni.dll
MOD - [2011/10/17 02:30:47 | 014,322,688 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\09e39322b47f9b4e8dd2199ff03acb2e\PresentationFramework.ni.dll
MOD - [2011/10/17 02:30:32 | 012,431,360 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll
MOD - [2011/10/17 02:30:25 | 001,586,688 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll
MOD - [2011/10/17 02:30:22 | 012,216,320 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\d2dc021a8311197516e4fa325b292f21\PresentationCore.ni.dll
MOD - [2011/10/17 02:30:11 | 003,325,952 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3136e12cfb8809d39813e76c766c782c\WindowsBase.ni.dll
MOD - [2011/10/17 02:30:05 | 005,452,800 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2011/10/17 02:30:02 | 000,971,264 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll
MOD - [2011/10/17 02:30:01 | 007,949,312 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011/10/17 02:29:52 | 011,490,304 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011/09/19 15:59:10 | 001,000,920 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\js3250.dll
MOD - [2011/08/18 07:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
MOD - [2010/11/17 13:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/04/19 12:49:23 | 000,176,128 | ---- | M] () -- C:\Program Files (x86)\AIM\nssckbi.dll
MOD - [2009/10/15 01:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009/09/11 10:08:00 | 000,268,016 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2009/09/11 10:08:00 | 000,140,528 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2009/09/11 10:08:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2009/09/11 10:07:00 | 001,779,952 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2009/09/11 10:05:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
MOD - [2009/08/21 08:57:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll
MOD - [1996/11/17 00:00:00 | 003,774,224 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office\MSO97.DLL
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2011/11/08 19:19:01 | 000,303,104 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2009/07/16 17:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/06/28 20:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV - [2011/11/14 13:14:38 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2011/11/06 22:42:37 | 000,495,616 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2011/10/24 22:43:58 | 000,158,720 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2011/10/24 22:43:34 | 000,393,216 | ---- | M] (WildTangent, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2011/10/24 22:42:57 | 000,271,872 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011/08/18 07:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011/03/10 22:22:41 | 000,107,904 | -H-- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:22:40 | 000,027,008 | -H-- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/14 18:51:20 | 000,051,712 | -H-- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/07/16 17:06:20 | 000,022,520 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/16 17:06:18 | 002,769,400 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | -H-- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | -H-- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | -H-- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | -H-- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 01:00:00 | 000,055,280 | -H-- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/28 20:44:38 | 000,487,424 | -H-- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/25 03:26:10 | 000,273,456 | -H-- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/15 11:06:42 | 000,172,704 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | -H-- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 02:54:36 | 000,408,600 | -H-- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/06/02 19:16:56 | 007,333,472 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/05/19 19:10:00 | 000,393,728 | -H-- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | -H-- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/08 00:15:18 | 000,215,552 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2006/11/01 10:51:00 | 000,151,656 | -H-- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2A 49 2B 98 15 A3 CC 01 [binary data]
IE - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0
FF - prefs.js..extensions.enabledItems: {99079a25-328f-4bd4-be04-00955acaa0a7}:4.4.1.00
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/30 19:06:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/19 15:59:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{02C2357F-6111-4C54-9AAC-B4FA3F1191E9}: C:\Users\Ellery\AppData\Local\{02C2357F-6111-4C54-9AAC-B4FA3F1191E9}
[2011/10/08 14:13:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Extensions
[2011/11/15 14:51:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions
[2011/10/08 14:12:59 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2011/10/30 19:03:53 | 000,000,000 | ---D | M] (.) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}
[2010/08/17 14:01:30 | 000,002,197 | ---- | M] () -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\searchplugins\google-search.xml
[2011/10/08 14:12:55 | 000,002,520 | ---- | M] () -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\searchplugins\SearchResults.xml
[2011/10/08 14:13:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/08 14:13:03 | 000,000,000 | ---D | M] (SearchCore for Browsers) -- C:\PROGRAM FILES (X86)\SEARCHCORE FOR BROWSERS\SEARCHCORE FOR BROWSERS\FIREFOXEXTENSION
[2011/10/08 14:12:55 | 000,002,520 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
O1 HOSTS File: ([2011/11/14 13:14:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\isovfe.exe (Radialpoint Inc.)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\isovfe.exe (Radialpoint Inc.)
O4 - Startup: C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE ()
O4 - Startup: C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{412B5C3D-27AE-4B40-B566-FF34FD010B4D}: DhcpNameServer = 134.139.19.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6856E191-803C-433A-B603-54C8CF1692AF}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/11/14 13:19:50 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/14 12:52:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/14 12:52:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/14 12:52:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/14 12:52:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/14 12:52:16 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/11/14 12:39:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/08 19:12:46 | 000,584,192 | R--- | C] (OldTimer Tools) -- C:\Users\Ellery\Desktop\OTL.exe
[2011/11/06 21:56:54 | 000,000,000 | ---D | C] -- C:\Users\Ellery\AppData\Local\ElevatedDiagnostics
[2011/11/06 21:19:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/11/06 21:15:59 | 000,000,000 | ---D | C] -- C:\Users\Ellery\Desktop\RK_Quarantine
[2011/11/06 14:54:48 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/10/26 23:28:53 | 000,000,000 | ---D | C] -- C:\Users\Ellery\AppData\Roaming\Myo
[2011/10/26 23:28:53 | 000,000,000 | ---D | C] -- C:\Users\Ellery\AppData\Roaming\Imcuiqo
[2011/10/18 20:20:56 | 000,000,000 | -H-D | C] -- C:\Windows\SysWow64\SL-SL
[2011/10/17 18:45:02 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Users\Ellery\Desktop\*.tmp files -> C:\Users\Ellery\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/11/15 14:58:09 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/15 14:58:09 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/15 14:51:20 | 000,000,334 | ---- | M] () -- C:\Users\Ellery\AppData\Local\wsr20zt32.dll
[2011/11/15 14:50:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/15 14:50:07 | 3190,050,816 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/14 18:28:19 | 000,166,409 | ---- | M] () -- C:\Users\Ellery\AppData\Local\dfl20z32.dll
[2011/11/14 13:14:42 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/11/14 12:27:58 | 000,578,442 | ---- | M] () -- C:\Users\Ellery\Desktop\OTL.zip
[2011/11/08 19:12:46 | 000,584,192 | R--- | M] (OldTimer Tools) -- C:\Users\Ellery\Desktop\OTL.exe
[2011/11/06 14:36:52 | 000,000,216 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/10/30 19:02:08 | 087,293,952 | ---- | M] () -- C:\Users\Ellery\kavkis.msi
[2011/10/30 18:44:16 | 000,000,456 | ---- | M] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/10/30 18:41:19 | 000,000,040 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/10/30 18:41:17 | 000,000,683 | ---- | M] () -- C:\Users\Ellery\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/10/30 18:41:17 | 000,000,659 | ---- | M] () -- C:\Users\Ellery\Desktop\System Restore.lnk
[2011/10/17 02:24:36 | 000,422,112 | -H-- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/17 02:02:33 | 000,740,374 | -H-- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/17 02:02:33 | 000,624,178 | -H-- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/17 02:02:33 | 000,106,522 | -H-- | M] () -- C:\Windows\SysNative\perfc009.dat
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Users\Ellery\Desktop\*.tmp files -> C:\Users\Ellery\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/11/15 14:51:20 | 000,000,334 | ---- | C] () -- C:\Users\Ellery\AppData\Local\wsr20zt32.dll
[2011/11/14 13:37:57 | 000,166,409 | ---- | C] () -- C:\Users\Ellery\AppData\Local\dfl20z32.dll
[2011/11/14 12:52:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/14 12:52:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/14 12:52:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/14 12:52:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/14 12:52:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/14 12:27:58 | 000,578,442 | ---- | C] () -- C:\Users\Ellery\Desktop\OTL.zip
[2011/11/06 14:36:52 | 000,000,216 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/10/30 18:48:47 | 087,293,952 | ---- | C] () -- C:\Users\Ellery\kavkis.msi
[2011/10/30 18:42:58 | 000,000,456 | ---- | C] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/10/30 18:41:18 | 000,000,040 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/10/30 18:41:17 | 000,000,683 | ---- | C] () -- C:\Users\Ellery\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/10/30 18:41:17 | 000,000,659 | ---- | C] () -- C:\Users\Ellery\Desktop\System Restore.lnk
[2011/03/07 15:37:07 | 000,009,744 | --S- | C] () -- C:\Users\Ellery\AppData\Local\2942080039
[2011/03/07 15:37:07 | 000,009,744 | --S- | C] () -- C:\ProgramData\2942080039
[2011/01/08 17:01:56 | 000,000,022 | -H-- | C] () -- C:\Windows\exchng.ini
[2011/01/08 17:01:55 | 000,000,957 | -H-- | C] () -- C:\Windows\ODBCINST.INI
[2011/01/08 17:01:55 | 000,000,611 | -H-- | C] () -- C:\Windows\ODBC.INI
[2010/09/04 21:04:18 | 000,000,584 | -H-- | C] () -- C:\Windows\eReg.dat
[2010/07/24 21:31:32 | 000,000,000 | ---- | C] () -- C:\Users\Ellery\AppData\Local\Chilifalutiholu.bin
[2010/07/24 21:31:31 | 000,000,120 | ---- | C] () -- C:\Users\Ellery\AppData\Local\Qyujuwaru.dat
[2010/01/02 13:42:32 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/31 18:27:33 | 000,009,216 | ---- | C] () -- C:\Users\Ellery\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/21 10:01:54 | 000,982,220 | -H-- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/12/21 10:01:52 | 000,134,592 | -H-- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/12/21 10:01:52 | 000,092,216 | -H-- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/12/21 10:01:51 | 000,433,024 | -H-- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/12/21 08:42:17 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 18:35:51 | 000,000,741 | -H-- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 18:34:42 | 000,215,943 | -H-- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[1996/11/17 00:00:00 | 000,094,208 | -H-- | C] () -- C:\Windows\SysWow64\MSENCODE.DLL
[1996/11/17 00:00:00 | 000,047,104 | -H-- | C] () -- C:\Windows\SysWow64\WRKGADM.EXE
[1996/11/17 00:00:00 | 000,022,016 | -H-- | C] () -- C:\Windows\SysWow64\ODBCSTF.DLL
[1996/11/17 00:00:00 | 000,022,016 | -H-- | C] () -- C:\Windows\SysWow64\DOCOBJ.DLL
[1996/11/17 00:00:00 | 000,012,288 | -H-- | C] () -- C:\Windows\SysWow64\HLINKPRX.DLL
========== LOP Check ==========
[2010/01/02 00:31:02 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\acccore
[2011/10/26 23:28:53 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\Imcuiqo
[2011/11/06 22:49:34 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\Myo
[2011/09/12 16:07:59 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\PCDr
[2010/01/02 03:47:40 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\WildTangent
[2009/07/13 21:08:49 | 000,032,018 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ellery\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.96 Gb Total Physical Memory | 2.85 Gb Available Physical Memory | 72.00% Memory free
7.92 Gb Paging File | 6.60 Gb Available in Paging File | 83.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 405.52 Gb Free Space | 89.90% Space Free | Partition Type: NTFS
Computer Name: ELLERY-PC | User Name: Ellery | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/11/08 19:19:09 | 004,114,432 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AIM\aim.exe
PRC - [2011/11/08 19:19:02 | 000,199,680 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE
PRC - [2011/11/08 19:19:01 | 000,303,104 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2011/11/08 19:12:46 | 000,584,192 | R--- | M] (OldTimer Tools) -- C:\Users\Ellery\Desktop\OTL.exe
PRC - [2011/11/06 21:56:15 | 001,052,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/09/06 09:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 07:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
PRC - [2011/08/18 07:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 09:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2009/10/15 01:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/09/11 10:07:00 | 001,779,952 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/06/24 18:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/06/24 14:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
========== Modules (No Company Name) ==========
MOD - [2011/11/08 19:19:02 | 000,199,680 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE
MOD - [2011/10/17 02:39:20 | 002,295,296 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\6d859463c9e6a7423ddb335211a79dda\System.Core.ni.dll
MOD - [2011/10/17 02:39:16 | 000,997,888 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cc6713be0e405d5a89a2783103f7e771\System.Management.ni.dll
MOD - [2011/10/17 02:31:17 | 000,368,128 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5672e6b9d976feca51deb06d8dd1df0e\PresentationFramework.Aero.ni.dll
MOD - [2011/10/17 02:31:08 | 001,840,640 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\7fb80e48899821b64471f8e7ac2d08b7\System.Web.Services.ni.dll
MOD - [2011/10/17 02:30:47 | 014,322,688 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\09e39322b47f9b4e8dd2199ff03acb2e\PresentationFramework.ni.dll
MOD - [2011/10/17 02:30:32 | 012,431,360 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll
MOD - [2011/10/17 02:30:25 | 001,586,688 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll
MOD - [2011/10/17 02:30:22 | 012,216,320 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\d2dc021a8311197516e4fa325b292f21\PresentationCore.ni.dll
MOD - [2011/10/17 02:30:11 | 003,325,952 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3136e12cfb8809d39813e76c766c782c\WindowsBase.ni.dll
MOD - [2011/10/17 02:30:05 | 005,452,800 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2011/10/17 02:30:02 | 000,971,264 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll
MOD - [2011/10/17 02:30:01 | 007,949,312 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011/10/17 02:29:52 | 011,490,304 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011/09/19 15:59:10 | 001,000,920 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\js3250.dll
MOD - [2011/08/18 07:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
MOD - [2010/11/17 13:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/04/19 12:49:23 | 000,176,128 | ---- | M] () -- C:\Program Files (x86)\AIM\nssckbi.dll
MOD - [2009/10/15 01:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009/09/11 10:08:00 | 000,268,016 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2009/09/11 10:08:00 | 000,140,528 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2009/09/11 10:08:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2009/09/11 10:07:00 | 001,779,952 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2009/09/11 10:05:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
MOD - [2009/08/21 08:57:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll
MOD - [1996/11/17 00:00:00 | 003,774,224 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office\MSO97.DLL
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2011/11/08 19:19:01 | 000,303,104 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2009/07/16 17:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/06/28 20:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV - [2011/11/14 13:14:38 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2011/11/06 22:42:37 | 000,495,616 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2011/10/24 22:43:58 | 000,158,720 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2011/10/24 22:43:34 | 000,393,216 | ---- | M] (WildTangent, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2011/10/24 22:42:57 | 000,271,872 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011/08/18 07:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011/03/10 22:22:41 | 000,107,904 | -H-- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:22:40 | 000,027,008 | -H-- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/14 18:51:20 | 000,051,712 | -H-- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/07/16 17:06:20 | 000,022,520 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/16 17:06:18 | 002,769,400 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | -H-- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | -H-- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | -H-- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | -H-- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 01:00:00 | 000,055,280 | -H-- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/28 20:44:38 | 000,487,424 | -H-- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/25 03:26:10 | 000,273,456 | -H-- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/15 11:06:42 | 000,172,704 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | -H-- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 02:54:36 | 000,408,600 | -H-- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/06/02 19:16:56 | 007,333,472 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/05/19 19:10:00 | 000,393,728 | -H-- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | -H-- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/08 00:15:18 | 000,215,552 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2006/11/01 10:51:00 | 000,151,656 | -H-- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2A 49 2B 98 15 A3 CC 01 [binary data]
IE - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0
FF - prefs.js..extensions.enabledItems: {99079a25-328f-4bd4-be04-00955acaa0a7}:4.4.1.00
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/30 19:06:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/19 15:59:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{02C2357F-6111-4C54-9AAC-B4FA3F1191E9}: C:\Users\Ellery\AppData\Local\{02C2357F-6111-4C54-9AAC-B4FA3F1191E9}
[2011/10/08 14:13:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Extensions
[2011/11/15 14:51:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions
[2011/10/08 14:12:59 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2011/10/30 19:03:53 | 000,000,000 | ---D | M] (.) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}
[2010/08/17 14:01:30 | 000,002,197 | ---- | M] () -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\searchplugins\google-search.xml
[2011/10/08 14:12:55 | 000,002,520 | ---- | M] () -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\searchplugins\SearchResults.xml
[2011/10/08 14:13:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/08 14:13:03 | 000,000,000 | ---D | M] (SearchCore for Browsers) -- C:\PROGRAM FILES (X86)\SEARCHCORE FOR BROWSERS\SEARCHCORE FOR BROWSERS\FIREFOXEXTENSION
[2011/10/08 14:12:55 | 000,002,520 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
O1 HOSTS File: ([2011/11/14 13:14:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\isovfe.exe (Radialpoint Inc.)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\isovfe.exe (Radialpoint Inc.)
O4 - Startup: C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE ()
O4 - Startup: C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{412B5C3D-27AE-4B40-B566-FF34FD010B4D}: DhcpNameServer = 134.139.19.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6856E191-803C-433A-B603-54C8CF1692AF}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/11/14 13:19:50 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/14 12:52:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/14 12:52:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/14 12:52:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/14 12:52:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/14 12:52:16 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/11/14 12:39:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/08 19:12:46 | 000,584,192 | R--- | C] (OldTimer Tools) -- C:\Users\Ellery\Desktop\OTL.exe
[2011/11/06 21:56:54 | 000,000,000 | ---D | C] -- C:\Users\Ellery\AppData\Local\ElevatedDiagnostics
[2011/11/06 21:19:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/11/06 21:15:59 | 000,000,000 | ---D | C] -- C:\Users\Ellery\Desktop\RK_Quarantine
[2011/11/06 14:54:48 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/10/26 23:28:53 | 000,000,000 | ---D | C] -- C:\Users\Ellery\AppData\Roaming\Myo
[2011/10/26 23:28:53 | 000,000,000 | ---D | C] -- C:\Users\Ellery\AppData\Roaming\Imcuiqo
[2011/10/18 20:20:56 | 000,000,000 | -H-D | C] -- C:\Windows\SysWow64\SL-SL
[2011/10/17 18:45:02 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Users\Ellery\Desktop\*.tmp files -> C:\Users\Ellery\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/11/15 14:58:09 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/15 14:58:09 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/15 14:51:20 | 000,000,334 | ---- | M] () -- C:\Users\Ellery\AppData\Local\wsr20zt32.dll
[2011/11/15 14:50:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/15 14:50:07 | 3190,050,816 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/14 18:28:19 | 000,166,409 | ---- | M] () -- C:\Users\Ellery\AppData\Local\dfl20z32.dll
[2011/11/14 13:14:42 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/11/14 12:27:58 | 000,578,442 | ---- | M] () -- C:\Users\Ellery\Desktop\OTL.zip
[2011/11/08 19:12:46 | 000,584,192 | R--- | M] (OldTimer Tools) -- C:\Users\Ellery\Desktop\OTL.exe
[2011/11/06 14:36:52 | 000,000,216 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/10/30 19:02:08 | 087,293,952 | ---- | M] () -- C:\Users\Ellery\kavkis.msi
[2011/10/30 18:44:16 | 000,000,456 | ---- | M] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/10/30 18:41:19 | 000,000,040 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/10/30 18:41:17 | 000,000,683 | ---- | M] () -- C:\Users\Ellery\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/10/30 18:41:17 | 000,000,659 | ---- | M] () -- C:\Users\Ellery\Desktop\System Restore.lnk
[2011/10/17 02:24:36 | 000,422,112 | -H-- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/17 02:02:33 | 000,740,374 | -H-- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/17 02:02:33 | 000,624,178 | -H-- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/17 02:02:33 | 000,106,522 | -H-- | M] () -- C:\Windows\SysNative\perfc009.dat
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Users\Ellery\Desktop\*.tmp files -> C:\Users\Ellery\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/11/15 14:51:20 | 000,000,334 | ---- | C] () -- C:\Users\Ellery\AppData\Local\wsr20zt32.dll
[2011/11/14 13:37:57 | 000,166,409 | ---- | C] () -- C:\Users\Ellery\AppData\Local\dfl20z32.dll
[2011/11/14 12:52:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/14 12:52:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/14 12:52:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/14 12:52:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/14 12:52:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/14 12:27:58 | 000,578,442 | ---- | C] () -- C:\Users\Ellery\Desktop\OTL.zip
[2011/11/06 14:36:52 | 000,000,216 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/10/30 18:48:47 | 087,293,952 | ---- | C] () -- C:\Users\Ellery\kavkis.msi
[2011/10/30 18:42:58 | 000,000,456 | ---- | C] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/10/30 18:41:18 | 000,000,040 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/10/30 18:41:17 | 000,000,683 | ---- | C] () -- C:\Users\Ellery\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/10/30 18:41:17 | 000,000,659 | ---- | C] () -- C:\Users\Ellery\Desktop\System Restore.lnk
[2011/03/07 15:37:07 | 000,009,744 | --S- | C] () -- C:\Users\Ellery\AppData\Local\2942080039
[2011/03/07 15:37:07 | 000,009,744 | --S- | C] () -- C:\ProgramData\2942080039
[2011/01/08 17:01:56 | 000,000,022 | -H-- | C] () -- C:\Windows\exchng.ini
[2011/01/08 17:01:55 | 000,000,957 | -H-- | C] () -- C:\Windows\ODBCINST.INI
[2011/01/08 17:01:55 | 000,000,611 | -H-- | C] () -- C:\Windows\ODBC.INI
[2010/09/04 21:04:18 | 000,000,584 | -H-- | C] () -- C:\Windows\eReg.dat
[2010/07/24 21:31:32 | 000,000,000 | ---- | C] () -- C:\Users\Ellery\AppData\Local\Chilifalutiholu.bin
[2010/07/24 21:31:31 | 000,000,120 | ---- | C] () -- C:\Users\Ellery\AppData\Local\Qyujuwaru.dat
[2010/01/02 13:42:32 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/31 18:27:33 | 000,009,216 | ---- | C] () -- C:\Users\Ellery\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/21 10:01:54 | 000,982,220 | -H-- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/12/21 10:01:52 | 000,134,592 | -H-- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/12/21 10:01:52 | 000,092,216 | -H-- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/12/21 10:01:51 | 000,433,024 | -H-- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/12/21 08:42:17 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 18:35:51 | 000,000,741 | -H-- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 18:34:42 | 000,215,943 | -H-- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[1996/11/17 00:00:00 | 000,094,208 | -H-- | C] () -- C:\Windows\SysWow64\MSENCODE.DLL
[1996/11/17 00:00:00 | 000,047,104 | -H-- | C] () -- C:\Windows\SysWow64\WRKGADM.EXE
[1996/11/17 00:00:00 | 000,022,016 | -H-- | C] () -- C:\Windows\SysWow64\ODBCSTF.DLL
[1996/11/17 00:00:00 | 000,022,016 | -H-- | C] () -- C:\Windows\SysWow64\DOCOBJ.DLL
[1996/11/17 00:00:00 | 000,012,288 | -H-- | C] () -- C:\Windows\SysWow64\HLINKPRX.DLL
========== LOP Check ==========
[2010/01/02 00:31:02 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\acccore
[2011/10/26 23:28:53 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\Imcuiqo
[2011/11/06 22:49:34 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\Myo
[2011/09/12 16:07:59 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\PCDr
[2010/01/02 03:47:40 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\WildTangent
[2009/07/13 21:08:49 | 000,032,018 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
#18
Posted 16 November 2011 - 12:47 PM
BlackOxide
-
- Malware Removal
-
- 1,976 posts
Trusted Helper
There are still some malware items that need removing, so we'll try another OTL fix, then we'll check to see if the ZeroAccess Rootkit was removed in the previous steps.
Please do the steps in the order they appear. If you can't do any of the steps, just take a note and move onto the next one
1)
Save the following file to your PC:
fix.txt 2.67KB
510 downloads
2)
Download the latest version of TDSSKiller from here and save it to your Desktop.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
3)
Please download Malwarebytes' Anti-Malware from Here.
Double Click mbam-setup.exe to install the application.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
In your next reply
Please post the contents of...
OTL log
TDSSKiller log
MBAM log
Please do the steps in the order they appear. If you can't do any of the steps, just take a note and move onto the next one
1)
Save the following file to your PC:
fix.txt 2.67KB
510 downloads- Open OTL
- Leave all the settings as they are and make sure the white box at the bottom of the OTL window is empty
- Now click Run Fix at the top
- Click OK on the message box that appears
- Navigate to the fix.txt file that you saved earlier and then select that file and click Open
- Now click the Run Fix button again and it should perform the fix
- Once it has finished and your PC reboots, open OTL again, Tick the Scan All Users box at the top and then click the Quick Scan button.
Post the log it produces in your next reply.
2)
Download the latest version of TDSSKiller from here and save it to your Desktop.
- Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
- Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
- Click the Start Scan button.
- If a suspicious object is detected, the default action will be Skip, click on Continue.
- If malicious objects are found, they will show in the Scan results and offer three (3) options.
- Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
- Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
3)
Please download Malwarebytes' Anti-Malware from Here.Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
In your next reply
Please post the contents of...
OTL log
TDSSKiller log
MBAM log
#19
Posted 18 November 2011 - 12:04 AM
love2teach956
- Topic Starter
-
- Member
-
- 132 posts
Member
Sorry, thought I already did this last night.
All processes killed
========== OTL ==========
Prefs.js: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0 removed from extensions.enabledItems
Prefs.js: {99079a25-328f-4bd4-be04-00955acaa0a7}:4.4.1.00 removed from extensions.enabledItems
File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{02C2357F-6111-4C54-9AAC-B4FA3F1191E9}: C:\Users\Ellery\AppData\Local\{02C2357F-6111-4C54-9AAC-B4FA3F1191E9} not found.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\searchbar folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\options folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\css folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\css folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.PPCBully folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\modules folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data\search folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}\components folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}\chrome\content folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}\chrome folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385} folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\searchplugins\SearchResults.xml moved successfully.
C:\PROGRAM FILES (X86)\SEARCHCORE FOR BROWSERS\SEARCHCORE FOR BROWSERS\FIREFOXEXTENSION\content folder moved successfully.
C:\PROGRAM FILES (X86)\SEARCHCORE FOR BROWSERS\SEARCHCORE FOR BROWSERS\FIREFOXEXTENSION\components folder moved successfully.
C:\PROGRAM FILES (X86)\SEARCHCORE FOR BROWSERS\SEARCHCORE FOR BROWSERS\FIREFOXEXTENSION folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchResults.xml moved successfully.
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\isovfe.exe moved successfully.
File C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\isovfe.exe not found.
C:\Users\Ellery\AppData\Local\wsr20zt32.dll moved successfully.
C:\Users\Ellery\AppData\Local\dfl20z32.dll moved successfully.
C:\ProgramData\~6DSS92c31Apgjkr moved successfully.
C:\ProgramData\6DSS92c31Apgjk moved successfully.
C:\Users\Ellery\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk moved successfully.
C:\Users\Ellery\Desktop\System Restore.lnk moved successfully.
C:\Users\Ellery\AppData\Local\2942080039 moved successfully.
C:\ProgramData\2942080039 moved successfully.
C:\Users\Ellery\AppData\Local\Chilifalutiholu.bin moved successfully.
C:\Users\Ellery\AppData\Local\Qyujuwaru.dat moved successfully.
C:\Users\Ellery\AppData\Roaming\Imcuiqo folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Myo folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Ellery\Desktop\cmd.bat deleted successfully.
C:\Users\Ellery\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Ellery
->Temp folder emptied: 7415 bytes
->Temporary Internet Files folder emptied: 432130583 bytes
->Java cache emptied: 28863 bytes
->FireFox cache emptied: 55469102 bytes
->Flash cache emptied: 168994 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 743352 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 25158 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 66407 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 466.00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default
User: Default User
User: Ellery
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.31.0 log created on 11162011_212519
Files\Folders moved on Reboot...
C:\Users\Ellery\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
And now here's Killer log:
21:23:42.0792 0532 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
21:23:43.0557 0532 ============================================================
21:23:43.0557 0532 Current date / time: 2011/11/17 21:23:43.0557
21:23:43.0557 0532 SystemInfo:
21:23:43.0557 0532
21:23:43.0557 0532 OS Version: 6.1.7600 ServicePack: 0.0
21:23:43.0557 0532 Product type: Workstation
21:23:43.0557 0532 ComputerName: ELLERY-PC
21:23:43.0557 0532 UserName: Ellery
21:23:43.0557 0532 Windows directory: C:\Windows
21:23:43.0557 0532 System windows directory: C:\Windows
21:23:43.0557 0532 Running under WOW64
21:23:43.0557 0532 Processor architecture: Intel x64
21:23:43.0557 0532 Number of processors: 2
21:23:43.0557 0532 Page size: 0x1000
21:23:43.0557 0532 Boot type: Normal boot
21:23:43.0557 0532 ============================================================
21:23:44.0040 0532 Initialize success
21:24:03.0556 2104 ============================================================
21:24:03.0556 2104 Scan started
21:24:03.0556 2104 Mode: Manual;
21:24:03.0556 2104 ============================================================
21:24:04.0258 2104 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
21:24:04.0258 2104 1394ohci - ok
21:24:04.0367 2104 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
21:24:04.0367 2104 ACPI - ok
21:24:04.0461 2104 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
21:24:04.0461 2104 AcpiPmi - ok
21:24:04.0586 2104 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:24:04.0601 2104 adp94xx - ok
21:24:04.0726 2104 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:24:04.0726 2104 adpahci - ok
21:24:04.0851 2104 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:24:04.0851 2104 adpu320 - ok
21:24:04.0976 2104 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
21:24:05.0007 2104 AFD - ok
21:24:05.0132 2104 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
21:24:05.0132 2104 agp440 - ok
21:24:05.0256 2104 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
21:24:05.0256 2104 aliide - ok
21:24:05.0366 2104 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
21:24:05.0366 2104 amdide - ok
21:24:05.0475 2104 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:24:05.0475 2104 AmdK8 - ok
21:24:05.0553 2104 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:24:05.0553 2104 AmdPPM - ok
21:24:05.0678 2104 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
21:24:05.0678 2104 amdsata - ok
21:24:05.0787 2104 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:24:05.0787 2104 amdsbs - ok
21:24:05.0896 2104 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
21:24:05.0896 2104 amdxata - ok
21:24:05.0990 2104 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
21:24:05.0990 2104 AppID - ok
21:24:06.0130 2104 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:24:06.0130 2104 arc - ok
21:24:06.0239 2104 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:24:06.0239 2104 arcsas - ok
21:24:06.0348 2104 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:24:06.0348 2104 AsyncMac - ok
21:24:06.0473 2104 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
21:24:06.0473 2104 atapi - ok
21:24:06.0598 2104 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:24:06.0614 2104 b06bdrv - ok
21:24:06.0738 2104 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:24:06.0754 2104 b57nd60a - ok
21:24:06.0863 2104 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys
21:24:06.0863 2104 BCM42RLY - ok
21:24:07.0035 2104 BCM43XX (37394d3553e220fb732c21e217e1bd8b) C:\Windows\system32\DRIVERS\bcmwl664.sys
21:24:07.0050 2104 BCM43XX - ok
21:24:07.0175 2104 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:24:07.0175 2104 Beep - ok
21:24:07.0206 2104 Scan interrupted by user!
21:24:07.0206 2104 Scan interrupted by user!
21:24:07.0206 2104 Scan interrupted by user!
21:24:07.0206 2104 ============================================================
21:24:07.0206 2104 Scan finished
21:24:07.0206 2104 ============================================================
21:24:07.0222 2448 Detected object count: 0
21:24:07.0222 2448 Actual detected object count: 0
21:24:44.0927 3364 ============================================================
21:24:44.0927 3364 Scan started
21:24:44.0927 3364 Mode: Manual; SigCheck; TDLFS;
21:24:44.0927 3364 ============================================================
21:24:45.0224 3364 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
21:24:45.0333 3364 1394ohci - ok
21:24:45.0427 3364 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
21:24:45.0458 3364 ACPI - ok
21:24:45.0505 3364 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
21:24:45.0598 3364 AcpiPmi - ok
21:24:45.0661 3364 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:24:45.0692 3364 adp94xx - ok
21:24:45.0723 3364 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:24:45.0739 3364 adpahci - ok
21:24:45.0785 3364 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:24:45.0801 3364 adpu320 - ok
21:24:45.0879 3364 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
21:24:45.0941 3364 AFD - ok
21:24:45.0973 3364 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
21:24:45.0988 3364 agp440 - ok
21:24:46.0004 3364 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
21:24:46.0019 3364 aliide - ok
21:24:46.0019 3364 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
21:24:46.0035 3364 amdide - ok
21:24:46.0082 3364 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:24:46.0113 3364 AmdK8 - ok
21:24:46.0144 3364 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:24:46.0191 3364 AmdPPM - ok
21:24:46.0207 3364 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
21:24:46.0222 3364 amdsata - ok
21:24:46.0269 3364 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:24:46.0285 3364 amdsbs - ok
21:24:46.0316 3364 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
21:24:46.0331 3364 amdxata - ok
21:24:46.0347 3364 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
21:24:46.0456 3364 AppID - ok
21:24:46.0487 3364 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:24:46.0503 3364 arc - ok
21:24:46.0519 3364 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:24:46.0534 3364 arcsas - ok
21:24:46.0550 3364 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:24:46.0706 3364 AsyncMac - ok
21:24:46.0737 3364 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
21:24:46.0753 3364 atapi - ok
21:24:46.0784 3364 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:24:46.0877 3364 b06bdrv - ok
21:24:46.0893 3364 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:24:46.0940 3364 b57nd60a - ok
21:24:46.0987 3364 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys
21:24:47.0018 3364 BCM42RLY - ok
21:24:47.0111 3364 BCM43XX (37394d3553e220fb732c21e217e1bd8b) C:\Windows\system32\DRIVERS\bcmwl664.sys
21:24:47.0158 3364 BCM43XX - ok
21:24:47.0205 3364 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:24:47.0252 3364 Beep - ok
21:24:47.0299 3364 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:24:47.0314 3364 blbdrive - ok
21:24:47.0377 3364 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
21:24:47.0423 3364 bowser - ok
21:24:47.0455 3364 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:24:47.0486 3364 BrFiltLo - ok
21:24:47.0501 3364 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:24:47.0517 3364 BrFiltUp - ok
21:24:47.0548 3364 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:24:47.0595 3364 Brserid - ok
21:24:47.0657 3364 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:24:47.0720 3364 BrSerWdm - ok
21:24:47.0845 3364 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:24:47.0907 3364 BrUsbMdm - ok
21:24:47.0954 3364 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:24:47.0985 3364 BrUsbSer - ok
21:24:48.0032 3364 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:24:48.0063 3364 BTHMODEM - ok
21:24:48.0203 3364 catchme - ok
21:24:48.0313 3364 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:24:48.0375 3364 cdfs - ok
21:24:48.0422 3364 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
21:24:48.0437 3364 cdrom - ok
21:24:48.0500 3364 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:24:48.0531 3364 circlass - ok
21:24:48.0578 3364 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:24:48.0593 3364 CLFS - ok
21:24:48.0687 3364 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:24:48.0718 3364 CmBatt - ok
21:24:48.0734 3364 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
21:24:48.0749 3364 cmdide - ok
21:24:48.0781 3364 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
21:24:48.0859 3364 CNG - ok
21:24:48.0968 3364 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:24:48.0983 3364 Compbatt - ok
21:24:49.0015 3364 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:24:49.0046 3364 CompositeBus - ok
21:24:49.0108 3364 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:24:49.0108 3364 crcdisk - ok
21:24:49.0171 3364 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
21:24:49.0217 3364 CtClsFlt - ok
21:24:49.0327 3364 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
21:24:49.0358 3364 DfsC - ok
21:24:49.0420 3364 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:24:49.0483 3364 discache - ok
21:24:49.0545 3364 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:24:49.0561 3364 Disk - ok
21:24:49.0639 3364 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:24:49.0685 3364 drmkaud - ok
21:24:49.0732 3364 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
21:24:49.0763 3364 DXGKrnl - ok
21:24:49.0857 3364 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:24:49.0982 3364 ebdrv - ok
21:24:50.0122 3364 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:24:50.0153 3364 elxstor - ok
21:24:50.0200 3364 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
21:24:50.0263 3364 ErrDev - ok
21:24:50.0372 3364 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:24:50.0450 3364 exfat - ok
21:24:50.0465 3364 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:24:50.0528 3364 fastfat - ok
21:24:50.0559 3364 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:24:50.0590 3364 fdc - ok
21:24:50.0621 3364 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:24:50.0621 3364 FileInfo - ok
21:24:50.0653 3364 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:24:50.0731 3364 Filetrace - ok
21:24:50.0762 3364 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:24:50.0809 3364 flpydisk - ok
21:24:50.0840 3364 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
21:24:50.0855 3364 FltMgr - ok
21:24:50.0887 3364 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:24:50.0902 3364 FsDepends - ok
21:24:50.0918 3364 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:24:50.0918 3364 Fs_Rec - ok
21:24:50.0980 3364 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:24:50.0996 3364 fvevol - ok
21:24:51.0027 3364 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:24:51.0043 3364 gagp30kx - ok
21:24:51.0105 3364 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:24:51.0121 3364 GEARAspiWDM - ok
21:24:51.0167 3364 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:24:51.0245 3364 hcw85cir - ok
21:24:51.0292 3364 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:24:51.0339 3364 HDAudBus - ok
21:24:51.0370 3364 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:24:51.0401 3364 HidBatt - ok
21:24:51.0417 3364 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:24:51.0464 3364 HidBth - ok
21:24:51.0479 3364 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:24:51.0526 3364 HidIr - ok
21:24:51.0542 3364 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
21:24:51.0557 3364 HidUsb - ok
21:24:51.0604 3364 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
21:24:51.0620 3364 HpSAMD - ok
21:24:51.0667 3364 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
21:24:51.0729 3364 HTTP - ok
21:24:51.0745 3364 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
21:24:51.0760 3364 hwpolicy - ok
21:24:51.0807 3364 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
21:24:51.0838 3364 i8042prt - ok
21:24:51.0869 3364 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
21:24:51.0885 3364 iaStor - ok
21:24:51.0963 3364 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
21:24:51.0994 3364 iaStorV - ok
21:24:52.0197 3364 igfx (babd5f9b2bcc82ce556a0baf1ae208a7) C:\Windows\system32\DRIVERS\igdkmd64.sys
21:24:52.0447 3364 igfx - ok
21:24:52.0556 3364 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:24:52.0571 3364 iirsp - ok
21:24:52.0618 3364 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
21:24:52.0634 3364 intelide - ok
21:24:52.0681 3364 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:24:52.0712 3364 intelppm - ok
21:24:52.0759 3364 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:24:52.0805 3364 IpFilterDriver - ok
21:24:52.0821 3364 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
21:24:52.0852 3364 IPMIDRV - ok
21:24:52.0883 3364 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:24:52.0930 3364 IPNAT - ok
21:24:52.0961 3364 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:24:53.0039 3364 IRENUM - ok
21:24:53.0055 3364 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
21:24:53.0071 3364 isapnp - ok
21:24:53.0102 3364 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
21:24:53.0102 3364 iScsiPrt - ok
21:24:53.0164 3364 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:24:53.0180 3364 kbdclass - ok
21:24:53.0227 3364 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
21:24:53.0258 3364 kbdhid - ok
21:24:53.0273 3364 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
21:24:53.0289 3364 KSecDD - ok
21:24:53.0320 3364 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
21:24:53.0336 3364 KSecPkg - ok
21:24:53.0367 3364 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:24:53.0414 3364 ksthunk - ok
21:24:53.0461 3364 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:24:53.0507 3364 lltdio - ok
21:24:53.0539 3364 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:24:53.0554 3364 LSI_FC - ok
21:24:53.0585 3364 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:24:53.0601 3364 LSI_SAS - ok
21:24:53.0632 3364 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:24:53.0632 3364 LSI_SAS2 - ok
21:24:53.0663 3364 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:24:53.0679 3364 LSI_SCSI - ok
21:24:53.0710 3364 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:24:53.0773 3364 luafv - ok
21:24:53.0804 3364 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:24:53.0819 3364 megasas - ok
21:24:53.0851 3364 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:24:53.0866 3364 MegaSR - ok
21:24:53.0897 3364 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:24:53.0944 3364 Modem - ok
21:24:53.0975 3364 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:24:54.0007 3364 monitor - ok
21:24:54.0038 3364 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:24:54.0053 3364 mouclass - ok
21:24:54.0069 3364 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:24:54.0085 3364 mouhid - ok
21:24:54.0100 3364 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
21:24:54.0116 3364 mountmgr - ok
21:24:54.0131 3364 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
21:24:54.0147 3364 mpio - ok
21:24:54.0178 3364 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:24:54.0225 3364 mpsdrv - ok
21:24:54.0256 3364 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
21:24:54.0287 3364 MRxDAV - ok
21:24:54.0334 3364 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:24:54.0381 3364 mrxsmb - ok
21:24:54.0428 3364 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:24:54.0459 3364 mrxsmb10 - ok
21:24:54.0475 3364 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:24:54.0490 3364 mrxsmb20 - ok
21:24:54.0521 3364 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
21:24:54.0537 3364 msahci - ok
21:24:54.0553 3364 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
21:24:54.0568 3364 msdsm - ok
21:24:54.0599 3364 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:24:54.0646 3364 Msfs - ok
21:24:54.0662 3364 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:24:54.0740 3364 mshidkmdf - ok
21:24:54.0755 3364 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
21:24:54.0771 3364 msisadrv - ok
21:24:54.0802 3364 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:24:54.0849 3364 MSKSSRV - ok
21:24:54.0880 3364 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:24:54.0943 3364 MSPCLOCK - ok
21:24:54.0958 3364 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:24:55.0005 3364 MSPQM - ok
21:24:55.0021 3364 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
21:24:55.0036 3364 MsRPC - ok
21:24:55.0067 3364 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
21:24:55.0083 3364 mssmbios - ok
21:24:55.0099 3364 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:24:55.0145 3364 MSTEE - ok
21:24:55.0161 3364 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:24:55.0177 3364 MTConfig - ok
21:24:55.0223 3364 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:24:55.0239 3364 Mup - ok
21:24:55.0301 3364 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:24:55.0348 3364 NativeWifiP - ok
21:24:55.0411 3364 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
21:24:55.0457 3364 NDIS - ok
21:24:55.0473 3364 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:24:55.0520 3364 NdisCap - ok
21:24:55.0551 3364 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:24:55.0598 3364 NdisTapi - ok
21:24:55.0629 3364 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
21:24:55.0691 3364 Ndisuio - ok
21:24:55.0707 3364 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:24:55.0769 3364 NdisWan - ok
21:24:55.0801 3364 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
21:24:55.0847 3364 NDProxy - ok
21:24:55.0879 3364 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:24:55.0910 3364 NetBIOS - ok
21:24:55.0925 3364 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
21:24:56.0003 3364 NetBT - ok
21:24:56.0050 3364 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:24:56.0066 3364 nfrd960 - ok
21:24:56.0097 3364 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:24:56.0144 3364 Npfs - ok
21:24:56.0159 3364 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:24:56.0206 3364 nsiproxy - ok
21:24:56.0284 3364 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
21:24:56.0362 3364 Ntfs - ok
21:24:56.0487 3364 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:24:56.0549 3364 Null - ok
21:24:56.0612 3364 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
21:24:56.0643 3364 nvraid - ok
21:24:56.0674 3364 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
21:24:56.0705 3364 nvstor - ok
21:24:56.0752 3364 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
21:24:56.0768 3364 nv_agp - ok
21:24:56.0783 3364 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
21:24:56.0815 3364 ohci1394 - ok
21:24:56.0939 3364 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:24:56.0955 3364 Parport - ok
21:24:56.0986 3364 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
21:24:57.0002 3364 partmgr - ok
21:24:57.0017 3364 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
21:24:57.0033 3364 pci - ok
21:24:57.0064 3364 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
21:24:57.0064 3364 pciide - ok
21:24:57.0080 3364 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:24:57.0095 3364 pcmcia - ok
21:24:57.0127 3364 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:24:57.0127 3364 pcw - ok
21:24:57.0158 3364 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:24:57.0220 3364 PEAUTH - ok
21:24:57.0283 3364 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
21:24:57.0361 3364 PptpMiniport - ok
21:24:57.0376 3364 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:24:57.0407 3364 Processor - ok
21:24:57.0454 3364 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
21:24:57.0517 3364 Psched - ok
21:24:57.0563 3364 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
21:24:57.0579 3364 PxHlpa64 - ok
21:24:57.0641 3364 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:24:57.0719 3364 ql2300 - ok
21:24:57.0735 3364 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:24:57.0751 3364 ql40xx - ok
21:24:57.0782 3364 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:24:57.0813 3364 QWAVEdrv - ok
21:24:57.0829 3364 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:24:57.0875 3364 RasAcd - ok
21:24:57.0907 3364 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:24:57.0985 3364 RasAgileVpn - ok
21:24:58.0031 3364 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:24:58.0094 3364 Rasl2tp - ok
21:24:58.0125 3364 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:24:58.0203 3364 RasPppoe - ok
21:24:58.0219 3364 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:24:58.0281 3364 RasSstp - ok
21:24:58.0312 3364 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
21:24:58.0359 3364 rdbss - ok
21:24:58.0390 3364 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:24:58.0421 3364 rdpbus - ok
21:24:58.0437 3364 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:24:58.0515 3364 RDPCDD - ok
21:24:58.0546 3364 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:24:58.0609 3364 RDPENCDD - ok
21:24:58.0640 3364 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:24:58.0671 3364 RDPREFMP - ok
21:24:58.0702 3364 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
21:24:58.0749 3364 RDPWD - ok
21:24:58.0780 3364 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
21:24:58.0811 3364 rdyboost - ok
21:24:58.0874 3364 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:24:58.0936 3364 rspndr - ok
21:24:58.0967 3364 RSUSBSTOR (4a25dc970c58104602ed274dacafd784) C:\Windows\system32\Drivers\RtsUStor.sys
21:24:59.0014 3364 RSUSBSTOR - ok
21:24:59.0061 3364 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
21:24:59.0077 3364 sbp2port - ok
21:24:59.0108 3364 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
21:24:59.0155 3364 scfilter - ok
21:24:59.0201 3364 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:24:59.0279 3364 secdrv - ok
21:24:59.0311 3364 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:24:59.0342 3364 Serenum - ok
21:24:59.0373 3364 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:24:59.0389 3364 Serial - ok
21:24:59.0404 3364 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:24:59.0435 3364 sermouse - ok
21:24:59.0467 3364 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
21:24:59.0498 3364 sffdisk - ok
21:24:59.0513 3364 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
21:24:59.0545 3364 sffp_mmc - ok
21:24:59.0576 3364 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:24:59.0591 3364 sffp_sd - ok
21:24:59.0623 3364 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:24:59.0638 3364 sfloppy - ok
21:24:59.0685 3364 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:24:59.0701 3364 SiSRaid2 - ok
21:24:59.0716 3364 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:24:59.0732 3364 SiSRaid4 - ok
21:24:59.0763 3364 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:24:59.0810 3364 Smb - ok
21:24:59.0841 3364 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:24:59.0857 3364 spldr - ok
21:24:59.0903 3364 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
21:24:59.0981 3364 srv - ok
21:25:00.0028 3364 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
21:25:00.0075 3364 srv2 - ok
21:25:00.0106 3364 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
21:25:00.0153 3364 srvnet - ok
21:25:00.0215 3364 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:25:00.0231 3364 stexstor - ok
21:25:00.0293 3364 STHDA (02e784fa49032f84964db90a3ed81890) C:\Windows\system32\DRIVERS\stwrt64.sys
21:25:00.0371 3364 STHDA - ok
21:25:00.0403 3364 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
21:25:00.0418 3364 swenum - ok
21:25:00.0465 3364 SynTP (3178b56219e0e4fb5f95299e49b83b44) C:\Windows\system32\DRIVERS\SynTP.sys
21:25:00.0496 3364 SynTP - ok
21:25:00.0590 3364 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
21:25:00.0637 3364 Tcpip - ok
21:25:00.0683 3364 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
21:25:00.0730 3364 TCPIP6 - ok
21:25:00.0777 3364 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
21:25:00.0824 3364 tcpipreg - ok
21:25:00.0855 3364 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:25:00.0902 3364 TDPIPE - ok
21:25:00.0917 3364 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:25:00.0964 3364 TDTCP - ok
21:25:00.0995 3364 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
21:25:01.0042 3364 tdx - ok
21:25:01.0058 3364 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
21:25:01.0073 3364 TermDD - ok
21:25:01.0120 3364 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:25:01.0167 3364 tssecsrv - ok
21:25:01.0198 3364 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
21:25:01.0276 3364 tunnel - ok
21:25:01.0292 3364 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:25:01.0307 3364 uagp35 - ok
21:25:01.0323 3364 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
21:25:01.0385 3364 udfs - ok
21:25:01.0417 3364 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
21:25:01.0417 3364 uliagpkx - ok
21:25:01.0463 3364 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
21:25:01.0495 3364 umbus - ok
21:25:01.0526 3364 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:25:01.0557 3364 UmPass - ok
21:25:01.0604 3364 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
21:25:01.0635 3364 USBAAPL64 - ok
21:25:01.0666 3364 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
21:25:01.0713 3364 usbccgp - ok
21:25:01.0744 3364 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
21:25:01.0791 3364 usbcir - ok
21:25:01.0822 3364 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
21:25:01.0853 3364 usbehci - ok
21:25:01.0900 3364 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
21:25:01.0947 3364 usbhub - ok
21:25:01.0978 3364 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
21:25:02.0009 3364 usbohci - ok
21:25:02.0041 3364 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:25:02.0072 3364 usbprint - ok
21:25:02.0103 3364 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:25:02.0165 3364 USBSTOR - ok
21:25:02.0197 3364 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:25:02.0228 3364 usbuhci - ok
21:25:02.0275 3364 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
21:25:02.0321 3364 usbvideo - ok
21:25:02.0384 3364 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
21:25:02.0415 3364 vdrvroot - ok
21:25:02.0446 3364 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:25:02.0462 3364 vga - ok
21:25:02.0493 3364 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:25:02.0540 3364 VgaSave - ok
21:25:02.0571 3364 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
21:25:02.0602 3364 vhdmp - ok
21:25:02.0618 3364 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
21:25:02.0633 3364 viaide - ok
21:25:02.0665 3364 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
21:25:02.0680 3364 volmgr - ok
21:25:02.0711 3364 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
21:25:02.0727 3364 volmgrx - ok
21:25:02.0743 3364 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
21:25:02.0758 3364 volsnap - ok
21:25:02.0805 3364 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:25:02.0821 3364 vsmraid - ok
21:25:02.0836 3364 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:25:02.0867 3364 vwifibus - ok
21:25:02.0899 3364 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:25:02.0930 3364 vwififlt - ok
21:25:02.0977 3364 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
21:25:02.0992 3364 vwifimp - ok
21:25:03.0023 3364 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:25:03.0039 3364 WacomPen - ok
21:25:03.0070 3364 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:25:03.0133 3364 WANARP - ok
21:25:03.0148 3364 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:25:03.0179 3364 Wanarpv6 - ok
21:25:03.0242 3364 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:25:03.0242 3364 Wd - ok
21:25:03.0289 3364 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:25:03.0320 3364 Wdf01000 - ok
21:25:03.0367 3364 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:25:03.0413 3364 WfpLwf - ok
21:25:03.0460 3364 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
21:25:03.0476 3364 WimFltr - ok
21:25:03.0491 3364 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:25:03.0507 3364 WIMMount - ok
21:25:03.0585 3364 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
21:25:03.0632 3364 WinUsb - ok
21:25:03.0694 3364 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:25:03.0741 3364 WmiAcpi - ok
21:25:03.0803 3364 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:25:03.0835 3364 ws2ifsl - ok
21:25:03.0881 3364 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
21:25:03.0959 3364 WudfPf - ok
21:25:03.0991 3364 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:25:04.0037 3364 WUDFRd - ok
21:25:04.0115 3364 yukonw7 (79d9ce9614c955dd31aa2556b4014662) C:\Windows\system32\DRIVERS\yk62x64.sys
21:25:04.0162 3364 yukonw7 - ok
21:25:04.0209 3364 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
21:25:04.0318 3364 \Device\Harddisk0\DR0 - ok
21:25:04.0318 3364 Boot (0x1200) (7d7e913d179f799e6349caecf13a8b2e) \Device\Harddisk0\DR0\Partition0
21:25:04.0318 3364 \Device\Harddisk0\DR0\Partition0 - ok
21:25:04.0349 3364 Boot (0x1200) (49cc63fe7514fd0787d61ea594a98558) \Device\Harddisk0\DR0\Partition1
21:25:04.0349 3364 \Device\Harddisk0\DR0\Partition1 - ok
21:25:04.0349 3364 ============================================================
21:25:04.0349 3364 Scan finished
21:25:04.0349 3364 ============================================================
21:25:04.0381 2664 Detected object count: 0
21:25:04.0381 2664 Actual detected object count: 0
21:25:32.0835 3160 Deinitialize success
and here's the MBAM log:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8186
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
11/17/2011 9:33:14 PM
mbam-log-2011-11-17 (21-33-14).txt
Scan type: Quick scan
Objects scanned: 183334
Time elapsed: 2 minute(s), 22 second(s)
Memory Processes Infected: 7
Memory Modules Infected: 0
Registry Keys Infected: 23
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 28
Memory Processes Infected:
c:\program files\Dell\DellDock\docklogin.exe (Virus.Expiro) -> 832 -> Unloaded process successfully.
c:\program files (x86)\common files\Apple\mobile device support\applemobiledeviceservice.exe (Virus.Expiro) -> 1592 -> Unloaded process successfully.
c:\program files (x86)\Bonjour\mdnsresponder.exe (Virus.Expiro) -> 1664 -> Unloaded process successfully.
c:\program files (x86)\common files\microsoft shared\source engine\OSE.EXE (Virus.Expiro) -> 1104 -> Unloaded process successfully.
c:\program files (x86)\microsoft\search enhancement pack\SeaPort\SeaPort.exe (Virus.Expiro) -> 1056 -> Unloaded process successfully.
c:\program files (x86)\microsoft office\Office\OSA.EXE (Virus.Expiro) -> 2860 -> Unloaded process successfully.
c:\program files (x86)\mozilla firefox\firefox.exe (Virus.Expiro) -> 2976 -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DockLoginService (Virus.Expiro) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Apple Mobile Device (Virus.Expiro) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bonjour Service (Virus.Expiro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{F2CEAF26-7FC8-4CA9-822D-0B6AAD6C1991} (Virus.Expiro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{D7B8A861-86AF-4854-8D92-087C78D0B609} (Virus.Expiro) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SeaPort (Virus.Expiro) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\clr_optimization_v4.0.30319_32 (Virus.Expiro) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\odserv (Virus.Expiro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{6C39E6C6-BF68-49AD-8F24-E1E84C6D8F06} (Virus.Expiro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2E1B2278-D7D9-4C62-8540-359360B5E476} (Virus.Expiro) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GameConsoleService (Virus.Expiro) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GoToAssist (Virus.Expiro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{5924C60B-6D7F-4AD6-8084-24A59431C967} (Virus.Expiro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5C8CE0B5-6DA0-49A1-B675-78FD03EA3224} (Virus.Expiro) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gusvc (Virus.Expiro) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IAANTMON (Virus.Expiro) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Microsoft Office Groove Audit Service (Virus.Expiro) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msiserver (Virus.Expiro) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB931906 (Virus.Expiro) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WSearch (Virus.Expiro) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FE4C2C37-EDC8-4C00-B864-3C38CF3BA834} (Adware.Adshot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEINSTAL.EXE (Virus.Expiro) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\SolutionAV (Rogue.AntivirSolutionPro) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE\OSA.EXE (Virus.Expiro) -> Value: OSA.EXE -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Aim (Virus.Expiro) -> Value: Aim -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\program files\Dell\DellDock\docklogin.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\Apple\mobile device support\applemobiledeviceservice.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\program files (x86)\Bonjour\mdnsresponder.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\microsoft shared\source engine\OSE.EXE (Virus.Expiro) -> Quarantined and deleted successfully.
c:\program files (x86)\microsoft\search enhancement pack\SeaPort\SeaPort.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\program files (x86)\microsoft office\Office\OSA.EXE (Virus.Expiro) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\firefox.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\program files (x86)\AIM\aim.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\Windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\Windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\microsoft shared\OFFICE12\ODSERV.EXE (Virus.Expiro) -> Quarantined and deleted successfully.
c:\program files (x86)\wildtangent\dell games\dell game console\gameconsoleservice.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\program files (x86)\Citrix\gotoassist\514\g2aservice.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\program files (x86)\Google\Common\google updater\googleupdaterservice.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\program files (x86)\Intel\intel matrix storage manager\IAANTmon.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\program files (x86)\microsoft office\Office12\grooveauditservice.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\Windows\System32\msiexec.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\Windows\System32\searchindexer.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\microsoft shared\MSInfo\msinfo32.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\program files (x86)\internet explorer\extexport.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\program files (x86)\internet explorer\ieinstal.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\program files (x86)\internet explorer\ielowutil.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\Windows\System32\srrstr.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\msiexec.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\searchindexer.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\srrstr.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Ellery\downloads\Setup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Users\Ellery\downloads\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
All processes killed
========== OTL ==========
Prefs.js: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0 removed from extensions.enabledItems
Prefs.js: {99079a25-328f-4bd4-be04-00955acaa0a7}:4.4.1.00 removed from extensions.enabledItems
File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{02C2357F-6111-4C54-9AAC-B4FA3F1191E9}: C:\Users\Ellery\AppData\Local\{02C2357F-6111-4C54-9AAC-B4FA3F1191E9} not found.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\searchbar folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\options folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\css folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\css folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.PPCBully folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\modules folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data\search folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}\components folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}\chrome\content folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}\chrome folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385} folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\searchplugins\SearchResults.xml moved successfully.
C:\PROGRAM FILES (X86)\SEARCHCORE FOR BROWSERS\SEARCHCORE FOR BROWSERS\FIREFOXEXTENSION\content folder moved successfully.
C:\PROGRAM FILES (X86)\SEARCHCORE FOR BROWSERS\SEARCHCORE FOR BROWSERS\FIREFOXEXTENSION\components folder moved successfully.
C:\PROGRAM FILES (X86)\SEARCHCORE FOR BROWSERS\SEARCHCORE FOR BROWSERS\FIREFOXEXTENSION folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchResults.xml moved successfully.
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\isovfe.exe moved successfully.
File C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\isovfe.exe not found.
C:\Users\Ellery\AppData\Local\wsr20zt32.dll moved successfully.
C:\Users\Ellery\AppData\Local\dfl20z32.dll moved successfully.
C:\ProgramData\~6DSS92c31Apgjkr moved successfully.
C:\ProgramData\6DSS92c31Apgjk moved successfully.
C:\Users\Ellery\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk moved successfully.
C:\Users\Ellery\Desktop\System Restore.lnk moved successfully.
C:\Users\Ellery\AppData\Local\2942080039 moved successfully.
C:\ProgramData\2942080039 moved successfully.
C:\Users\Ellery\AppData\Local\Chilifalutiholu.bin moved successfully.
C:\Users\Ellery\AppData\Local\Qyujuwaru.dat moved successfully.
C:\Users\Ellery\AppData\Roaming\Imcuiqo folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Myo folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Ellery\Desktop\cmd.bat deleted successfully.
C:\Users\Ellery\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Ellery
->Temp folder emptied: 7415 bytes
->Temporary Internet Files folder emptied: 432130583 bytes
->Java cache emptied: 28863 bytes
->FireFox cache emptied: 55469102 bytes
->Flash cache emptied: 168994 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 743352 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 25158 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 66407 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 466.00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default
User: Default User
User: Ellery
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.31.0 log created on 11162011_212519
Files\Folders moved on Reboot...
C:\Users\Ellery\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
And now here's Killer log:
21:23:42.0792 0532 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
21:23:43.0557 0532 ============================================================
21:23:43.0557 0532 Current date / time: 2011/11/17 21:23:43.0557
21:23:43.0557 0532 SystemInfo:
21:23:43.0557 0532
21:23:43.0557 0532 OS Version: 6.1.7600 ServicePack: 0.0
21:23:43.0557 0532 Product type: Workstation
21:23:43.0557 0532 ComputerName: ELLERY-PC
21:23:43.0557 0532 UserName: Ellery
21:23:43.0557 0532 Windows directory: C:\Windows
21:23:43.0557 0532 System windows directory: C:\Windows
21:23:43.0557 0532 Running under WOW64
21:23:43.0557 0532 Processor architecture: Intel x64
21:23:43.0557 0532 Number of processors: 2
21:23:43.0557 0532 Page size: 0x1000
21:23:43.0557 0532 Boot type: Normal boot
21:23:43.0557 0532 ============================================================
21:23:44.0040 0532 Initialize success
21:24:03.0556 2104 ============================================================
21:24:03.0556 2104 Scan started
21:24:03.0556 2104 Mode: Manual;
21:24:03.0556 2104 ============================================================
21:24:04.0258 2104 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
21:24:04.0258 2104 1394ohci - ok
21:24:04.0367 2104 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
21:24:04.0367 2104 ACPI - ok
21:24:04.0461 2104 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
21:24:04.0461 2104 AcpiPmi - ok
21:24:04.0586 2104 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:24:04.0601 2104 adp94xx - ok
21:24:04.0726 2104 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:24:04.0726 2104 adpahci - ok
21:24:04.0851 2104 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:24:04.0851 2104 adpu320 - ok
21:24:04.0976 2104 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
21:24:05.0007 2104 AFD - ok
21:24:05.0132 2104 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
21:24:05.0132 2104 agp440 - ok
21:24:05.0256 2104 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
21:24:05.0256 2104 aliide - ok
21:24:05.0366 2104 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
21:24:05.0366 2104 amdide - ok
21:24:05.0475 2104 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:24:05.0475 2104 AmdK8 - ok
21:24:05.0553 2104 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:24:05.0553 2104 AmdPPM - ok
21:24:05.0678 2104 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
21:24:05.0678 2104 amdsata - ok
21:24:05.0787 2104 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:24:05.0787 2104 amdsbs - ok
21:24:05.0896 2104 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
21:24:05.0896 2104 amdxata - ok
21:24:05.0990 2104 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
21:24:05.0990 2104 AppID - ok
21:24:06.0130 2104 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:24:06.0130 2104 arc - ok
21:24:06.0239 2104 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:24:06.0239 2104 arcsas - ok
21:24:06.0348 2104 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:24:06.0348 2104 AsyncMac - ok
21:24:06.0473 2104 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
21:24:06.0473 2104 atapi - ok
21:24:06.0598 2104 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:24:06.0614 2104 b06bdrv - ok
21:24:06.0738 2104 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:24:06.0754 2104 b57nd60a - ok
21:24:06.0863 2104 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys
21:24:06.0863 2104 BCM42RLY - ok
21:24:07.0035 2104 BCM43XX (37394d3553e220fb732c21e217e1bd8b) C:\Windows\system32\DRIVERS\bcmwl664.sys
21:24:07.0050 2104 BCM43XX - ok
21:24:07.0175 2104 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:24:07.0175 2104 Beep - ok
21:24:07.0206 2104 Scan interrupted by user!
21:24:07.0206 2104 Scan interrupted by user!
21:24:07.0206 2104 Scan interrupted by user!
21:24:07.0206 2104 ============================================================
21:24:07.0206 2104 Scan finished
21:24:07.0206 2104 ============================================================
21:24:07.0222 2448 Detected object count: 0
21:24:07.0222 2448 Actual detected object count: 0
21:24:44.0927 3364 ============================================================
21:24:44.0927 3364 Scan started
21:24:44.0927 3364 Mode: Manual; SigCheck; TDLFS;
21:24:44.0927 3364 ============================================================
21:24:45.0224 3364 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
21:24:45.0333 3364 1394ohci - ok
21:24:45.0427 3364 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
21:24:45.0458 3364 ACPI - ok
21:24:45.0505 3364 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
21:24:45.0598 3364 AcpiPmi - ok
21:24:45.0661 3364 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:24:45.0692 3364 adp94xx - ok
21:24:45.0723 3364 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:24:45.0739 3364 adpahci - ok
21:24:45.0785 3364 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:24:45.0801 3364 adpu320 - ok
21:24:45.0879 3364 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
21:24:45.0941 3364 AFD - ok
21:24:45.0973 3364 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
21:24:45.0988 3364 agp440 - ok
21:24:46.0004 3364 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
21:24:46.0019 3364 aliide - ok
21:24:46.0019 3364 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
21:24:46.0035 3364 amdide - ok
21:24:46.0082 3364 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:24:46.0113 3364 AmdK8 - ok
21:24:46.0144 3364 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:24:46.0191 3364 AmdPPM - ok
21:24:46.0207 3364 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
21:24:46.0222 3364 amdsata - ok
21:24:46.0269 3364 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:24:46.0285 3364 amdsbs - ok
21:24:46.0316 3364 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
21:24:46.0331 3364 amdxata - ok
21:24:46.0347 3364 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
21:24:46.0456 3364 AppID - ok
21:24:46.0487 3364 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:24:46.0503 3364 arc - ok
21:24:46.0519 3364 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:24:46.0534 3364 arcsas - ok
21:24:46.0550 3364 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:24:46.0706 3364 AsyncMac - ok
21:24:46.0737 3364 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
21:24:46.0753 3364 atapi - ok
21:24:46.0784 3364 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:24:46.0877 3364 b06bdrv - ok
21:24:46.0893 3364 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:24:46.0940 3364 b57nd60a - ok
21:24:46.0987 3364 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys
21:24:47.0018 3364 BCM42RLY - ok
21:24:47.0111 3364 BCM43XX (37394d3553e220fb732c21e217e1bd8b) C:\Windows\system32\DRIVERS\bcmwl664.sys
21:24:47.0158 3364 BCM43XX - ok
21:24:47.0205 3364 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:24:47.0252 3364 Beep - ok
21:24:47.0299 3364 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:24:47.0314 3364 blbdrive - ok
21:24:47.0377 3364 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
21:24:47.0423 3364 bowser - ok
21:24:47.0455 3364 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:24:47.0486 3364 BrFiltLo - ok
21:24:47.0501 3364 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:24:47.0517 3364 BrFiltUp - ok
21:24:47.0548 3364 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:24:47.0595 3364 Brserid - ok
21:24:47.0657 3364 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:24:47.0720 3364 BrSerWdm - ok
21:24:47.0845 3364 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:24:47.0907 3364 BrUsbMdm - ok
21:24:47.0954 3364 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:24:47.0985 3364 BrUsbSer - ok
21:24:48.0032 3364 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:24:48.0063 3364 BTHMODEM - ok
21:24:48.0203 3364 catchme - ok
21:24:48.0313 3364 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:24:48.0375 3364 cdfs - ok
21:24:48.0422 3364 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
21:24:48.0437 3364 cdrom - ok
21:24:48.0500 3364 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:24:48.0531 3364 circlass - ok
21:24:48.0578 3364 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:24:48.0593 3364 CLFS - ok
21:24:48.0687 3364 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:24:48.0718 3364 CmBatt - ok
21:24:48.0734 3364 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
21:24:48.0749 3364 cmdide - ok
21:24:48.0781 3364 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
21:24:48.0859 3364 CNG - ok
21:24:48.0968 3364 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:24:48.0983 3364 Compbatt - ok
21:24:49.0015 3364 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:24:49.0046 3364 CompositeBus - ok
21:24:49.0108 3364 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:24:49.0108 3364 crcdisk - ok
21:24:49.0171 3364 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
21:24:49.0217 3364 CtClsFlt - ok
21:24:49.0327 3364 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
21:24:49.0358 3364 DfsC - ok
21:24:49.0420 3364 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:24:49.0483 3364 discache - ok
21:24:49.0545 3364 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:24:49.0561 3364 Disk - ok
21:24:49.0639 3364 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:24:49.0685 3364 drmkaud - ok
21:24:49.0732 3364 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
21:24:49.0763 3364 DXGKrnl - ok
21:24:49.0857 3364 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:24:49.0982 3364 ebdrv - ok
21:24:50.0122 3364 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:24:50.0153 3364 elxstor - ok
21:24:50.0200 3364 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
21:24:50.0263 3364 ErrDev - ok
21:24:50.0372 3364 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:24:50.0450 3364 exfat - ok
21:24:50.0465 3364 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:24:50.0528 3364 fastfat - ok
21:24:50.0559 3364 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:24:50.0590 3364 fdc - ok
21:24:50.0621 3364 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:24:50.0621 3364 FileInfo - ok
21:24:50.0653 3364 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:24:50.0731 3364 Filetrace - ok
21:24:50.0762 3364 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:24:50.0809 3364 flpydisk - ok
21:24:50.0840 3364 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
21:24:50.0855 3364 FltMgr - ok
21:24:50.0887 3364 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:24:50.0902 3364 FsDepends - ok
21:24:50.0918 3364 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:24:50.0918 3364 Fs_Rec - ok
21:24:50.0980 3364 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:24:50.0996 3364 fvevol - ok
21:24:51.0027 3364 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:24:51.0043 3364 gagp30kx - ok
21:24:51.0105 3364 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:24:51.0121 3364 GEARAspiWDM - ok
21:24:51.0167 3364 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:24:51.0245 3364 hcw85cir - ok
21:24:51.0292 3364 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:24:51.0339 3364 HDAudBus - ok
21:24:51.0370 3364 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:24:51.0401 3364 HidBatt - ok
21:24:51.0417 3364 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:24:51.0464 3364 HidBth - ok
21:24:51.0479 3364 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:24:51.0526 3364 HidIr - ok
21:24:51.0542 3364 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
21:24:51.0557 3364 HidUsb - ok
21:24:51.0604 3364 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
21:24:51.0620 3364 HpSAMD - ok
21:24:51.0667 3364 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
21:24:51.0729 3364 HTTP - ok
21:24:51.0745 3364 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
21:24:51.0760 3364 hwpolicy - ok
21:24:51.0807 3364 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
21:24:51.0838 3364 i8042prt - ok
21:24:51.0869 3364 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
21:24:51.0885 3364 iaStor - ok
21:24:51.0963 3364 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
21:24:51.0994 3364 iaStorV - ok
21:24:52.0197 3364 igfx (babd5f9b2bcc82ce556a0baf1ae208a7) C:\Windows\system32\DRIVERS\igdkmd64.sys
21:24:52.0447 3364 igfx - ok
21:24:52.0556 3364 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:24:52.0571 3364 iirsp - ok
21:24:52.0618 3364 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
21:24:52.0634 3364 intelide - ok
21:24:52.0681 3364 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:24:52.0712 3364 intelppm - ok
21:24:52.0759 3364 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:24:52.0805 3364 IpFilterDriver - ok
21:24:52.0821 3364 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
21:24:52.0852 3364 IPMIDRV - ok
21:24:52.0883 3364 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:24:52.0930 3364 IPNAT - ok
21:24:52.0961 3364 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:24:53.0039 3364 IRENUM - ok
21:24:53.0055 3364 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
21:24:53.0071 3364 isapnp - ok
21:24:53.0102 3364 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
21:24:53.0102 3364 iScsiPrt - ok
21:24:53.0164 3364 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:24:53.0180 3364 kbdclass - ok
21:24:53.0227 3364 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
21:24:53.0258 3364 kbdhid - ok
21:24:53.0273 3364 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
21:24:53.0289 3364 KSecDD - ok
21:24:53.0320 3364 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
21:24:53.0336 3364 KSecPkg - ok
21:24:53.0367 3364 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:24:53.0414 3364 ksthunk - ok
21:24:53.0461 3364 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:24:53.0507 3364 lltdio - ok
21:24:53.0539 3364 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:24:53.0554 3364 LSI_FC - ok
21:24:53.0585 3364 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:24:53.0601 3364 LSI_SAS - ok
21:24:53.0632 3364 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:24:53.0632 3364 LSI_SAS2 - ok
21:24:53.0663 3364 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:24:53.0679 3364 LSI_SCSI - ok
21:24:53.0710 3364 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:24:53.0773 3364 luafv - ok
21:24:53.0804 3364 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:24:53.0819 3364 megasas - ok
21:24:53.0851 3364 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:24:53.0866 3364 MegaSR - ok
21:24:53.0897 3364 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:24:53.0944 3364 Modem - ok
21:24:53.0975 3364 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:24:54.0007 3364 monitor - ok
21:24:54.0038 3364 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:24:54.0053 3364 mouclass - ok
21:24:54.0069 3364 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:24:54.0085 3364 mouhid - ok
21:24:54.0100 3364 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
21:24:54.0116 3364 mountmgr - ok
21:24:54.0131 3364 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
21:24:54.0147 3364 mpio - ok
21:24:54.0178 3364 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:24:54.0225 3364 mpsdrv - ok
21:24:54.0256 3364 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
21:24:54.0287 3364 MRxDAV - ok
21:24:54.0334 3364 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:24:54.0381 3364 mrxsmb - ok
21:24:54.0428 3364 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:24:54.0459 3364 mrxsmb10 - ok
21:24:54.0475 3364 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:24:54.0490 3364 mrxsmb20 - ok
21:24:54.0521 3364 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
21:24:54.0537 3364 msahci - ok
21:24:54.0553 3364 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
21:24:54.0568 3364 msdsm - ok
21:24:54.0599 3364 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:24:54.0646 3364 Msfs - ok
21:24:54.0662 3364 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:24:54.0740 3364 mshidkmdf - ok
21:24:54.0755 3364 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
21:24:54.0771 3364 msisadrv - ok
21:24:54.0802 3364 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:24:54.0849 3364 MSKSSRV - ok
21:24:54.0880 3364 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:24:54.0943 3364 MSPCLOCK - ok
21:24:54.0958 3364 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:24:55.0005 3364 MSPQM - ok
21:24:55.0021 3364 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
21:24:55.0036 3364 MsRPC - ok
21:24:55.0067 3364 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
21:24:55.0083 3364 mssmbios - ok
21:24:55.0099 3364 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:24:55.0145 3364 MSTEE - ok
21:24:55.0161 3364 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:24:55.0177 3364 MTConfig - ok
21:24:55.0223 3364 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:24:55.0239 3364 Mup - ok
21:24:55.0301 3364 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:24:55.0348 3364 NativeWifiP - ok
21:24:55.0411 3364 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
21:24:55.0457 3364 NDIS - ok
21:24:55.0473 3364 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:24:55.0520 3364 NdisCap - ok
21:24:55.0551 3364 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:24:55.0598 3364 NdisTapi - ok
21:24:55.0629 3364 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
21:24:55.0691 3364 Ndisuio - ok
21:24:55.0707 3364 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:24:55.0769 3364 NdisWan - ok
21:24:55.0801 3364 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
21:24:55.0847 3364 NDProxy - ok
21:24:55.0879 3364 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:24:55.0910 3364 NetBIOS - ok
21:24:55.0925 3364 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
21:24:56.0003 3364 NetBT - ok
21:24:56.0050 3364 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:24:56.0066 3364 nfrd960 - ok
21:24:56.0097 3364 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:24:56.0144 3364 Npfs - ok
21:24:56.0159 3364 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:24:56.0206 3364 nsiproxy - ok
21:24:56.0284 3364 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
21:24:56.0362 3364 Ntfs - ok
21:24:56.0487 3364 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:24:56.0549 3364 Null - ok
21:24:56.0612 3364 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
21:24:56.0643 3364 nvraid - ok
21:24:56.0674 3364 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
21:24:56.0705 3364 nvstor - ok
21:24:56.0752 3364 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
21:24:56.0768 3364 nv_agp - ok
21:24:56.0783 3364 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
21:24:56.0815 3364 ohci1394 - ok
21:24:56.0939 3364 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:24:56.0955 3364 Parport - ok
21:24:56.0986 3364 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
21:24:57.0002 3364 partmgr - ok
21:24:57.0017 3364 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
21:24:57.0033 3364 pci - ok
21:24:57.0064 3364 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
21:24:57.0064 3364 pciide - ok
21:24:57.0080 3364 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:24:57.0095 3364 pcmcia - ok
21:24:57.0127 3364 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:24:57.0127 3364 pcw - ok
21:24:57.0158 3364 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:24:57.0220 3364 PEAUTH - ok
21:24:57.0283 3364 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
21:24:57.0361 3364 PptpMiniport - ok
21:24:57.0376 3364 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:24:57.0407 3364 Processor - ok
21:24:57.0454 3364 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
21:24:57.0517 3364 Psched - ok
21:24:57.0563 3364 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
21:24:57.0579 3364 PxHlpa64 - ok
21:24:57.0641 3364 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:24:57.0719 3364 ql2300 - ok
21:24:57.0735 3364 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:24:57.0751 3364 ql40xx - ok
21:24:57.0782 3364 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:24:57.0813 3364 QWAVEdrv - ok
21:24:57.0829 3364 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:24:57.0875 3364 RasAcd - ok
21:24:57.0907 3364 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:24:57.0985 3364 RasAgileVpn - ok
21:24:58.0031 3364 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:24:58.0094 3364 Rasl2tp - ok
21:24:58.0125 3364 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:24:58.0203 3364 RasPppoe - ok
21:24:58.0219 3364 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:24:58.0281 3364 RasSstp - ok
21:24:58.0312 3364 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
21:24:58.0359 3364 rdbss - ok
21:24:58.0390 3364 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:24:58.0421 3364 rdpbus - ok
21:24:58.0437 3364 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:24:58.0515 3364 RDPCDD - ok
21:24:58.0546 3364 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:24:58.0609 3364 RDPENCDD - ok
21:24:58.0640 3364 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:24:58.0671 3364 RDPREFMP - ok
21:24:58.0702 3364 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
21:24:58.0749 3364 RDPWD - ok
21:24:58.0780 3364 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
21:24:58.0811 3364 rdyboost - ok
21:24:58.0874 3364 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:24:58.0936 3364 rspndr - ok
21:24:58.0967 3364 RSUSBSTOR (4a25dc970c58104602ed274dacafd784) C:\Windows\system32\Drivers\RtsUStor.sys
21:24:59.0014 3364 RSUSBSTOR - ok
21:24:59.0061 3364 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
21:24:59.0077 3364 sbp2port - ok
21:24:59.0108 3364 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
21:24:59.0155 3364 scfilter - ok
21:24:59.0201 3364 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:24:59.0279 3364 secdrv - ok
21:24:59.0311 3364 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:24:59.0342 3364 Serenum - ok
21:24:59.0373 3364 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:24:59.0389 3364 Serial - ok
21:24:59.0404 3364 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:24:59.0435 3364 sermouse - ok
21:24:59.0467 3364 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
21:24:59.0498 3364 sffdisk - ok
21:24:59.0513 3364 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
21:24:59.0545 3364 sffp_mmc - ok
21:24:59.0576 3364 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:24:59.0591 3364 sffp_sd - ok
21:24:59.0623 3364 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:24:59.0638 3364 sfloppy - ok
21:24:59.0685 3364 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:24:59.0701 3364 SiSRaid2 - ok
21:24:59.0716 3364 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:24:59.0732 3364 SiSRaid4 - ok
21:24:59.0763 3364 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:24:59.0810 3364 Smb - ok
21:24:59.0841 3364 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:24:59.0857 3364 spldr - ok
21:24:59.0903 3364 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
21:24:59.0981 3364 srv - ok
21:25:00.0028 3364 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
21:25:00.0075 3364 srv2 - ok
21:25:00.0106 3364 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
21:25:00.0153 3364 srvnet - ok
21:25:00.0215 3364 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:25:00.0231 3364 stexstor - ok
21:25:00.0293 3364 STHDA (02e784fa49032f84964db90a3ed81890) C:\Windows\system32\DRIVERS\stwrt64.sys
21:25:00.0371 3364 STHDA - ok
21:25:00.0403 3364 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
21:25:00.0418 3364 swenum - ok
21:25:00.0465 3364 SynTP (3178b56219e0e4fb5f95299e49b83b44) C:\Windows\system32\DRIVERS\SynTP.sys
21:25:00.0496 3364 SynTP - ok
21:25:00.0590 3364 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
21:25:00.0637 3364 Tcpip - ok
21:25:00.0683 3364 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
21:25:00.0730 3364 TCPIP6 - ok
21:25:00.0777 3364 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
21:25:00.0824 3364 tcpipreg - ok
21:25:00.0855 3364 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:25:00.0902 3364 TDPIPE - ok
21:25:00.0917 3364 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:25:00.0964 3364 TDTCP - ok
21:25:00.0995 3364 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
21:25:01.0042 3364 tdx - ok
21:25:01.0058 3364 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
21:25:01.0073 3364 TermDD - ok
21:25:01.0120 3364 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:25:01.0167 3364 tssecsrv - ok
21:25:01.0198 3364 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
21:25:01.0276 3364 tunnel - ok
21:25:01.0292 3364 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:25:01.0307 3364 uagp35 - ok
21:25:01.0323 3364 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
21:25:01.0385 3364 udfs - ok
21:25:01.0417 3364 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
21:25:01.0417 3364 uliagpkx - ok
21:25:01.0463 3364 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
21:25:01.0495 3364 umbus - ok
21:25:01.0526 3364 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:25:01.0557 3364 UmPass - ok
21:25:01.0604 3364 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
21:25:01.0635 3364 USBAAPL64 - ok
21:25:01.0666 3364 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
21:25:01.0713 3364 usbccgp - ok
21:25:01.0744 3364 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
21:25:01.0791 3364 usbcir - ok
21:25:01.0822 3364 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
21:25:01.0853 3364 usbehci - ok
21:25:01.0900 3364 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
21:25:01.0947 3364 usbhub - ok
21:25:01.0978 3364 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
21:25:02.0009 3364 usbohci - ok
21:25:02.0041 3364 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:25:02.0072 3364 usbprint - ok
21:25:02.0103 3364 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:25:02.0165 3364 USBSTOR - ok
21:25:02.0197 3364 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:25:02.0228 3364 usbuhci - ok
21:25:02.0275 3364 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
21:25:02.0321 3364 usbvideo - ok
21:25:02.0384 3364 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
21:25:02.0415 3364 vdrvroot - ok
21:25:02.0446 3364 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:25:02.0462 3364 vga - ok
21:25:02.0493 3364 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:25:02.0540 3364 VgaSave - ok
21:25:02.0571 3364 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
21:25:02.0602 3364 vhdmp - ok
21:25:02.0618 3364 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
21:25:02.0633 3364 viaide - ok
21:25:02.0665 3364 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
21:25:02.0680 3364 volmgr - ok
21:25:02.0711 3364 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
21:25:02.0727 3364 volmgrx - ok
21:25:02.0743 3364 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
21:25:02.0758 3364 volsnap - ok
21:25:02.0805 3364 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:25:02.0821 3364 vsmraid - ok
21:25:02.0836 3364 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:25:02.0867 3364 vwifibus - ok
21:25:02.0899 3364 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:25:02.0930 3364 vwififlt - ok
21:25:02.0977 3364 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
21:25:02.0992 3364 vwifimp - ok
21:25:03.0023 3364 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:25:03.0039 3364 WacomPen - ok
21:25:03.0070 3364 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:25:03.0133 3364 WANARP - ok
21:25:03.0148 3364 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:25:03.0179 3364 Wanarpv6 - ok
21:25:03.0242 3364 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:25:03.0242 3364 Wd - ok
21:25:03.0289 3364 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:25:03.0320 3364 Wdf01000 - ok
21:25:03.0367 3364 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:25:03.0413 3364 WfpLwf - ok
21:25:03.0460 3364 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
21:25:03.0476 3364 WimFltr - ok
21:25:03.0491 3364 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:25:03.0507 3364 WIMMount - ok
21:25:03.0585 3364 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
21:25:03.0632 3364 WinUsb - ok
21:25:03.0694 3364 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:25:03.0741 3364 WmiAcpi - ok
21:25:03.0803 3364 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:25:03.0835 3364 ws2ifsl - ok
21:25:03.0881 3364 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
21:25:03.0959 3364 WudfPf - ok
21:25:03.0991 3364 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:25:04.0037 3364 WUDFRd - ok
21:25:04.0115 3364 yukonw7 (79d9ce9614c955dd31aa2556b4014662) C:\Windows\system32\DRIVERS\yk62x64.sys
21:25:04.0162 3364 yukonw7 - ok
21:25:04.0209 3364 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
21:25:04.0318 3364 \Device\Harddisk0\DR0 - ok
21:25:04.0318 3364 Boot (0x1200) (7d7e913d179f799e6349caecf13a8b2e) \Device\Harddisk0\DR0\Partition0
21:25:04.0318 3364 \Device\Harddisk0\DR0\Partition0 - ok
21:25:04.0349 3364 Boot (0x1200) (49cc63fe7514fd0787d61ea594a98558) \Device\Harddisk0\DR0\Partition1
21:25:04.0349 3364 \Device\Harddisk0\DR0\Partition1 - ok
21:25:04.0349 3364 ============================================================
21:25:04.0349 3364 Scan finished
21:25:04.0349 3364 ============================================================
21:25:04.0381 2664 Detected object count: 0
21:25:04.0381 2664 Actual detected object count: 0
21:25:32.0835 3160 Deinitialize success
and here's the MBAM log:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8186
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
11/17/2011 9:33:14 PM
mbam-log-2011-11-17 (21-33-14).txt
Scan type: Quick scan
Objects scanned: 183334
Time elapsed: 2 minute(s), 22 second(s)
Memory Processes Infected: 7
Memory Modules Infected: 0
Registry Keys Infected: 23
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 28
Memory Processes Infected:
c:\program files\Dell\DellDock\docklogin.exe (Virus.Expiro) -> 832 -> Unloaded process successfully.
c:\program files (x86)\common files\Apple\mobile device support\applemobiledeviceservice.exe (Virus.Expiro) -> 1592 -> Unloaded process successfully.
c:\program files (x86)\Bonjour\mdnsresponder.exe (Virus.Expiro) -> 1664 -> Unloaded process successfully.
c:\program files (x86)\common files\microsoft shared\source engine\OSE.EXE (Virus.Expiro) -> 1104 -> Unloaded process successfully.
c:\program files (x86)\microsoft\search enhancement pack\SeaPort\SeaPort.exe (Virus.Expiro) -> 1056 -> Unloaded process successfully.
c:\program files (x86)\microsoft office\Office\OSA.EXE (Virus.Expiro) -> 2860 -> Unloaded process successfully.
c:\program files (x86)\mozilla firefox\firefox.exe (Virus.Expiro) -> 2976 -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DockLoginService (Virus.Expiro) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Apple Mobile Device (Virus.Expiro) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bonjour Service (Virus.Expiro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{F2CEAF26-7FC8-4CA9-822D-0B6AAD6C1991} (Virus.Expiro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{D7B8A861-86AF-4854-8D92-087C78D0B609} (Virus.Expiro) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SeaPort (Virus.Expiro) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\clr_optimization_v4.0.30319_32 (Virus.Expiro) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\odserv (Virus.Expiro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{6C39E6C6-BF68-49AD-8F24-E1E84C6D8F06} (Virus.Expiro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2E1B2278-D7D9-4C62-8540-359360B5E476} (Virus.Expiro) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GameConsoleService (Virus.Expiro) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GoToAssist (Virus.Expiro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{5924C60B-6D7F-4AD6-8084-24A59431C967} (Virus.Expiro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5C8CE0B5-6DA0-49A1-B675-78FD03EA3224} (Virus.Expiro) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gusvc (Virus.Expiro) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IAANTMON (Virus.Expiro) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Microsoft Office Groove Audit Service (Virus.Expiro) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msiserver (Virus.Expiro) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB931906 (Virus.Expiro) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WSearch (Virus.Expiro) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FE4C2C37-EDC8-4C00-B864-3C38CF3BA834} (Adware.Adshot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEINSTAL.EXE (Virus.Expiro) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\SolutionAV (Rogue.AntivirSolutionPro) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE\OSA.EXE (Virus.Expiro) -> Value: OSA.EXE -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Aim (Virus.Expiro) -> Value: Aim -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\program files\Dell\DellDock\docklogin.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\Apple\mobile device support\applemobiledeviceservice.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\program files (x86)\Bonjour\mdnsresponder.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\microsoft shared\source engine\OSE.EXE (Virus.Expiro) -> Quarantined and deleted successfully.
c:\program files (x86)\microsoft\search enhancement pack\SeaPort\SeaPort.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\program files (x86)\microsoft office\Office\OSA.EXE (Virus.Expiro) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\firefox.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\program files (x86)\AIM\aim.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\Windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\Windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\microsoft shared\OFFICE12\ODSERV.EXE (Virus.Expiro) -> Quarantined and deleted successfully.
c:\program files (x86)\wildtangent\dell games\dell game console\gameconsoleservice.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\program files (x86)\Citrix\gotoassist\514\g2aservice.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\program files (x86)\Google\Common\google updater\googleupdaterservice.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\program files (x86)\Intel\intel matrix storage manager\IAANTmon.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\program files (x86)\microsoft office\Office12\grooveauditservice.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\Windows\System32\msiexec.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\Windows\System32\searchindexer.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\microsoft shared\MSInfo\msinfo32.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\program files (x86)\internet explorer\extexport.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\program files (x86)\internet explorer\ieinstal.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\program files (x86)\internet explorer\ielowutil.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\Windows\System32\srrstr.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\msiexec.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\searchindexer.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\srrstr.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Ellery\downloads\Setup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Users\Ellery\downloads\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
#20
Posted 18 November 2011 - 04:00 PM
BlackOxide
-
- Malware Removal
-
- 1,976 posts
Trusted Helper
Thanks for the logs. We have a tricky situation here. Along with the Rootkit you had, you also got infected with a File Infector, which tries to modify .exe files and certain other file extentions. We will try and get this removed, but depending on how bad the infections is, the worst case scenario is a Full Windows Reinstallation. Hopefully this won't be the case, but there is a chance.
We will try and remove the infection now and then repair any damage it may have caused to some programs. I would also advise you, that if you have used this PC for any shopping/bank/money transactions etc, that you get your passwords changed on another PC which is clean. I'll post my Trojan warning speech below, that I give to people in this situation.
One or more of the threats on your PC have been identified as a Backdoor Trojan. These have the potential to steal and collect information about you such as Credit Card details used on sites, bank details, passwords for sites you log into etc. To be on the safe side it is always advisable to check with your Credit/Debit Card company to see if any recent transcations have been made that you are not aware of and to make them be on the lookout for possible fraud. Also if you have access to another PC, it is advisable to change your passwords for sites you have visited recently.
Lets try and get this sorted now
Can you run the following tool from AVG, then let me know what the results are please.
Click here to download the Expiro Removal Tool from AVG
Save this file to your Desktop
Double click on the program to run it
It should start scanning immediately
Once it has finished, could you get back to me with the following information please: (These can be found on the Summary section at the bottom of the window)
Number of objects cleaned
Number of objects deleted
Number of not cleaned
We will try and remove the infection now and then repair any damage it may have caused to some programs. I would also advise you, that if you have used this PC for any shopping/bank/money transactions etc, that you get your passwords changed on another PC which is clean. I'll post my Trojan warning speech below, that I give to people in this situation.
One or more of the threats on your PC have been identified as a Backdoor Trojan. These have the potential to steal and collect information about you such as Credit Card details used on sites, bank details, passwords for sites you log into etc. To be on the safe side it is always advisable to check with your Credit/Debit Card company to see if any recent transcations have been made that you are not aware of and to make them be on the lookout for possible fraud. Also if you have access to another PC, it is advisable to change your passwords for sites you have visited recently.
Lets try and get this sorted now
Can you run the following tool from AVG, then let me know what the results are please.
Click here to download the Expiro Removal Tool from AVG
Save this file to your Desktop
Double click on the program to run it
It should start scanning immediately
Once it has finished, could you get back to me with the following information please: (These can be found on the Summary section at the bottom of the window)
Number of objects cleaned
Number of objects deleted
Number of not cleaned
#21
Posted 18 November 2011 - 10:49 PM
love2teach956
- Topic Starter
-
- Member
-
- 132 posts
Member
Hi,
All three of those categories say 0(zero).
The category that says Number of infected objects is also 0(zero).
All three of those categories say 0(zero).
The category that says Number of infected objects is also 0(zero).
#22
Posted 19 November 2011 - 05:30 AM
BlackOxide
-
- Malware Removal
-
- 1,976 posts
Trusted Helper
Okey dokey, so far so good. We'll need to get a second opinion on this infection, so if you could run the following Kaspersky scan for me please.
How is the PC behaving now, do you get any error messages appear, or problems browsing the internet etc?
Kaspersky Virus Removal Tool
Click here to download the Kaspersky Virus Removal Tool.
How is the PC behaving now, do you get any error messages appear, or problems browsing the internet etc?
Kaspersky Virus Removal Tool
Click here to download the Kaspersky Virus Removal Tool.
- Save it to your desktop.
- Double click the setup file to run it.
- Follow the onscreen prompts until it is installed
- Click the Options button (the 'cog' icon), then make sure only the following are ticked:
- System Memory
- Hidden startup objects
- Disk boot sectors
- Local Disk (C:)
- Also any other drives (Removable that you may have)
- Then click on Actions on the left hand side
- Click Select Action, then make sure both Disinfect and Delete if disinfection fails are ticked
- Click on Automatic Scan
- Now click the Start Scanning button, to run the scan
- After the scan is complete, click the reports button ('Paper icon', next to the 'cog' icon) on the right hand side
- Click Detected threats on the left
- Now click the Save button, and save it as kaslog.txt to your Desktop
- Please copy and paste the contents of kaslog.txt in your next reply.
#23
Posted 20 November 2011 - 12:17 AM
love2teach956
- Topic Starter
-
- Member
-
- 132 posts
Member
She does have IE running and I tried to download Firefox because i prefer it. And it won't let me do that. It will say IE closed, do you want to go to Home Page or open your last page? I tried to open this site and it shut down IE all together. I'm alternating back and forth between my own laptop and using a disc to download stuff and then load it to hers. I couldn't download Kaspersky at all on her computer, it kept closing IE. So I downloaded it to mine, put o disc, etc. No more pop ups or anything like that on her computer for sure.
Here is the Kaspersky log.
Status: Disinfected (events: 80)
11/19/2011 7:51:06 PM Disinfected virus Virus.Win32.Expiro.w C:\ComboFix\PEV.exe High
11/19/2011 8:05:01 PM Disinfected virus Virus.Win32.Expiro.w C:\Drivers\audio\R228448\WDM\idtmini1.exe High
11/19/2011 8:05:01 PM Disinfected virus Virus.Win32.Expiro.w C:\Drivers\audio\R228448\WDM\AESTSrv.exe High
11/19/2011 8:05:02 PM Disinfected virus Virus.Win32.Expiro.w C:\Drivers\audio\R228448\WDM\IDTPIMA.exe High
11/19/2011 8:05:02 PM Disinfected virus Virus.Win32.Expiro.w C:\Drivers\audio\R228448\WDM\stacsv.exe High
11/19/2011 8:05:03 PM Disinfected virus Virus.Win32.Expiro.w C:\Drivers\audio\R228448\WDM\sttray.exe High
11/19/2011 8:05:04 PM Disinfected virus Virus.Win32.Expiro.w C:\Drivers\audio\R228448\WDM\suhlp.exe High
11/19/2011 8:05:07 PM Disinfected virus Virus.Win32.Expiro.w C:\Drivers\input\R230731\WinWDF\x64\SynMood.exe High
11/19/2011 8:05:08 PM Disinfected virus Virus.Win32.Expiro.w C:\Drivers\input\R230731\WinWDF\x64\SynZMetr.exe High
11/19/2011 8:05:25 PM Disinfected virus Virus.Win32.Expiro.w C:\MSOCache\All Users\{90120000-0115-0409-0000-0000000FF1CE}-C\DW20.EXE High
11/19/2011 8:05:27 PM Disinfected virus Virus.Win32.Expiro.w C:\Drivers\video\R228501\Graphics\igxpun.exe High
11/19/2011 8:05:28 PM Disinfected virus Virus.Win32.Expiro.w C:\MSOCache\All Users\{90120000-0115-0409-0000-0000000FF1CE}-C\dwtrig20.exe High
11/19/2011 8:05:29 PM Disinfected virus Virus.Win32.Expiro.w C:\MSOCache\All Users\{91120000-0030-0000-0000-0000000FF1CE}-C\ose.exe High
11/19/2011 8:05:31 PM Disinfected virus Virus.Win32.Expiro.w C:\MSOCache\All Users\{91120000-0030-0000-0000-0000000FF1CE}-C\setup.exe High
11/19/2011 8:06:32 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32Info.exe High
11/19/2011 8:06:32 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe High
11/19/2011 8:06:33 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroBroker.exe High
11/19/2011 8:06:35 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroTextExtractor.exe High
11/19/2011 8:06:36 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeCollabSync.exe High
11/19/2011 8:06:37 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Eula.exe High
11/19/2011 8:06:42 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A91000000001}\Setup.exe High
11/19/2011 8:06:42 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\AIM\migrator.exe High
11/19/2011 8:06:43 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\AIM Toolbar\aimtbServer.exe High
11/19/2011 8:06:48 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Citrix\GoToAssist\514\g2achat.exe High
11/19/2011 8:06:48 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Citrix\GoToAssist\514\g2acomm.exe High
11/19/2011 8:06:49 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Citrix\GoToAssist\514\g2afiletransfer.exe High
11/19/2011 8:06:49 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Citrix\GoToAssist\514\g2ahost.exe High
11/19/2011 8:06:49 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Citrix\GoToAssist\514\g2ahostlauncher.exe High
11/19/2011 8:06:49 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Citrix\GoToAssist\514\g2ahostnoui.exe High
11/19/2011 8:06:49 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Citrix\GoToAssist\514\G2AInstaller.exe High
11/19/2011 8:06:49 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Citrix\GoToAssist\514\g2alaunchercustomer.exe High
11/19/2011 8:06:50 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Citrix\GoToAssist\514\g2aprocessfactory.exe High
11/19/2011 8:06:50 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Citrix\GoToAssist\514\g2aremotediagnostics.exe High
11/19/2011 8:06:50 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Citrix\GoToAssist\514\g2asessioncontrol.exe High
11/19/2011 8:06:50 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Citrix\GoToAssist\514\g2auicustomer.exe High
11/19/2011 8:06:50 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Citrix\GoToAssist\514\G2AUninstaller.exe High
11/19/2011 8:06:51 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Citrix\GoToAssist\514\g2aview.exe High
11/19/2011 8:06:51 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdaterInstallMgr.exe High
11/19/2011 8:06:51 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe High
11/19/2011 8:06:51 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Common Files\Apple\Apple Application Support\defaults.exe High
11/19/2011 8:06:53 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Common Files\Apple\Apple Application Support\plutil.exe High
11/19/2011 8:06:54 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileSync.exe High
11/19/2011 8:06:54 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\com.apple.IE.client.exe High
11/19/2011 8:06:55 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileBackup.exe High
11/19/2011 8:06:55 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\com.apple.Outlook.client.exe High
11/19/2011 8:06:55 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\com.apple.Safari.client.exe High
11/19/2011 8:06:56 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\com.apple.WindowsContacts.client.exe High
11/19/2011 8:06:56 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\com.apple.WindowsMail.client.exe High
11/19/2011 8:06:57 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\com.google.ContactSync.client.exe High
11/19/2011 8:06:57 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\com.yahoo.go.sync.client.exe High
11/19/2011 8:06:58 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MDCrashReportTool.exe High
11/19/2011 8:06:58 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncDiagnostics.exe High
11/19/2011 8:06:58 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\Mingler.exe High
11/19/2011 8:07:00 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\syncli.exe High
11/19/2011 8:07:00 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncPlanObserver.exe High
11/19/2011 8:07:04 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Common Files\McAfee\Installer\mcinst.exe High
11/19/2011 8:07:07 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Common Files\microsoft shared\ink\pipanel.exe High
11/19/2011 8:07:08 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Common Files\microsoft shared\ink\mip.exe High
11/19/2011 8:07:12 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe High
11/19/2011 8:09:29 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Internet Explorer\iexplore.exe High
11/19/2011 8:10:26 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Maxis\The Sims\UserData\Web Templates\Localization_Templates\Tokin.exe High
11/19/2011 8:11:53 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE High
11/19/2011 8:16:53 PM Disinfected virus Virus.Win32.Expiro.w C:\Qoobox\Quarantine\C\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\appxmlaudio.exe.vir High
11/19/2011 8:16:54 PM Disinfected virus Virus.Win32.Expiro.w C:\Qoobox\Quarantine\C\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe.vir High
11/19/2011 8:16:55 PM Disinfected virus Virus.Win32.Expiro.w C:\Qoobox\Quarantine\C\Windows\SysWOW64\dllhost.exe.vir High
11/19/2011 8:16:55 PM Disinfected virus Virus.Win32.Expiro.w C:\Qoobox\Quarantine\C\Windows\SysWOW64\msiexec.exe.vir High
11/19/2011 8:16:55 PM Disinfected virus Virus.Win32.Expiro.w C:\Qoobox\Quarantine\C\Windows\SysWOW64\msinfo32.exe.vir High
11/19/2011 8:16:56 PM Disinfected virus Virus.Win32.Expiro.w C:\Qoobox\Quarantine\C\Windows\SysWOW64\SearchIndexer.exe.vir High
11/19/2011 8:16:56 PM Disinfected virus Virus.Win32.Expiro.w C:\Qoobox\Quarantine\C\Windows\SysWOW64\svchost.exe.vir High
11/19/2011 8:41:44 PM Disinfected virus Virus.Win32.Expiro.w C:\Windows\SysWOW64\dllhost.exe High
11/19/2011 8:42:09 PM Disinfected virus Virus.Win32.Expiro.w C:\Windows\SysWOW64\svchost.exe High
11/19/2011 8:44:06 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.dz C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\4ce2be02-6ca61b2e High
11/19/2011 8:44:06 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.dz C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\4ce2be02-6ca61b2e/json/Parser.class High
11/19/2011 8:44:27 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.dz C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\d9769e0-44ed604d High
11/19/2011 8:44:27 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.dz C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\d9769e0-44ed604d/json/Parser.class High
11/19/2011 8:45:34 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.dz C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\1f75e909-6825cb96 High
11/19/2011 8:45:34 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.dz C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\1f75e909-6825cb96/json/Parser.class High
11/19/2011 8:56:05 PM Disinfected virus Virus.Win32.Expiro.w C:\Windows\winsxs\x86_microsoft-windows-ie-ielowutil_31bf3856ad364e35_8.0.7600.16385_none_2106a98149904819\ielowutil.exe High
11/19/2011 8:56:05 PM Disinfected virus Virus.Win32.Expiro.w C:\Windows\winsxs\x86_microsoft-windows-ie-impexp-extexport_31bf3856ad364e35_8.0.7600.16385_none_488e5dfb9bdb243c\ExtExport.exe High
11/19/2011 8:56:08 PM Disinfected virus Virus.Win32.Expiro.w C:\Windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_8.0.7600.16385_none_032c767969f7eb6f\ieinstal.exe High
Status: Deleted (events: 21)
11/19/2011 8:16:50 PM Deleted Trojan program Trojan-Downloader.Win32.Agent.tfff C:\Qoobox\Quarantine\C\ProgramData\api-ms-win-core-memory-l1-1-032.dll.vir High
11/19/2011 8:16:51 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.grb C:\Qoobox\Quarantine\C\ProgramData\fHXSUJnFKyQkA.exe.vir High
11/19/2011 8:16:51 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.gok C:\Qoobox\Quarantine\C\ProgramData\nFEDeRLYbhvow.exe.vir High
11/19/2011 8:16:51 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.guk C:\Qoobox\Quarantine\C\ProgramData\VBiiKvMvycJo.exe.vir High
11/19/2011 8:16:52 PM Deleted Trojan program Trojan.Win32.FakeAV.ispc C:\Qoobox\Quarantine\C\ProgramData\WKocfFMPaI.exe.vir High
11/19/2011 8:16:52 PM Deleted Trojan program Trojan-Dropper.Win32.Drooptroop.kkn C:\Qoobox\Quarantine\C\Users\Ellery\AppData\Local\Windows Server\hlp.dat.vir High
11/19/2011 8:16:53 PM Deleted Trojan program Trojan.Win32.Diple.ccgh C:\Qoobox\Quarantine\C\Users\Ellery\AppData\Roaming\6175188136284D9FF8ED53EB58737231\finc70dkk.exe.vir High
11/19/2011 8:16:54 PM Deleted Trojan program Trojan.Win32.Diple.ckua C:\Qoobox\Quarantine\C\Windows\SysWOW64\0.012512630369496347.exe.vir High
11/19/2011 8:16:55 PM Deleted Trojan program Trojan.Win32.Agent.hvfe C:\Qoobox\Quarantine\C\Windows\SysWOW64\api-ms-win-core-memory-l1-1-032.dll.vir High
11/19/2011 8:29:10 PM Deleted Trojan program Backdoor.Win32.ZAccess.aug C:\Windows\assembly\GAC_32\Desktop.ini High
11/19/2011 8:43:36 PM Deleted Trojan program Trojan.Win32.FakeAV.ispc C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\ex[2].html High
11/19/2011 8:44:06 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\41ddfa0-1a1cd111 High
11/19/2011 8:44:06 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\41ddfa0-31e54620 High
11/19/2011 8:44:16 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\41ddfa0-380ba761 High
11/19/2011 8:44:17 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\41ddfa0-534eb410 High
11/19/2011 8:44:17 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\41ddfa0-5e17c4dd High
11/19/2011 8:44:27 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\41ddfa0-62a8f7aa High
11/19/2011 8:45:24 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\75b436b0-1d3b777b High
11/19/2011 8:45:24 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\75b436b0-3831cfcd High
11/19/2011 8:45:25 PM Deleted Trojan program Trojan.Win32.Vilsel.beew C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\6ab0fff3-36c3525a High
11/19/2011 9:44:03 PM Deleted unknown threat UDS:DangerousObject.Multi.Generic C:\_OTL\MovedFiles\11162011_212519\C_Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\isovfe.exe High
Status: Quarantined (events: 5)
11/19/2011 8:16:50 PM Quarantined virus HEUR:Trojan.Win32.Generic C:\Qoobox\Quarantine\C\ProgramData\6DSS92c31Apgjk.exe.vir High
11/19/2011 8:16:53 PM Quarantined virus HEUR:Trojan.Win32.Generic C:\Qoobox\Quarantine\C\Users\Ellery\AppData\Roaming\6175188136284D9FF8ED53EB58737231\upd_debug.exe.vir High
11/19/2011 8:43:34 PM Quarantined virus HEUR:Trojan.Win32.Generic C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\ex[1].html High
11/19/2011 8:43:44 PM Quarantined virus HEUR:Trojan.Script.Iframer C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H52YLL46\ajs[8].php High
11/19/2011 8:44:27 PM Quarantined virus HEUR:Trojan.Win32.Generic C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\73d59ba6-7797585f High
Here is the Kaspersky log.
Status: Disinfected (events: 80)
11/19/2011 7:51:06 PM Disinfected virus Virus.Win32.Expiro.w C:\ComboFix\PEV.exe High
11/19/2011 8:05:01 PM Disinfected virus Virus.Win32.Expiro.w C:\Drivers\audio\R228448\WDM\idtmini1.exe High
11/19/2011 8:05:01 PM Disinfected virus Virus.Win32.Expiro.w C:\Drivers\audio\R228448\WDM\AESTSrv.exe High
11/19/2011 8:05:02 PM Disinfected virus Virus.Win32.Expiro.w C:\Drivers\audio\R228448\WDM\IDTPIMA.exe High
11/19/2011 8:05:02 PM Disinfected virus Virus.Win32.Expiro.w C:\Drivers\audio\R228448\WDM\stacsv.exe High
11/19/2011 8:05:03 PM Disinfected virus Virus.Win32.Expiro.w C:\Drivers\audio\R228448\WDM\sttray.exe High
11/19/2011 8:05:04 PM Disinfected virus Virus.Win32.Expiro.w C:\Drivers\audio\R228448\WDM\suhlp.exe High
11/19/2011 8:05:07 PM Disinfected virus Virus.Win32.Expiro.w C:\Drivers\input\R230731\WinWDF\x64\SynMood.exe High
11/19/2011 8:05:08 PM Disinfected virus Virus.Win32.Expiro.w C:\Drivers\input\R230731\WinWDF\x64\SynZMetr.exe High
11/19/2011 8:05:25 PM Disinfected virus Virus.Win32.Expiro.w C:\MSOCache\All Users\{90120000-0115-0409-0000-0000000FF1CE}-C\DW20.EXE High
11/19/2011 8:05:27 PM Disinfected virus Virus.Win32.Expiro.w C:\Drivers\video\R228501\Graphics\igxpun.exe High
11/19/2011 8:05:28 PM Disinfected virus Virus.Win32.Expiro.w C:\MSOCache\All Users\{90120000-0115-0409-0000-0000000FF1CE}-C\dwtrig20.exe High
11/19/2011 8:05:29 PM Disinfected virus Virus.Win32.Expiro.w C:\MSOCache\All Users\{91120000-0030-0000-0000-0000000FF1CE}-C\ose.exe High
11/19/2011 8:05:31 PM Disinfected virus Virus.Win32.Expiro.w C:\MSOCache\All Users\{91120000-0030-0000-0000-0000000FF1CE}-C\setup.exe High
11/19/2011 8:06:32 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32Info.exe High
11/19/2011 8:06:32 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe High
11/19/2011 8:06:33 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroBroker.exe High
11/19/2011 8:06:35 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroTextExtractor.exe High
11/19/2011 8:06:36 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeCollabSync.exe High
11/19/2011 8:06:37 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Eula.exe High
11/19/2011 8:06:42 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A91000000001}\Setup.exe High
11/19/2011 8:06:42 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\AIM\migrator.exe High
11/19/2011 8:06:43 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\AIM Toolbar\aimtbServer.exe High
11/19/2011 8:06:48 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Citrix\GoToAssist\514\g2achat.exe High
11/19/2011 8:06:48 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Citrix\GoToAssist\514\g2acomm.exe High
11/19/2011 8:06:49 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Citrix\GoToAssist\514\g2afiletransfer.exe High
11/19/2011 8:06:49 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Citrix\GoToAssist\514\g2ahost.exe High
11/19/2011 8:06:49 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Citrix\GoToAssist\514\g2ahostlauncher.exe High
11/19/2011 8:06:49 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Citrix\GoToAssist\514\g2ahostnoui.exe High
11/19/2011 8:06:49 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Citrix\GoToAssist\514\G2AInstaller.exe High
11/19/2011 8:06:49 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Citrix\GoToAssist\514\g2alaunchercustomer.exe High
11/19/2011 8:06:50 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Citrix\GoToAssist\514\g2aprocessfactory.exe High
11/19/2011 8:06:50 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Citrix\GoToAssist\514\g2aremotediagnostics.exe High
11/19/2011 8:06:50 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Citrix\GoToAssist\514\g2asessioncontrol.exe High
11/19/2011 8:06:50 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Citrix\GoToAssist\514\g2auicustomer.exe High
11/19/2011 8:06:50 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Citrix\GoToAssist\514\G2AUninstaller.exe High
11/19/2011 8:06:51 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Citrix\GoToAssist\514\g2aview.exe High
11/19/2011 8:06:51 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdaterInstallMgr.exe High
11/19/2011 8:06:51 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe High
11/19/2011 8:06:51 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Common Files\Apple\Apple Application Support\defaults.exe High
11/19/2011 8:06:53 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Common Files\Apple\Apple Application Support\plutil.exe High
11/19/2011 8:06:54 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileSync.exe High
11/19/2011 8:06:54 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\com.apple.IE.client.exe High
11/19/2011 8:06:55 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileBackup.exe High
11/19/2011 8:06:55 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\com.apple.Outlook.client.exe High
11/19/2011 8:06:55 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\com.apple.Safari.client.exe High
11/19/2011 8:06:56 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\com.apple.WindowsContacts.client.exe High
11/19/2011 8:06:56 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\com.apple.WindowsMail.client.exe High
11/19/2011 8:06:57 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\com.google.ContactSync.client.exe High
11/19/2011 8:06:57 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\com.yahoo.go.sync.client.exe High
11/19/2011 8:06:58 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MDCrashReportTool.exe High
11/19/2011 8:06:58 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncDiagnostics.exe High
11/19/2011 8:06:58 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\Mingler.exe High
11/19/2011 8:07:00 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\syncli.exe High
11/19/2011 8:07:00 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncPlanObserver.exe High
11/19/2011 8:07:04 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Common Files\McAfee\Installer\mcinst.exe High
11/19/2011 8:07:07 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Common Files\microsoft shared\ink\pipanel.exe High
11/19/2011 8:07:08 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Common Files\microsoft shared\ink\mip.exe High
11/19/2011 8:07:12 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe High
11/19/2011 8:09:29 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Internet Explorer\iexplore.exe High
11/19/2011 8:10:26 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Maxis\The Sims\UserData\Web Templates\Localization_Templates\Tokin.exe High
11/19/2011 8:11:53 PM Disinfected virus Virus.Win32.Expiro.w C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE High
11/19/2011 8:16:53 PM Disinfected virus Virus.Win32.Expiro.w C:\Qoobox\Quarantine\C\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\appxmlaudio.exe.vir High
11/19/2011 8:16:54 PM Disinfected virus Virus.Win32.Expiro.w C:\Qoobox\Quarantine\C\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe.vir High
11/19/2011 8:16:55 PM Disinfected virus Virus.Win32.Expiro.w C:\Qoobox\Quarantine\C\Windows\SysWOW64\dllhost.exe.vir High
11/19/2011 8:16:55 PM Disinfected virus Virus.Win32.Expiro.w C:\Qoobox\Quarantine\C\Windows\SysWOW64\msiexec.exe.vir High
11/19/2011 8:16:55 PM Disinfected virus Virus.Win32.Expiro.w C:\Qoobox\Quarantine\C\Windows\SysWOW64\msinfo32.exe.vir High
11/19/2011 8:16:56 PM Disinfected virus Virus.Win32.Expiro.w C:\Qoobox\Quarantine\C\Windows\SysWOW64\SearchIndexer.exe.vir High
11/19/2011 8:16:56 PM Disinfected virus Virus.Win32.Expiro.w C:\Qoobox\Quarantine\C\Windows\SysWOW64\svchost.exe.vir High
11/19/2011 8:41:44 PM Disinfected virus Virus.Win32.Expiro.w C:\Windows\SysWOW64\dllhost.exe High
11/19/2011 8:42:09 PM Disinfected virus Virus.Win32.Expiro.w C:\Windows\SysWOW64\svchost.exe High
11/19/2011 8:44:06 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.dz C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\4ce2be02-6ca61b2e High
11/19/2011 8:44:06 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.dz C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\4ce2be02-6ca61b2e/json/Parser.class High
11/19/2011 8:44:27 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.dz C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\d9769e0-44ed604d High
11/19/2011 8:44:27 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.dz C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\d9769e0-44ed604d/json/Parser.class High
11/19/2011 8:45:34 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.dz C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\1f75e909-6825cb96 High
11/19/2011 8:45:34 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.dz C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\1f75e909-6825cb96/json/Parser.class High
11/19/2011 8:56:05 PM Disinfected virus Virus.Win32.Expiro.w C:\Windows\winsxs\x86_microsoft-windows-ie-ielowutil_31bf3856ad364e35_8.0.7600.16385_none_2106a98149904819\ielowutil.exe High
11/19/2011 8:56:05 PM Disinfected virus Virus.Win32.Expiro.w C:\Windows\winsxs\x86_microsoft-windows-ie-impexp-extexport_31bf3856ad364e35_8.0.7600.16385_none_488e5dfb9bdb243c\ExtExport.exe High
11/19/2011 8:56:08 PM Disinfected virus Virus.Win32.Expiro.w C:\Windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_8.0.7600.16385_none_032c767969f7eb6f\ieinstal.exe High
Status: Deleted (events: 21)
11/19/2011 8:16:50 PM Deleted Trojan program Trojan-Downloader.Win32.Agent.tfff C:\Qoobox\Quarantine\C\ProgramData\api-ms-win-core-memory-l1-1-032.dll.vir High
11/19/2011 8:16:51 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.grb C:\Qoobox\Quarantine\C\ProgramData\fHXSUJnFKyQkA.exe.vir High
11/19/2011 8:16:51 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.gok C:\Qoobox\Quarantine\C\ProgramData\nFEDeRLYbhvow.exe.vir High
11/19/2011 8:16:51 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.guk C:\Qoobox\Quarantine\C\ProgramData\VBiiKvMvycJo.exe.vir High
11/19/2011 8:16:52 PM Deleted Trojan program Trojan.Win32.FakeAV.ispc C:\Qoobox\Quarantine\C\ProgramData\WKocfFMPaI.exe.vir High
11/19/2011 8:16:52 PM Deleted Trojan program Trojan-Dropper.Win32.Drooptroop.kkn C:\Qoobox\Quarantine\C\Users\Ellery\AppData\Local\Windows Server\hlp.dat.vir High
11/19/2011 8:16:53 PM Deleted Trojan program Trojan.Win32.Diple.ccgh C:\Qoobox\Quarantine\C\Users\Ellery\AppData\Roaming\6175188136284D9FF8ED53EB58737231\finc70dkk.exe.vir High
11/19/2011 8:16:54 PM Deleted Trojan program Trojan.Win32.Diple.ckua C:\Qoobox\Quarantine\C\Windows\SysWOW64\0.012512630369496347.exe.vir High
11/19/2011 8:16:55 PM Deleted Trojan program Trojan.Win32.Agent.hvfe C:\Qoobox\Quarantine\C\Windows\SysWOW64\api-ms-win-core-memory-l1-1-032.dll.vir High
11/19/2011 8:29:10 PM Deleted Trojan program Backdoor.Win32.ZAccess.aug C:\Windows\assembly\GAC_32\Desktop.ini High
11/19/2011 8:43:36 PM Deleted Trojan program Trojan.Win32.FakeAV.ispc C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\ex[2].html High
11/19/2011 8:44:06 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\41ddfa0-1a1cd111 High
11/19/2011 8:44:06 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\41ddfa0-31e54620 High
11/19/2011 8:44:16 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\41ddfa0-380ba761 High
11/19/2011 8:44:17 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\41ddfa0-534eb410 High
11/19/2011 8:44:17 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\41ddfa0-5e17c4dd High
11/19/2011 8:44:27 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\41ddfa0-62a8f7aa High
11/19/2011 8:45:24 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\75b436b0-1d3b777b High
11/19/2011 8:45:24 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\75b436b0-3831cfcd High
11/19/2011 8:45:25 PM Deleted Trojan program Trojan.Win32.Vilsel.beew C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\6ab0fff3-36c3525a High
11/19/2011 9:44:03 PM Deleted unknown threat UDS:DangerousObject.Multi.Generic C:\_OTL\MovedFiles\11162011_212519\C_Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\isovfe.exe High
Status: Quarantined (events: 5)
11/19/2011 8:16:50 PM Quarantined virus HEUR:Trojan.Win32.Generic C:\Qoobox\Quarantine\C\ProgramData\6DSS92c31Apgjk.exe.vir High
11/19/2011 8:16:53 PM Quarantined virus HEUR:Trojan.Win32.Generic C:\Qoobox\Quarantine\C\Users\Ellery\AppData\Roaming\6175188136284D9FF8ED53EB58737231\upd_debug.exe.vir High
11/19/2011 8:43:34 PM Quarantined virus HEUR:Trojan.Win32.Generic C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\ex[1].html High
11/19/2011 8:43:44 PM Quarantined virus HEUR:Trojan.Script.Iframer C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H52YLL46\ajs[8].php High
11/19/2011 8:44:27 PM Quarantined virus HEUR:Trojan.Win32.Generic C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\73d59ba6-7797585f High
#24
Posted 20 November 2011 - 07:50 AM
BlackOxide
-
- Malware Removal
-
- 1,976 posts
Trusted Helper
Well done on getting the Kaspersky scan sorted. It has found and disinfected some more Expiro infections. Looks like the AVG tool didn't want to detect this variant of it when we ran it just before kaspersky scan.
As some of the infected files were removed earlier, you may come across some programs that don't want to work properly. Usually, if you just reinstall them, they should work fine. We'll sort the Internet Explorer and Firefox issues out later, when we know the PC is clean.
For now though, we will need to get an Anti Virus installed, as this should help us stop infections from further spreading on the PC. You mentioned at the start that McAfee has ran out of it's subscription. Are you planning on purchasing a new subscription? If you're not, then we can just remove McAfee and install a Free Anti Virus such as Microsoft Security Essentials. Just let me know which way you'd like to go and I'll run you through what needs doing
In the meantime, lets do some additional scans, to try and fully get rid of this infection:
1)
Could you get me an updated OTL log please:
OTL Quick Scan
2)
Clear Java Cache
Please click here, and then follow the instructions on clearing your Java's cache.
3)
I'd like you to run another scan with the Kaspersky Virus Removal Tool, as I'd like to see if it detects any newly infected files, or whether it now appears fully clean.
Just follow the steps from before. You can use the same kaspersky file again that you have on your CD
In your next reply
Please post the contents of...
OTL log
Kaspersky log
Let me know whether you would like to keep McAfee or not
As some of the infected files were removed earlier, you may come across some programs that don't want to work properly. Usually, if you just reinstall them, they should work fine. We'll sort the Internet Explorer and Firefox issues out later, when we know the PC is clean.
For now though, we will need to get an Anti Virus installed, as this should help us stop infections from further spreading on the PC. You mentioned at the start that McAfee has ran out of it's subscription. Are you planning on purchasing a new subscription? If you're not, then we can just remove McAfee and install a Free Anti Virus such as Microsoft Security Essentials. Just let me know which way you'd like to go and I'll run you through what needs doing
In the meantime, lets do some additional scans, to try and fully get rid of this infection:
1)
Could you get me an updated OTL log please:
OTL Quick Scan
- Double click on the OTL icon to run it.
- When the window appears, underneath Output at the top, make sure Standard Output is selected.
- Tick the Scan All Users box at the top
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open a notepad window.
- Please post the contents of this log
2)
Clear Java Cache
Please click here, and then follow the instructions on clearing your Java's cache.
3)
I'd like you to run another scan with the Kaspersky Virus Removal Tool, as I'd like to see if it detects any newly infected files, or whether it now appears fully clean.
Just follow the steps from before. You can use the same kaspersky file again that you have on your CD
In your next reply
Please post the contents of...
OTL log
Kaspersky log
Let me know whether you would like to keep McAfee or not
#25
Posted 20 November 2011 - 10:53 PM
love2teach956
- Topic Starter
-
- Member
-
- 132 posts
Member
I do plan on keeping(renewing) for my daughter, the McAfee as soon as we get this fixed I will renew and get on her computer. Here is the new OTL and Kaspersky logs.
OTL logfile created on: 11/20/2011 7:11:43 PM - Run 12
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ellery\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.96 Gb Total Physical Memory | 2.90 Gb Available Physical Memory | 73.27% Memory free
7.92 Gb Paging File | 6.64 Gb Available in Paging File | 83.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 405.12 Gb Free Space | 89.81% Space Free | Partition Type: NTFS
Computer Name: ELLERY-PC | User Name: Ellery | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/11/08 19:12:46 | 000,584,192 | R--- | M] (OldTimer Tools) -- C:\Users\Ellery\Desktop\OTL.exe
PRC - [2011/09/06 09:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/18 07:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 09:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2009/10/15 01:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/09/11 10:07:00 | 001,779,952 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/06/24 18:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/06/24 14:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/06/04 17:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
========== Modules (No Company Name) ==========
MOD - [2011/10/17 02:39:20 | 002,295,296 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\6d859463c9e6a7423ddb335211a79dda\System.Core.ni.dll
MOD - [2011/10/17 02:39:16 | 000,997,888 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cc6713be0e405d5a89a2783103f7e771\System.Management.ni.dll
MOD - [2011/10/17 02:31:17 | 000,368,128 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5672e6b9d976feca51deb06d8dd1df0e\PresentationFramework.Aero.ni.dll
MOD - [2011/10/17 02:31:08 | 001,840,640 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\7fb80e48899821b64471f8e7ac2d08b7\System.Web.Services.ni.dll
MOD - [2011/10/17 02:30:47 | 014,322,688 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\09e39322b47f9b4e8dd2199ff03acb2e\PresentationFramework.ni.dll
MOD - [2011/10/17 02:30:32 | 012,431,360 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll
MOD - [2011/10/17 02:30:25 | 001,586,688 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll
MOD - [2011/10/17 02:30:22 | 012,216,320 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\d2dc021a8311197516e4fa325b292f21\PresentationCore.ni.dll
MOD - [2011/10/17 02:30:11 | 003,325,952 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3136e12cfb8809d39813e76c766c782c\WindowsBase.ni.dll
MOD - [2011/10/17 02:30:05 | 005,452,800 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2011/10/17 02:30:02 | 000,971,264 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll
MOD - [2011/10/17 02:30:01 | 007,949,312 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011/10/17 02:29:52 | 011,490,304 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2010/11/17 13:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/10/15 01:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009/09/11 10:08:00 | 000,268,016 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2009/09/11 10:08:00 | 000,140,528 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2009/09/11 10:08:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2009/09/11 10:07:00 | 001,779,952 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2009/09/11 10:05:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
MOD - [2009/08/21 08:57:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2009/07/16 17:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/06/28 20:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/18 07:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/03/10 22:22:41 | 000,107,904 | -H-- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:22:40 | 000,027,008 | -H-- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/14 18:51:20 | 000,051,712 | -H-- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/07/16 17:06:20 | 000,022,520 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/16 17:06:18 | 002,769,400 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | -H-- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | -H-- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | -H-- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | -H-- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 01:00:00 | 000,055,280 | -H-- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/28 20:44:38 | 000,487,424 | -H-- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/25 03:26:10 | 000,273,456 | -H-- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/15 11:06:42 | 000,172,704 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | -H-- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 02:54:36 | 000,408,600 | -H-- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/06/02 19:16:56 | 007,333,472 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/05/19 19:10:00 | 000,393,728 | -H-- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | -H-- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/08 00:15:18 | 000,215,552 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2006/11/01 10:51:00 | 000,151,656 | -H-- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2A 49 2B 98 15 A3 CC 01 [binary data]
IE - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..extensions.enabledItems: {ec9032c7-c20a-464f-7b0e-13a3a9e97385}:1
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/30 19:06:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/19 15:59:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{02C2357F-6111-4C54-9AAC-B4FA3F1191E9}: C:\Users\Ellery\AppData\Local\{02C2357F-6111-4C54-9AAC-B4FA3F1191E9}
[2011/10/08 14:13:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Extensions
[2011/11/17 21:20:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions
[2011/11/17 21:20:11 | 000,000,000 | ---D | M] (.) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}
[2010/08/17 14:01:30 | 000,002,197 | ---- | M] () -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\searchplugins\google-search.xml
[2011/11/16 21:43:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
O1 HOSTS File: ([2011/11/17 21:17:46 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE ()
O4 - Startup: C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Office Startup.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{412B5C3D-27AE-4B40-B566-FF34FD010B4D}: DhcpNameServer = 134.139.19.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6856E191-803C-433A-B603-54C8CF1692AF}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/11/19 19:44:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/11/17 21:27:17 | 000,000,000 | ---D | C] -- C:\Users\Ellery\AppData\Roaming\Malwarebytes
[2011/11/17 21:26:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/17 21:26:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/17 21:26:45 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/11/17 21:26:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/16 21:25:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/14 13:19:50 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/14 12:52:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/14 12:52:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/14 12:52:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/14 12:52:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/14 12:52:16 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/11/14 12:39:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/08 19:12:46 | 000,584,192 | R--- | C] (OldTimer Tools) -- C:\Users\Ellery\Desktop\OTL.exe
[2011/11/06 21:56:54 | 000,000,000 | ---D | C] -- C:\Users\Ellery\AppData\Local\ElevatedDiagnostics
[2011/11/06 21:19:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/11/06 21:15:59 | 000,000,000 | ---D | C] -- C:\Users\Ellery\Desktop\RK_Quarantine
[2011/11/06 14:54:48 | 000,000,000 | ---D | C] -- C:\Windows\pss
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Users\Ellery\Desktop\*.tmp files -> C:\Users\Ellery\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/11/20 19:08:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/20 19:08:25 | 3190,050,816 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/19 21:44:03 | 000,005,268 | -HS- | M] () -- C:\Windows\0468827drv.spi
[2011/11/19 19:15:22 | 000,021,513 | ---- | M] () -- C:\Users\Ellery\AppData\Local\dfl20z32.dll
[2011/11/19 19:00:38 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/19 19:00:38 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/19 18:54:59 | 000,000,334 | ---- | M] () -- C:\Users\Ellery\AppData\Local\wsr20zt32.dll
[2011/11/17 21:26:48 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/17 21:17:46 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/11/14 12:27:58 | 000,578,442 | ---- | M] () -- C:\Users\Ellery\Desktop\OTL.zip
[2011/11/08 19:12:46 | 000,584,192 | R--- | M] (OldTimer Tools) -- C:\Users\Ellery\Desktop\OTL.exe
[2011/10/30 19:02:08 | 087,293,952 | ---- | M] () -- C:\Users\Ellery\kavkis.msi
[2011/10/30 18:41:19 | 000,000,040 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Users\Ellery\Desktop\*.tmp files -> C:\Users\Ellery\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/11/19 20:16:50 | 000,005,268 | -HS- | C] () -- C:\Windows\0468827drv.spi
[2011/11/19 18:56:54 | 000,021,513 | ---- | C] () -- C:\Users\Ellery\AppData\Local\dfl20z32.dll
[2011/11/17 21:26:48 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/17 21:20:10 | 000,000,334 | ---- | C] () -- C:\Users\Ellery\AppData\Local\wsr20zt32.dll
[2011/11/14 12:52:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/14 12:52:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/14 12:52:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/14 12:52:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/14 12:52:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/14 12:27:58 | 000,578,442 | ---- | C] () -- C:\Users\Ellery\Desktop\OTL.zip
[2011/10/30 18:48:47 | 087,293,952 | ---- | C] () -- C:\Users\Ellery\kavkis.msi
[2011/10/30 18:41:18 | 000,000,040 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/01/08 17:01:56 | 000,000,022 | -H-- | C] () -- C:\Windows\exchng.ini
[2011/01/08 17:01:55 | 000,000,957 | -H-- | C] () -- C:\Windows\ODBCINST.INI
[2011/01/08 17:01:55 | 000,000,611 | -H-- | C] () -- C:\Windows\ODBC.INI
[2010/09/04 21:04:18 | 000,000,584 | -H-- | C] () -- C:\Windows\eReg.dat
[2010/01/02 13:42:32 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/31 18:27:33 | 000,009,216 | ---- | C] () -- C:\Users\Ellery\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/21 10:01:54 | 000,982,220 | -H-- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/12/21 10:01:52 | 000,134,592 | -H-- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/12/21 10:01:52 | 000,092,216 | -H-- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/12/21 10:01:51 | 000,433,024 | -H-- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/12/21 08:42:17 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 18:35:51 | 000,000,741 | -H-- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 18:34:42 | 000,215,943 | -H-- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[1996/11/17 00:00:00 | 000,094,208 | -H-- | C] () -- C:\Windows\SysWow64\MSENCODE.DLL
[1996/11/17 00:00:00 | 000,047,104 | -H-- | C] () -- C:\Windows\SysWow64\WRKGADM.EXE
[1996/11/17 00:00:00 | 000,022,016 | -H-- | C] () -- C:\Windows\SysWow64\ODBCSTF.DLL
[1996/11/17 00:00:00 | 000,022,016 | -H-- | C] () -- C:\Windows\SysWow64\DOCOBJ.DLL
[1996/11/17 00:00:00 | 000,012,288 | -H-- | C] () -- C:\Windows\SysWow64\HLINKPRX.DLL
========== LOP Check ==========
[2010/01/02 00:31:02 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\acccore
[2011/09/12 16:07:59 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\PCDr
[2010/01/02 03:47:40 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\WildTangent
[2011/11/16 21:28:19 | 000,032,532 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
and here's the Kaspersky Log:
Status: Quarantined (events: 1)
11/20/2011 8:02:25 PM Quarantined virus HEUR:Trojan.Win32.Generic C:\Qoobox\Quarantine\C\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\appxmlaudio.exe.vir High
OTL logfile created on: 11/20/2011 7:11:43 PM - Run 12
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ellery\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.96 Gb Total Physical Memory | 2.90 Gb Available Physical Memory | 73.27% Memory free
7.92 Gb Paging File | 6.64 Gb Available in Paging File | 83.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 405.12 Gb Free Space | 89.81% Space Free | Partition Type: NTFS
Computer Name: ELLERY-PC | User Name: Ellery | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/11/08 19:12:46 | 000,584,192 | R--- | M] (OldTimer Tools) -- C:\Users\Ellery\Desktop\OTL.exe
PRC - [2011/09/06 09:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/18 07:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 09:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2009/10/15 01:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/09/11 10:07:00 | 001,779,952 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/06/24 18:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/06/24 14:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/06/04 17:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
========== Modules (No Company Name) ==========
MOD - [2011/10/17 02:39:20 | 002,295,296 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\6d859463c9e6a7423ddb335211a79dda\System.Core.ni.dll
MOD - [2011/10/17 02:39:16 | 000,997,888 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cc6713be0e405d5a89a2783103f7e771\System.Management.ni.dll
MOD - [2011/10/17 02:31:17 | 000,368,128 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5672e6b9d976feca51deb06d8dd1df0e\PresentationFramework.Aero.ni.dll
MOD - [2011/10/17 02:31:08 | 001,840,640 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\7fb80e48899821b64471f8e7ac2d08b7\System.Web.Services.ni.dll
MOD - [2011/10/17 02:30:47 | 014,322,688 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\09e39322b47f9b4e8dd2199ff03acb2e\PresentationFramework.ni.dll
MOD - [2011/10/17 02:30:32 | 012,431,360 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll
MOD - [2011/10/17 02:30:25 | 001,586,688 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll
MOD - [2011/10/17 02:30:22 | 012,216,320 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\d2dc021a8311197516e4fa325b292f21\PresentationCore.ni.dll
MOD - [2011/10/17 02:30:11 | 003,325,952 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3136e12cfb8809d39813e76c766c782c\WindowsBase.ni.dll
MOD - [2011/10/17 02:30:05 | 005,452,800 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2011/10/17 02:30:02 | 000,971,264 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll
MOD - [2011/10/17 02:30:01 | 007,949,312 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011/10/17 02:29:52 | 011,490,304 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2010/11/17 13:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/10/15 01:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009/09/11 10:08:00 | 000,268,016 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2009/09/11 10:08:00 | 000,140,528 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2009/09/11 10:08:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2009/09/11 10:07:00 | 001,779,952 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2009/09/11 10:05:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
MOD - [2009/08/21 08:57:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2009/07/16 17:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/06/28 20:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/18 07:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/03/10 22:22:41 | 000,107,904 | -H-- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:22:40 | 000,027,008 | -H-- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/14 18:51:20 | 000,051,712 | -H-- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/07/16 17:06:20 | 000,022,520 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/16 17:06:18 | 002,769,400 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | -H-- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | -H-- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | -H-- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | -H-- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 01:00:00 | 000,055,280 | -H-- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/28 20:44:38 | 000,487,424 | -H-- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/25 03:26:10 | 000,273,456 | -H-- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/15 11:06:42 | 000,172,704 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | -H-- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 02:54:36 | 000,408,600 | -H-- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/06/02 19:16:56 | 007,333,472 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/05/19 19:10:00 | 000,393,728 | -H-- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | -H-- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/08 00:15:18 | 000,215,552 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2006/11/01 10:51:00 | 000,151,656 | -H-- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2A 49 2B 98 15 A3 CC 01 [binary data]
IE - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..extensions.enabledItems: {ec9032c7-c20a-464f-7b0e-13a3a9e97385}:1
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/30 19:06:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/19 15:59:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{02C2357F-6111-4C54-9AAC-B4FA3F1191E9}: C:\Users\Ellery\AppData\Local\{02C2357F-6111-4C54-9AAC-B4FA3F1191E9}
[2011/10/08 14:13:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Extensions
[2011/11/17 21:20:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions
[2011/11/17 21:20:11 | 000,000,000 | ---D | M] (.) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}
[2010/08/17 14:01:30 | 000,002,197 | ---- | M] () -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\searchplugins\google-search.xml
[2011/11/16 21:43:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
O1 HOSTS File: ([2011/11/17 21:17:46 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE ()
O4 - Startup: C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Office Startup.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{412B5C3D-27AE-4B40-B566-FF34FD010B4D}: DhcpNameServer = 134.139.19.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6856E191-803C-433A-B603-54C8CF1692AF}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/11/19 19:44:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/11/17 21:27:17 | 000,000,000 | ---D | C] -- C:\Users\Ellery\AppData\Roaming\Malwarebytes
[2011/11/17 21:26:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/17 21:26:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/17 21:26:45 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/11/17 21:26:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/16 21:25:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/14 13:19:50 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/14 12:52:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/14 12:52:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/14 12:52:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/14 12:52:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/14 12:52:16 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/11/14 12:39:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/08 19:12:46 | 000,584,192 | R--- | C] (OldTimer Tools) -- C:\Users\Ellery\Desktop\OTL.exe
[2011/11/06 21:56:54 | 000,000,000 | ---D | C] -- C:\Users\Ellery\AppData\Local\ElevatedDiagnostics
[2011/11/06 21:19:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/11/06 21:15:59 | 000,000,000 | ---D | C] -- C:\Users\Ellery\Desktop\RK_Quarantine
[2011/11/06 14:54:48 | 000,000,000 | ---D | C] -- C:\Windows\pss
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Users\Ellery\Desktop\*.tmp files -> C:\Users\Ellery\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/11/20 19:08:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/20 19:08:25 | 3190,050,816 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/19 21:44:03 | 000,005,268 | -HS- | M] () -- C:\Windows\0468827drv.spi
[2011/11/19 19:15:22 | 000,021,513 | ---- | M] () -- C:\Users\Ellery\AppData\Local\dfl20z32.dll
[2011/11/19 19:00:38 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/19 19:00:38 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/19 18:54:59 | 000,000,334 | ---- | M] () -- C:\Users\Ellery\AppData\Local\wsr20zt32.dll
[2011/11/17 21:26:48 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/17 21:17:46 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/11/14 12:27:58 | 000,578,442 | ---- | M] () -- C:\Users\Ellery\Desktop\OTL.zip
[2011/11/08 19:12:46 | 000,584,192 | R--- | M] (OldTimer Tools) -- C:\Users\Ellery\Desktop\OTL.exe
[2011/10/30 19:02:08 | 087,293,952 | ---- | M] () -- C:\Users\Ellery\kavkis.msi
[2011/10/30 18:41:19 | 000,000,040 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Users\Ellery\Desktop\*.tmp files -> C:\Users\Ellery\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/11/19 20:16:50 | 000,005,268 | -HS- | C] () -- C:\Windows\0468827drv.spi
[2011/11/19 18:56:54 | 000,021,513 | ---- | C] () -- C:\Users\Ellery\AppData\Local\dfl20z32.dll
[2011/11/17 21:26:48 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/17 21:20:10 | 000,000,334 | ---- | C] () -- C:\Users\Ellery\AppData\Local\wsr20zt32.dll
[2011/11/14 12:52:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/14 12:52:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/14 12:52:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/14 12:52:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/14 12:52:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/14 12:27:58 | 000,578,442 | ---- | C] () -- C:\Users\Ellery\Desktop\OTL.zip
[2011/10/30 18:48:47 | 087,293,952 | ---- | C] () -- C:\Users\Ellery\kavkis.msi
[2011/10/30 18:41:18 | 000,000,040 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/01/08 17:01:56 | 000,000,022 | -H-- | C] () -- C:\Windows\exchng.ini
[2011/01/08 17:01:55 | 000,000,957 | -H-- | C] () -- C:\Windows\ODBCINST.INI
[2011/01/08 17:01:55 | 000,000,611 | -H-- | C] () -- C:\Windows\ODBC.INI
[2010/09/04 21:04:18 | 000,000,584 | -H-- | C] () -- C:\Windows\eReg.dat
[2010/01/02 13:42:32 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/31 18:27:33 | 000,009,216 | ---- | C] () -- C:\Users\Ellery\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/21 10:01:54 | 000,982,220 | -H-- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/12/21 10:01:52 | 000,134,592 | -H-- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/12/21 10:01:52 | 000,092,216 | -H-- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/12/21 10:01:51 | 000,433,024 | -H-- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/12/21 08:42:17 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 18:35:51 | 000,000,741 | -H-- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 18:34:42 | 000,215,943 | -H-- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[1996/11/17 00:00:00 | 000,094,208 | -H-- | C] () -- C:\Windows\SysWow64\MSENCODE.DLL
[1996/11/17 00:00:00 | 000,047,104 | -H-- | C] () -- C:\Windows\SysWow64\WRKGADM.EXE
[1996/11/17 00:00:00 | 000,022,016 | -H-- | C] () -- C:\Windows\SysWow64\ODBCSTF.DLL
[1996/11/17 00:00:00 | 000,022,016 | -H-- | C] () -- C:\Windows\SysWow64\DOCOBJ.DLL
[1996/11/17 00:00:00 | 000,012,288 | -H-- | C] () -- C:\Windows\SysWow64\HLINKPRX.DLL
========== LOP Check ==========
[2010/01/02 00:31:02 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\acccore
[2011/09/12 16:07:59 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\PCDr
[2010/01/02 03:47:40 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\WildTangent
[2011/11/16 21:28:19 | 000,032,532 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
and here's the Kaspersky Log:
Status: Quarantined (events: 1)
11/20/2011 8:02:25 PM Quarantined virus HEUR:Trojan.Win32.Generic C:\Qoobox\Quarantine\C\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\appxmlaudio.exe.vir High
#26
Posted 21 November 2011 - 01:38 PM
BlackOxide
-
- Malware Removal
-
- 1,976 posts
Trusted Helper
This infection doesn't want to go without a fight. Your OTL log is still showing some of it's files. Lets try the following...
Please do these steps in the order they are shown.
1)
Save the following file to your Desktop, keep it as fix.txt
fix.txt 1.08KB
458 downloads
2)
Delete your current ComboFix.exe file from your PC
Then, download ComboFix from one of these locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
3)
OTL Quick Scan
In your next reply
Please post the contents of...
ComboFix log
OTL log
Please do these steps in the order they are shown.
1)
Save the following file to your Desktop, keep it as fix.txt
fix.txt 1.08KB
458 downloads- Open OTL
- Leave all the settings as they are and make sure the white box at the bottom of the OTL window is empty
- Now click Run Fix at the top
- Click OK on the message box that appears
- Navigate to the fix.txt file that you saved earlier and then select that file and click Open
- Now click the Run Fix button again and it should perform the fix
- Please allow the PC to reboot if it prompts
2)
Delete your current ComboFix.exe file from your PC
Then, download ComboFix from one of these locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
- Double click on ComboFix.exe & follow the prompts.
- Accept the disclaimer and allow to update if it asks
- When finished, it shall produce a log for you.
- Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
3)
OTL Quick Scan
- Double click on the OTL icon to run it.
- When the window appears, underneath Output at the top, make sure Standard Output is selected.
- Tick the Scan All Users box at the top
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open a notepad window.
- Please post the contents of this log
In your next reply
Please post the contents of...
ComboFix log
OTL log
#27
Posted 21 November 2011 - 04:19 PM
love2teach956
- Topic Starter
-
- Member
-
- 132 posts
Member
All processes killed
========== OTL ==========
Prefs.js: {ec9032c7-c20a-464f-7b0e-13a3a9e97385}:1 removed from extensions.enabledItems
File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{02C2357F-6111-4C54-9AAC-B4FA3F1191E9}: C:\Users\Ellery\AppData\Local\{02C2357F-6111-4C54-9AAC-B4FA3F1191E9} not found.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}\components folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}\chrome\content folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}\chrome folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385} folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\searchplugins\google-search.xml moved successfully.
C:\Windows\0468827drv.spi moved successfully.
C:\Users\Ellery\AppData\Local\dfl20z32.dll moved successfully.
C:\Users\Ellery\AppData\Local\wsr20zt32.dll moved successfully.
C:\ProgramData\~6DSS92c31Apgjk moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Ellery\Desktop\cmd.bat deleted successfully.
C:\Users\Ellery\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Ellery
->Temp folder emptied: 35952 bytes
->Temporary Internet Files folder emptied: 48578541 bytes
->Java cache emptied: 1 bytes
->FireFox cache emptied: 3426523 bytes
->Flash cache emptied: 792 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 743352 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1538 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 775791 bytes
Total Files Cleaned = 51.00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default
User: Default User
User: Ellery
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.31.0 log created on 11212011_115033
Files\Folders moved on Reboot...
C:\Users\Ellery\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Ellery\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JH0P035I\page__st__15[3].html moved successfully.
C:\Users\Ellery\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BBJ99HFM\fastbutton[2].html moved successfully.
C:\Users\Ellery\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
Registry entries deleted on Reboot...
Here is OTL Log. I guess I have to go back and redo Combo Fix again. Txt file says this one is 970 KB when the OTL log is only 8KB..
I couldn't save and send it to you on her laptop, kept freezing IE, saying not responding so I had to load on disc and put on my computer. When I went to send to you on here computer I got error msg saying network server disconnected..Ugh, so I have disc in friend's computer now and it won't let me send ComboFix log, says too long, shorten.
I just want to make sure I've done the scan right. I want to make sure Im not copying more than one file.
Sorry
========== OTL ==========
Prefs.js: {ec9032c7-c20a-464f-7b0e-13a3a9e97385}:1 removed from extensions.enabledItems
File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{02C2357F-6111-4C54-9AAC-B4FA3F1191E9}: C:\Users\Ellery\AppData\Local\{02C2357F-6111-4C54-9AAC-B4FA3F1191E9} not found.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}\components folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}\chrome\content folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}\chrome folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385} folder moved successfully.
C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\searchplugins\google-search.xml moved successfully.
C:\Windows\0468827drv.spi moved successfully.
C:\Users\Ellery\AppData\Local\dfl20z32.dll moved successfully.
C:\Users\Ellery\AppData\Local\wsr20zt32.dll moved successfully.
C:\ProgramData\~6DSS92c31Apgjk moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Ellery\Desktop\cmd.bat deleted successfully.
C:\Users\Ellery\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Ellery
->Temp folder emptied: 35952 bytes
->Temporary Internet Files folder emptied: 48578541 bytes
->Java cache emptied: 1 bytes
->FireFox cache emptied: 3426523 bytes
->Flash cache emptied: 792 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 743352 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1538 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 775791 bytes
Total Files Cleaned = 51.00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default
User: Default User
User: Ellery
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.31.0 log created on 11212011_115033
Files\Folders moved on Reboot...
C:\Users\Ellery\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Ellery\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JH0P035I\page__st__15[3].html moved successfully.
C:\Users\Ellery\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BBJ99HFM\fastbutton[2].html moved successfully.
C:\Users\Ellery\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
Registry entries deleted on Reboot...
Here is OTL Log. I guess I have to go back and redo Combo Fix again. Txt file says this one is 970 KB when the OTL log is only 8KB..
I couldn't save and send it to you on her laptop, kept freezing IE, saying not responding so I had to load on disc and put on my computer. When I went to send to you on here computer I got error msg saying network server disconnected..Ugh, so I have disc in friend's computer now and it won't let me send ComboFix log, says too long, shorten.
I just want to make sure I've done the scan right. I want to make sure Im not copying more than one file.
Sorry
#28
Posted 21 November 2011 - 04:39 PM
BlackOxide
-
- Malware Removal
-
- 1,976 posts
Trusted Helper
No worries. Can you try attaching the ComboFix log instead please, to see if that works.
To attach a file...
To attach a file...
- Click Add Reply as you would do normally
- Then within the 'Attachments' area, click Browse and select the file that you want to attach
- Click the Attach This File button
- Now click Add to Post on the right hand side, to insert the attachment into your post.
#29
Posted 21 November 2011 - 10:31 PM
love2teach956
- Topic Starter
-
- Member
-
- 132 posts
Member
hope this works. Here is comboFix log attached.
Attached Files
-
ComboFix.txt 969.96KB
588 downloads
#30
Posted 22 November 2011 - 01:54 PM
BlackOxide
-
- Malware Removal
-
- 1,976 posts
Trusted Helper
Yep, that worked fine thanks
1)
Let's now get your Internet Explorer and Firefox sorted. Both need upgrading to their latest versions, so hopefully, once this has been done they should work normally.
Upgrade to Internet Explorer 9
Click here to download Internet Explorer 9 for Windows 7 64-Bit
Double click on the downloaded file and follow the prompts to upgrade to Internet Explorer 9
Upgrade to Firefox 8.0
Click here to download Firefox 8.0 for Windows 7 64-Bit
Double click on the downloaded file and follow the prompts to upgrade.
Once both browsers have been updated, reboot the PC and let me know whether they now work normally please.
2)
OTL Quick Scan
3)
Rescan with MBAM - NOTE: Different instructions than previous scan(s), please read carefully
Run a Quick Scan with Malwarebytes Anti-Malware (MBAM) after updating, using the following modified instructions.
In your next reply
Please post the contents of...
OTL log
MBAM log
Let me know whether the browsers are now working properly
1)
Let's now get your Internet Explorer and Firefox sorted. Both need upgrading to their latest versions, so hopefully, once this has been done they should work normally.
Upgrade to Internet Explorer 9
Click here to download Internet Explorer 9 for Windows 7 64-Bit
Double click on the downloaded file and follow the prompts to upgrade to Internet Explorer 9
Upgrade to Firefox 8.0
Click here to download Firefox 8.0 for Windows 7 64-Bit
Double click on the downloaded file and follow the prompts to upgrade.
Once both browsers have been updated, reboot the PC and let me know whether they now work normally please.
2)
OTL Quick Scan
- Double click on the OTL icon to run it.
- When the window appears, underneath Output at the top, make sure Standard Output is selected.
- Tick the Scan All Users box at the top
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open a notepad window.
- Please post the contents of this log
3)
Rescan with MBAM - NOTE: Different instructions than previous scan(s), please read carefully
Run a Quick Scan with Malwarebytes Anti-Malware (MBAM) after updating, using the following modified instructions.
- Open MBAM
- Click the Update tab, then click Check for Updates and let it install any updates if they are available
- Click the Scanner tab, then make sure Quick Scan is selected and click Scan
- When the scan is complete, click OK, then Show Results to view the results.
- Do NOT click Remove Selected, instead just click Save Log and save the log to your Desktop
- Open up this log and post it in your next reply
In your next reply
Please post the contents of...
OTL log
MBAM log
Let me know whether the browsers are now working properly
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
