Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Malwarebytes removal of Adware/XPAntivirus2012 FAIL

Started by stormcat , Jan 19 2012 02:02 PM

Please log in to reply

#1
stormcat

Posted 19 January 2012 - 02:02 PM

Member

Member
14 posts

I'm a Vista user running Panda Cloud Antivirus with Windows Security Firewall. I'm glad Panda deletes this morphing menace when it surfaces, but I'd like to remove it forever. I tried the fix outlined at bleepingcomputer.com, but apparently it didn't take.

Here's my OTL log:

OTL logfile created on: 1/19/2012 1:42:05 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Rachel\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 49.19% Memory free
4.23 Gb Paging File | 3.25 Gb Available in Paging File | 76.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.47 Gb Total Space | 59.16 Gb Free Space | 43.35% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.04 Gb Free Space | 50.37% Space Free | Partition Type: NTFS

Computer Name: STORMY-PC | User Name: Rachel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/19 13:41:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Rachel\Downloads\OTL.exe
PRC - [2011/09/29 00:53:40 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/05/03 09:43:14 | 004,321,112 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2011/04/28 14:01:20 | 000,439,616 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
PRC - [2011/04/28 13:58:54 | 000,140,608 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/06/24 23:17:00 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\stacsv.exe

========== Modules (No Company Name) ==========

MOD - [2012/01/16 22:02:24 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/29 00:53:40 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/05/03 09:38:52 | 000,176,128 | ---- | M] () -- C:\Program Files\AIM\nssckbi.dll
MOD - [2010/03/15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (HPSLPSVC)
SRV - File not found [On_Demand | Stopped] -- -- (hpqddsvc)
SRV - File not found [Disabled | Stopped] -- -- (hpqcxs08)
SRV - [2011/04/28 13:58:54 | 000,140,608 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/24 23:17:00 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)

========== Driver Services (SafeList) ==========

DRV - [2011/08/01 05:23:23 | 000,143,624 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSINAflt.sys -- (PSINAflt)
DRV - [2011/04/28 13:57:30 | 000,112,712 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSINProt.sys -- (PSINProt)
DRV - [2011/04/28 13:57:07 | 000,126,024 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\PSINKNC.sys -- (PSINKNC)
DRV - [2011/04/28 13:57:07 | 000,111,176 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PSINProc.sys -- (PSINProc)
DRV - [2011/04/28 13:57:07 | 000,099,400 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PSINFile.sys -- (PSINFile)
DRV - [2010/11/13 23:32:44 | 000,229,208 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm)
DRV - [2009/10/22 12:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\81240692.sys -- (81240692)
DRV - [2009/10/22 12:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\68564902.sys -- (68564902)
DRV - [2009/10/22 12:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\36533902.sys -- (36533902)
DRV - [2009/10/09 22:31:02 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\8124069.sys -- (setup_9.0.0.722_16.04.2011_16-52drv)
DRV - [2009/10/09 22:31:02 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\3653390.sys -- (setup_9.0.0.722_12.04.2011_14-49drv)
DRV - [2009/10/09 22:31:02 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\6856490.sys -- (setup_9.0.0.722_08.04.2011_14-41drv)
DRV - [2009/09/25 16:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\81240691.sys -- (81240691)
DRV - [2009/09/25 16:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\68564901.sys -- (68564901)
DRV - [2009/09/25 16:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\36533901.sys -- (36533901)
DRV - [2009/06/16 13:59:00 | 009,768,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/04/10 22:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2007/10/10 16:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/06/24 23:17:04 | 000,326,656 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/03/05 20:45:00 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/01/29 06:20:34 | 000,059,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2006/11/27 01:48:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/27 01:48:44 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/27 01:48:44 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/21 06:25:44 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/02 01:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 01:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/08/04 18:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=685749"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:3.1.4
FF - prefs.js..keyword.URL: "http://search.yahoo....type=685749&p="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/10 20:40:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/10 20:14:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/10 20:41:11 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.6.1\extensions\\Components: C:\Program Files\SeaMonkey\components [2012/01/16 22:04:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.6.1\extensions\\Plugins: C:\Program Files\SeaMonkey\plugins

[2009/02/03 07:33:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rachel\AppData\Roaming\mozilla\Extensions
[2011/12/01 14:48:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rachel\AppData\Roaming\mozilla\Firefox\Profiles\e2zp44ii.default\extensions
[2011/10/17 08:13:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rachel\AppData\Roaming\mozilla\SeaMonkey\Profiles\ax9fe304.default\extensions
[2011/10/08 09:06:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/10 20:40:42 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
() (No name found) -- C:\USERS\RACHEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\E2ZP44II.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/09/29 00:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/02 21:40:24 | 000,472,808 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/28 18:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.91\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.91\pdf.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\Google\Chrome\Application\12.0.742.91\ppGoogleNaClPluginChrome.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.91\gears.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Rachel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Rachel\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Minimal = C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnfhcmjkebafbfikmbkhdpbmfpfjgiog\1.0_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\

O1 HOSTS File: ([2012/01/19 09:57:26 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O4 - HKLM..\Run: [PSUNMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: fdch.com ([%20info] https in Trusted sites)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://fb.familylink...geUploader5.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1449DD32-2506-43C0-81CD-7FE99048DF13}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/19 10:05:04 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/01/19 10:00:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/19 10:00:45 | 000,000,000 | ---D | C] -- C:\Users\Rachel\AppData\Local\temp
[2012/01/19 09:46:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/19 09:46:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/19 09:46:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/19 09:45:56 | 000,000,000 | ---D | C] -- C:\twerp28some
[2012/01/19 09:45:56 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/19 09:45:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/18 20:55:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/14 10:56:05 | 000,000,000 | ---D | C] -- C:\Users\Rachel\Desktop\NCH
[2012/01/04 21:25:46 | 000,000,000 | ---D | C] -- C:\Users\Rachel\RealTemp
[2012/01/01 09:56:53 | 000,000,000 | ---D | C] -- C:\Users\Rachel\Desktop\Pix
[2012/01/01 09:56:34 | 000,000,000 | ---D | C] -- C:\Users\Rachel\Desktop\Weblinks for Stuff
[2011/12/28 22:43:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Webcam
[2011/12/24 17:01:45 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield

========== Files - Modified Within 30 Days ==========

[2012/01/19 13:34:42 | 000,002,609 | ---- | M] () -- C:\Users\Rachel\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
[2012/01/19 13:31:28 | 000,017,278 | ---- | M] () -- C:\Users\Rachel\Desktop\396870_10150503216076864_706296863_9059885_1801592820_n.jpg
[2012/01/19 13:31:28 | 000,013,374 | ---- | M] () -- C:\Users\Rachel\.recently-used.xbel
[2012/01/19 13:08:28 | 000,048,734 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/01/19 13:08:27 | 000,048,734 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/01/19 13:08:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/19 12:05:10 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/19 12:05:10 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/19 10:10:17 | 000,609,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/19 10:10:17 | 000,105,730 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/19 09:57:26 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/01/19 09:41:53 | 000,000,109 | ---- | M] () -- C:\Users\Rachel\Desktop\Computer running extremely slow [Solved] - Geeks to Go Forums.URL
[2012/01/18 01:10:43 | 000,374,120 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/01/19 13:31:28 | 000,013,374 | ---- | C] () -- C:\Users\Rachel\.recently-used.xbel
[2012/01/19 13:14:43 | 000,017,278 | ---- | C] () -- C:\Users\Rachel\Desktop\396870_10150503216076864_706296863_9059885_1801592820_n.jpg
[2012/01/19 09:46:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/19 09:46:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/19 09:46:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/19 09:46:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/19 09:46:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/19 09:41:53 | 000,000,109 | ---- | C] () -- C:\Users\Rachel\Desktop\Computer running extremely slow [Solved] - Geeks to Go Forums.URL
[2012/01/18 01:09:08 | 000,374,120 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/19 12:31:07 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2011/12/01 16:59:13 | 000,000,264 | ---- | C] () -- C:\Windows\System32\PSUNCpl.dat
[2011/11/20 20:12:12 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/11/20 20:12:12 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/11/07 21:19:36 | 000,206,995 | ---- | C] () -- C:\Windows\hpoins46.dat
[2011/10/22 19:58:07 | 000,023,580 | ---- | C] () -- C:\Users\Rachel\AppData\Roaming\UserTile.png
[2011/07/25 11:40:34 | 000,214,016 | ---- | C] () -- C:\Users\Rachel\AppData\Roaming\SharedSettings.ccs
[2011/07/11 08:22:07 | 000,048,734 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011/07/11 08:22:03 | 000,048,734 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011/04/23 09:09:56 | 000,000,094 | ---- | C] () -- C:\Windows\family.ini
[2011/04/23 07:55:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/04/21 13:59:46 | 000,192,140 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/01/25 20:57:42 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/01/17 09:46:41 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2010/03/31 18:34:36 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2009/11/17 18:41:45 | 000,000,508 | ---- | C] () -- C:\Windows\WinSig.Ini
[2009/11/17 18:41:45 | 000,000,144 | ---- | C] () -- C:\Windows\Reader.Ini
[2009/11/17 18:41:44 | 000,028,672 | ---- | C] () -- C:\Windows\System32\proxydll.dll
[2009/11/17 18:41:44 | 000,017,920 | ---- | C] () -- C:\Windows\System32\Implode.dll
[2009/11/17 18:40:42 | 000,002,628 | ---- | C] () -- C:\Windows\WinRos.Ini
[2009/09/18 16:05:58 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/18 16:05:58 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/18 16:05:03 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/03/17 16:24:23 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/01/24 12:31:35 | 000,041,478 | ---- | C] () -- C:\Users\Rachel\AppData\Roaming\nvModes.001
[2009/01/24 10:12:30 | 000,041,478 | ---- | C] () -- C:\Users\Rachel\AppData\Roaming\nvModes.dat
[2009/01/18 18:32:43 | 000,000,031 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2007/10/11 06:30:49 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/10/10 22:57:28 | 000,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2007/10/10 22:57:25 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2006/11/09 22:45:20 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 06:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:33:01 | 000,609,082 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,105,730 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/01/17 11:03:35 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\acccore
[2011/10/30 18:53:02 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\BlueSprig
[2011/08/23 17:33:10 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\FileZilla
[2012/01/07 11:29:24 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\gtk-2.0
[2010/02/05 20:46:57 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\iLike
[2011/08/19 09:03:07 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\IObit
[2009/03/26 10:38:05 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\MusicNet
[2011/02/28 12:54:38 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\NCH Swift Sound
[2011/12/01 17:00:22 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\Panda Security
[2011/10/22 19:58:06 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\PeerNetworking
[2011/01/18 10:40:59 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\Uniblue
[2012/01/19 10:04:19 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:BC359956

< End of report >

#2
RKinner

Posted 19 January 2012 - 04:27 PM

Malware Expert

Expert
24,623 posts

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', Make sure it checks for updates :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Ron

#3
stormcat

Posted 19 January 2012 - 06:33 PM

Member

Topic Starter
Member
14 posts

OK, since I've already run ComboFix once (using all the parameters you mentioned above), i'll post that log here now. You also say not to run it a second time, so I won't.

Also I ran TDSSKiller. That log is after the ComboFix log.

My OTL log is in my opening post.

Since I've done several things already, but not all of what you've recommended, i'll wait to hear back from you on next steps.

Thanks!

XOXOOSOXOXOOSOSOXSOSXOO COMBOFIX LOG FOLLOWS XOXOXOXOOXOOXOOXOSOSOXOOS

ComboFix 12-01-19.01 - Rachel 01/19/2012 9:48.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2045.1327 [GMT -6:00]
Running from: c:\users\Rachel\Desktop\twerp28some.com
AV: Panda Cloud Antivirus *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}
SP: Panda Cloud Antivirus *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\0F1
c:\programdata\0F1\{3FB48203-1658-43AB-A06D-B4B2CCEA1AD1}.swf
c:\windows\Downloaded Installations\BMP
c:\windows\Downloaded Installations\BMP\{44C774BE-1389-4E84-B5DE-54D9FB4A2253}\1033.MST
c:\windows\Downloaded Installations\BMP\{44C774BE-1389-4E84-B5DE-54D9FB4A2253}\BACS.msi
c:\windows\isRS-000.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-12-19 to 2012-01-19 )))))))))))))))))))))))))))))))
.
.
2012-01-19 02:55 . 2012-01-19 02:55 -------- d-----w- c:\programdata\Malwarebytes
2012-01-18 07:06 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-18 07:06 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-18 07:06 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-18 07:06 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-18 07:06 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-18 07:06 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-18 07:01 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7350BFDF-E14F-483A-8D73-560B582C8F01}\mpengine.dll
2012-01-11 06:08 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-11 06:08 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-11 06:08 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 06:07 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-11 06:07 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-11 06:07 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 06:07 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-01-05 03:25 . 2012-01-19 01:48 -------- d-----w- c:\users\Rachel\RealTemp
2011-12-24 23:01 . 2011-12-24 23:01 -------- d-----w- c:\programdata\InstallShield
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-17 04:02 . 2011-06-22 14:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-11 02:40 . 2007-10-11 04:55 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-12-11 02:40 . 2007-10-11 04:55 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-12-10 21:24 . 2011-09-11 02:46 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 13:37 . 2011-12-14 00:32 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 04:34 . 2011-11-21 04:34 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-11-15 20:29 . 2009-10-02 22:04 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-08 14:42 . 2011-12-14 00:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-03 22:47 . 2011-12-14 00:35 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40 . 2011-12-14 00:35 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39 . 2011-12-14 00:35 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31 . 2011-12-14 00:35 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-27 08:01 . 2011-12-14 00:32 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-27 08:01 . 2011-12-14 00:32 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 15:56 . 2011-12-14 00:32 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-09-29 06:53 . 2011-05-06 13:25 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-04-28 439616]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-10-26 20:39 1029416 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1472772605-2542600416-2604280586-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000002
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1472772605-2542600416-2604280586-500]
"EnableNotificationsRef"=dword:00000001
.
S0 36533902;36533902 Boot Guard Driver;c:\windows\system32\DRIVERS\36533902.sys [2009-10-22 37392]
S0 68564902;68564902 Boot Guard Driver;c:\windows\system32\DRIVERS\68564902.sys [2009-10-22 37392]
S0 81240692;81240692 Boot Guard Driver;c:\windows\system32\DRIVERS\81240692.sys [2009-10-22 37392]
S1 36533901;36533901;c:\windows\system32\DRIVERS\36533901.sys [2009-09-25 128016]
S1 68564901;68564901;c:\windows\system32\DRIVERS\68564901.sys [2009-09-25 128016]
S1 81240691;81240691;c:\windows\system32\DRIVERS\81240691.sys [2009-09-25 128016]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: fdch.com\%20info
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Rachel\AppData\Roaming\Mozilla\Firefox\Profiles\e2zp44ii.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=685749&p=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - (no file)
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-IMFservice
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-19 09:57
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5a,05,f2,65,fe,64,80,4d,97,2c,49,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5a,05,f2,65,fe,64,80,4d,97,2c,49,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-01-19 10:00:43
ComboFix-quarantined-files.txt 2012-01-19 16:00
.
Pre-Run: 64,068,894,720 bytes free
Post-Run: 64,019,677,184 bytes free
.
- - End Of File - - 0F4E86CD26684FBF17B1427C07CFBB6F

XXOXOXOXOXOXOXOXOXOOX TDSSKILLER LOG FOLLOWS XOOXOXOOSOXOXOXOOSOOSOXXOX

20:50:58.0526 2520 TDSS rootkit removing tool 2.7.5.0 Jan 18 2012 09:26:24
20:50:58.0947 2520 ============================================================
20:50:58.0947 2520 Current date / time: 2012/01/18 20:50:58.0947
20:50:58.0947 2520 SystemInfo:
20:50:58.0947 2520
20:50:58.0947 2520 OS Version: 6.0.6002 ServicePack: 2.0
20:50:58.0947 2520 Product type: Workstation
20:50:58.0947 2520 ComputerName: STORMY-PC
20:50:58.0947 2520 UserName: Rachel
20:50:58.0947 2520 Windows directory: C:\Windows
20:50:58.0947 2520 System windows directory: C:\Windows
20:50:58.0947 2520 Processor architecture: Intel x86
20:50:58.0947 2520 Number of processors: 2
20:50:58.0947 2520 Page size: 0x1000
20:50:58.0947 2520 Boot type: Normal boot
20:50:58.0947 2520 ============================================================
20:51:00.0008 2520 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:51:00.0117 2520 Initialize success
20:52:04.0202 3828 ============================================================
20:52:04.0202 3828 Scan started
20:52:04.0202 3828 Mode: Manual;
20:52:04.0202 3828 ============================================================
20:52:05.0590 3828 36533901 (7dd41b7ac1fbb1dbf20bb1f4e4fbe58c) C:\Windows\system32\DRIVERS\36533901.sys
20:52:05.0590 3828 36533901 - ok
20:52:05.0622 3828 36533902 (a305fad3719c5db0c13d1c2bfd08a04d) C:\Windows\system32\DRIVERS\36533902.sys
20:52:05.0622 3828 36533902 - ok
20:52:05.0674 3828 68564901 (7dd41b7ac1fbb1dbf20bb1f4e4fbe58c) C:\Windows\system32\DRIVERS\68564901.sys
20:52:05.0678 3828 68564901 - ok
20:52:05.0758 3828 68564902 (a305fad3719c5db0c13d1c2bfd08a04d) C:\Windows\system32\DRIVERS\68564902.sys
20:52:05.0760 3828 68564902 - ok
20:52:05.0802 3828 81240691 (7dd41b7ac1fbb1dbf20bb1f4e4fbe58c) C:\Windows\system32\DRIVERS\81240691.sys
20:52:05.0805 3828 81240691 - ok
20:52:05.0821 3828 81240692 (a305fad3719c5db0c13d1c2bfd08a04d) C:\Windows\system32\DRIVERS\81240692.sys
20:52:05.0823 3828 81240692 - ok
20:52:05.0870 3828 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
20:52:05.0877 3828 ACPI - ok
20:52:05.0963 3828 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
20:52:05.0963 3828 adp94xx - ok
20:52:06.0072 3828 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
20:52:06.0072 3828 adpahci - ok
20:52:06.0104 3828 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
20:52:06.0104 3828 adpu160m - ok
20:52:06.0166 3828 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
20:52:06.0166 3828 adpu320 - ok
20:52:06.0306 3828 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
20:52:06.0322 3828 AFD - ok
20:52:06.0369 3828 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
20:52:06.0384 3828 agp440 - ok
20:52:06.0416 3828 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
20:52:06.0416 3828 aic78xx - ok
20:52:06.0525 3828 aliide (dc67a153fdb8105b25d05334b5e1d8e2) C:\Windows\system32\drivers\aliide.sys
20:52:06.0540 3828 aliide - ok
20:52:06.0587 3828 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
20:52:06.0587 3828 amdagp - ok
20:52:06.0618 3828 amdide (835c4c3355088298a5ebd818fa31430f) C:\Windows\system32\drivers\amdide.sys
20:52:06.0618 3828 amdide - ok
20:52:06.0665 3828 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
20:52:06.0665 3828 AmdK7 - ok
20:52:06.0774 3828 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
20:52:06.0774 3828 AmdK8 - ok
20:52:06.0852 3828 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
20:52:06.0852 3828 arc - ok
20:52:06.0915 3828 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
20:52:06.0915 3828 arcsas - ok
20:52:07.0071 3828 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
20:52:07.0071 3828 AsyncMac - ok
20:52:07.0102 3828 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
20:52:07.0102 3828 atapi - ok
20:52:07.0336 3828 BCM43XX (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
20:52:07.0352 3828 BCM43XX - ok
20:52:07.0508 3828 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
20:52:07.0539 3828 bcm4sbxp - ok
20:52:07.0601 3828 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
20:52:07.0601 3828 Beep - ok
20:52:07.0773 3828 blbdrive - ok
20:52:07.0851 3828 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
20:52:07.0851 3828 bowser - ok
20:52:08.0054 3828 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
20:52:08.0054 3828 BrFiltLo - ok
20:52:08.0085 3828 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
20:52:08.0100 3828 BrFiltUp - ok
20:52:08.0132 3828 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
20:52:08.0147 3828 Brserid - ok
20:52:08.0225 3828 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
20:52:08.0225 3828 BrSerWdm - ok
20:52:08.0256 3828 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
20:52:08.0256 3828 BrUsbMdm - ok
20:52:08.0319 3828 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
20:52:08.0334 3828 BrUsbSer - ok
20:52:08.0412 3828 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
20:52:08.0428 3828 BthEnum - ok
20:52:08.0475 3828 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
20:52:08.0475 3828 BTHMODEM - ok
20:52:08.0506 3828 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
20:52:08.0506 3828 BthPan - ok
20:52:08.0631 3828 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
20:52:08.0646 3828 BTHPORT - ok
20:52:08.0709 3828 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
20:52:08.0709 3828 BTHUSB - ok
20:52:08.0771 3828 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
20:52:08.0771 3828 cdfs - ok
20:52:08.0865 3828 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
20:52:08.0865 3828 cdrom - ok
20:52:08.0912 3828 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
20:52:08.0912 3828 circlass - ok
20:52:08.0958 3828 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
20:52:08.0974 3828 CLFS - ok
20:52:09.0036 3828 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
20:52:09.0036 3828 CmBatt - ok
20:52:09.0130 3828 cmdide (e79cbb2195e965f6e3256e2c1b23fd1c) C:\Windows\system32\drivers\cmdide.sys
20:52:09.0130 3828 cmdide - ok
20:52:09.0177 3828 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
20:52:09.0177 3828 Compbatt - ok
20:52:09.0208 3828 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
20:52:09.0208 3828 crcdisk - ok
20:52:09.0286 3828 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
20:52:09.0302 3828 CSC - ok
20:52:09.0395 3828 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
20:52:09.0411 3828 DfsC - ok
20:52:09.0489 3828 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
20:52:09.0489 3828 disk - ok
20:52:09.0614 3828 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
20:52:09.0614 3828 Dot4 - ok
20:52:09.0676 3828 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
20:52:09.0676 3828 Dot4Print - ok
20:52:09.0723 3828 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
20:52:09.0723 3828 dot4usb - ok
20:52:09.0770 3828 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
20:52:09.0770 3828 drmkaud - ok
20:52:09.0894 3828 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
20:52:09.0910 3828 DXGKrnl - ok
20:52:09.0941 3828 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
20:52:09.0941 3828 e1express - ok
20:52:10.0004 3828 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
20:52:10.0004 3828 E1G60 - ok
20:52:10.0113 3828 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
20:52:10.0113 3828 Ecache - ok
20:52:10.0191 3828 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
20:52:10.0191 3828 elxstor - ok
20:52:10.0284 3828 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
20:52:10.0284 3828 exfat - ok
20:52:10.0378 3828 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
20:52:10.0394 3828 fastfat - ok
20:52:10.0440 3828 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
20:52:10.0440 3828 fdc - ok
20:52:10.0503 3828 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
20:52:10.0503 3828 FileInfo - ok
20:52:10.0565 3828 FileMonitor - ok
20:52:10.0674 3828 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
20:52:10.0674 3828 Filetrace - ok
20:52:10.0737 3828 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
20:52:10.0737 3828 flpydisk - ok
20:52:10.0784 3828 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
20:52:10.0784 3828 FltMgr - ok
20:52:10.0908 3828 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
20:52:10.0908 3828 Fs_Rec - ok
20:52:10.0971 3828 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
20:52:10.0971 3828 gagp30kx - ok
20:52:11.0033 3828 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:52:11.0033 3828 GEARAspiWDM - ok
20:52:11.0096 3828 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:52:11.0096 3828 HDAudBus - ok
20:52:11.0220 3828 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
20:52:11.0220 3828 HidBth - ok
20:52:11.0252 3828 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
20:52:11.0252 3828 HidIr - ok
20:52:11.0314 3828 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
20:52:11.0314 3828 HidUsb - ok
20:52:11.0345 3828 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
20:52:11.0345 3828 HpCISSs - ok
20:52:11.0548 3828 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys
20:52:11.0564 3828 HSF_DPV - ok
20:52:11.0595 3828 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
20:52:11.0595 3828 HSXHWAZL - ok
20:52:11.0720 3828 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
20:52:11.0735 3828 HTTP - ok
20:52:11.0766 3828 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
20:52:11.0766 3828 i2omp - ok
20:52:11.0813 3828 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
20:52:11.0813 3828 i8042prt - ok
20:52:11.0938 3828 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\drivers\iastor.sys
20:52:11.0938 3828 iaStor - ok
20:52:11.0985 3828 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
20:52:11.0985 3828 iaStorV - ok
20:52:12.0032 3828 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
20:52:12.0032 3828 iirsp - ok
20:52:12.0156 3828 intelide (0084046c084d68e494f8cf36bcf08186) C:\Windows\system32\DRIVERS\intelide.sys
20:52:12.0156 3828 intelide - ok
20:52:12.0203 3828 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
20:52:12.0203 3828 intelppm - ok
20:52:12.0266 3828 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:52:12.0266 3828 IpFilterDriver - ok
20:52:12.0406 3828 IpInIp - ok
20:52:12.0437 3828 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
20:52:12.0484 3828 IPMIDRV - ok
20:52:12.0515 3828 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
20:52:12.0531 3828 IPNAT - ok
20:52:12.0796 3828 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
20:52:12.0796 3828 IRENUM - ok
20:52:12.0921 3828 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
20:52:12.0921 3828 isapnp - ok
20:52:12.0983 3828 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
20:52:12.0983 3828 iScsiPrt - ok
20:52:13.0030 3828 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
20:52:13.0046 3828 iteatapi - ok
20:52:13.0358 3828 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
20:52:13.0373 3828 iteraid - ok
20:52:13.0701 3828 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:52:13.0716 3828 kbdclass - ok
20:52:13.0904 3828 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
20:52:13.0919 3828 kbdhid - ok
20:52:13.0982 3828 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
20:52:14.0013 3828 KSecDD - ok
20:52:14.0060 3828 Lavasoft Kernexplorer - ok
20:52:14.0231 3828 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
20:52:14.0262 3828 lltdio - ok
20:52:14.0294 3828 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
20:52:14.0309 3828 LSI_FC - ok
20:52:14.0450 3828 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
20:52:14.0450 3828 LSI_SAS - ok
20:52:14.0496 3828 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
20:52:14.0496 3828 LSI_SCSI - ok
20:52:14.0543 3828 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
20:52:14.0559 3828 luafv - ok
20:52:14.0855 3828 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
20:52:14.0855 3828 mdmxsdk - ok
20:52:15.0136 3828 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
20:52:15.0152 3828 megasas - ok
20:52:15.0308 3828 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
20:52:15.0308 3828 Modem - ok
20:52:15.0401 3828 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
20:52:15.0401 3828 monitor - ok
20:52:15.0635 3828 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
20:52:15.0651 3828 mouclass - ok
20:52:15.0729 3828 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
20:52:15.0729 3828 mouhid - ok
20:52:15.0869 3828 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
20:52:15.0885 3828 MountMgr - ok
20:52:15.0963 3828 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
20:52:15.0994 3828 mpio - ok
20:52:16.0088 3828 MpKsl2b3e3ece - ok
20:52:16.0119 3828 MpKsl70f21305 - ok
20:52:16.0134 3828 MpKsl8008c0b3 - ok
20:52:16.0150 3828 MpKsl8071bedb - ok
20:52:16.0166 3828 MpKsldab4039d - ok
20:52:16.0197 3828 MpKslfb6fcef5 - ok
20:52:16.0431 3828 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
20:52:16.0446 3828 mpsdrv - ok
20:52:16.0665 3828 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
20:52:16.0680 3828 Mraid35x - ok
20:52:16.0727 3828 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
20:52:16.0743 3828 MRxDAV - ok
20:52:16.0930 3828 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:52:16.0930 3828 mrxsmb - ok
20:52:17.0008 3828 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:52:17.0024 3828 mrxsmb10 - ok
20:52:17.0133 3828 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:52:17.0133 3828 mrxsmb20 - ok
20:52:17.0180 3828 msahci (d420bc42a637ac3cc4f411220549c0dc) C:\Windows\system32\drivers\msahci.sys
20:52:17.0195 3828 msahci - ok
20:52:17.0242 3828 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
20:52:17.0258 3828 msdsm - ok
20:52:17.0429 3828 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
20:52:17.0445 3828 Msfs - ok
20:52:17.0492 3828 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
20:52:17.0507 3828 msisadrv - ok
20:52:17.0710 3828 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
20:52:17.0726 3828 MSKSSRV - ok
20:52:17.0788 3828 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
20:52:17.0804 3828 MSPCLOCK - ok
20:52:17.0944 3828 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
20:52:17.0944 3828 MSPQM - ok
20:52:18.0006 3828 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
20:52:18.0022 3828 MsRPC - ok
20:52:18.0069 3828 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
20:52:18.0069 3828 mssmbios - ok
20:52:18.0194 3828 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
20:52:18.0225 3828 MSTEE - ok
20:52:18.0256 3828 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
20:52:18.0272 3828 Mup - ok
20:52:18.0350 3828 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
20:52:18.0350 3828 NativeWifiP - ok
20:52:18.0552 3828 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
20:52:18.0568 3828 NDIS - ok
20:52:18.0786 3828 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
20:52:18.0802 3828 NdisTapi - ok
20:52:18.0911 3828 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
20:52:18.0927 3828 Ndisuio - ok
20:52:18.0989 3828 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:52:18.0989 3828 NdisWan - ok
20:52:19.0036 3828 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
20:52:19.0052 3828 NDProxy - ok
20:52:19.0208 3828 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
20:52:19.0208 3828 NetBIOS - ok
20:52:19.0254 3828 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
20:52:19.0254 3828 netbt - ok
20:52:19.0332 3828 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
20:52:19.0332 3828 nfrd960 - ok
20:52:19.0566 3828 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
20:52:19.0582 3828 Npfs - ok
20:52:19.0722 3828 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
20:52:19.0754 3828 nsiproxy - ok
20:52:19.0925 3828 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
20:52:19.0941 3828 Ntfs - ok
20:52:20.0081 3828 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
20:52:20.0081 3828 ntrigdigi - ok
20:52:20.0128 3828 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
20:52:20.0128 3828 Null - ok
20:52:20.0814 3828 nvlddmkm (8fe5350fa6a9f0b6633aee811c468954) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:52:21.0158 3828 nvlddmkm - ok
20:52:21.0267 3828 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
20:52:21.0282 3828 nvraid - ok
20:52:21.0314 3828 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
20:52:21.0314 3828 nvstor - ok
20:52:21.0376 3828 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
20:52:21.0376 3828 nv_agp - ok
20:52:21.0392 3828 NwlnkFlt - ok
20:52:21.0407 3828 NwlnkFwd - ok
20:52:21.0470 3828 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
20:52:21.0470 3828 OEM02Dev - ok
20:52:21.0579 3828 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
20:52:21.0579 3828 OEM02Vfx - ok
20:52:21.0626 3828 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
20:52:21.0626 3828 ohci1394 - ok
20:52:21.0688 3828 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
20:52:21.0688 3828 Parport - ok
20:52:21.0797 3828 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
20:52:21.0797 3828 partmgr - ok
20:52:21.0828 3828 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
20:52:21.0828 3828 Parvdm - ok
20:52:21.0860 3828 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
20:52:21.0875 3828 pci - ok
20:52:21.0906 3828 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
20:52:21.0922 3828 pciide - ok
20:52:21.0969 3828 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
20:52:21.0969 3828 pcmcia - ok
20:52:22.0109 3828 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
20:52:22.0125 3828 PEAUTH - ok
20:52:22.0312 3828 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
20:52:22.0312 3828 PptpMiniport - ok
20:52:22.0343 3828 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
20:52:22.0359 3828 Processor - ok
20:52:22.0421 3828 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
20:52:22.0421 3828 PSched - ok
20:52:22.0546 3828 PSINAflt (18b347125d597751b69ce8c6c03a4ba2) C:\Windows\system32\DRIVERS\PSINAflt.sys
20:52:22.0546 3828 PSINAflt - ok
20:52:22.0593 3828 PSINFile (072a5c1983b85504239c307d41d741be) C:\Windows\system32\DRIVERS\PSINFile.sys
20:52:22.0593 3828 PSINFile - ok
20:52:22.0640 3828 PSINKNC (f778579e0b47f0027cce47da1a64ef88) C:\Windows\system32\DRIVERS\psinknc.sys
20:52:22.0655 3828 PSINKNC - ok
20:52:22.0686 3828 PSINProc (0fb3436762e672800eb1c0578ac379c8) C:\Windows\system32\DRIVERS\PSINProc.sys
20:52:22.0686 3828 PSINProc - ok
20:52:22.0749 3828 PSINProt (7534273ca15900cdd1c3b392dd6b595b) C:\Windows\system32\DRIVERS\PSINProt.sys
20:52:22.0749 3828 PSINProt - ok
20:52:22.0842 3828 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
20:52:22.0858 3828 ql2300 - ok
20:52:22.0905 3828 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
20:52:22.0920 3828 ql40xx - ok
20:52:23.0030 3828 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
20:52:23.0030 3828 QWAVEdrv - ok
20:52:23.0139 3828 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
20:52:23.0170 3828 R300 - ok
20:52:23.0279 3828 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
20:52:23.0295 3828 RasAcd - ok
20:52:23.0326 3828 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:52:23.0342 3828 Rasl2tp - ok
20:52:23.0388 3828 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
20:52:23.0388 3828 RasPppoe - ok
20:52:23.0404 3828 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
20:52:23.0404 3828 RasSstp - ok
20:52:23.0544 3828 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
20:52:23.0544 3828 rdbss - ok
20:52:23.0591 3828 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:52:23.0591 3828 RDPCDD - ok
20:52:23.0638 3828 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
20:52:23.0638 3828 rdpdr - ok
20:52:23.0747 3828 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
20:52:23.0747 3828 RDPENCDD - ok
20:52:23.0794 3828 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
20:52:23.0794 3828 RDPWD - ok
20:52:23.0888 3828 RegFilter - ok
20:52:24.0012 3828 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
20:52:24.0012 3828 RFCOMM - ok
20:52:24.0059 3828 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
20:52:24.0059 3828 rimmptsk - ok
20:52:24.0090 3828 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
20:52:24.0106 3828 rimsptsk - ok
20:52:24.0122 3828 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
20:52:24.0122 3828 rismxdp - ok
20:52:24.0153 3828 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
20:52:24.0168 3828 rspndr - ok
20:52:24.0200 3828 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
20:52:24.0200 3828 sbp2port - ok
20:52:24.0324 3828 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
20:52:24.0340 3828 sdbus - ok
20:52:24.0387 3828 SDHookDriver - ok
20:52:24.0418 3828 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:52:24.0418 3828 secdrv - ok
20:52:24.0543 3828 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
20:52:24.0543 3828 Serenum - ok
20:52:24.0574 3828 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
20:52:24.0574 3828 Serial - ok
20:52:24.0621 3828 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
20:52:24.0636 3828 sermouse - ok
20:52:24.0699 3828 setup_9.0.0.722_08.04.2011_14-41drv (64d93ec1218765498c40619427a85a91) C:\Windows\system32\DRIVERS\6856490.sys
20:52:24.0699 3828 setup_9.0.0.722_08.04.2011_14-41drv - ok
20:52:24.0870 3828 setup_9.0.0.722_12.04.2011_14-49drv (64d93ec1218765498c40619427a85a91) C:\Windows\system32\DRIVERS\3653390.sys
20:52:24.0870 3828 setup_9.0.0.722_12.04.2011_14-49drv - ok
20:52:24.0980 3828 setup_9.0.0.722_16.04.2011_16-52drv (64d93ec1218765498c40619427a85a91) C:\Windows\system32\DRIVERS\8124069.sys
20:52:24.0995 3828 setup_9.0.0.722_16.04.2011_16-52drv - ok
20:52:25.0260 3828 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
20:52:25.0276 3828 sffdisk - ok
20:52:25.0635 3828 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
20:52:25.0635 3828 sffp_mmc - ok
20:52:25.0931 3828 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:52:25.0947 3828 sffp_sd - ok
20:52:26.0056 3828 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
20:52:26.0056 3828 sfloppy - ok
20:52:26.0134 3828 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
20:52:26.0134 3828 sisagp - ok
20:52:26.0165 3828 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
20:52:26.0165 3828 SiSRaid2 - ok
20:52:26.0196 3828 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
20:52:26.0196 3828 SiSRaid4 - ok
20:52:26.0259 3828 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
20:52:26.0274 3828 Smb - ok
20:52:26.0555 3828 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
20:52:26.0571 3828 spldr - ok
20:52:26.0883 3828 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
20:52:26.0898 3828 srv - ok
20:52:27.0039 3828 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
20:52:27.0039 3828 srv2 - ok
20:52:27.0070 3828 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
20:52:27.0086 3828 srvnet - ok
20:52:27.0164 3828 STHDA (167909a1c36aa3e8f2582962f0ccc748) C:\Windows\system32\drivers\stwrt.sys
20:52:27.0164 3828 STHDA - ok
20:52:27.0476 3828 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
20:52:27.0476 3828 swenum - ok
20:52:27.0741 3828 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
20:52:27.0772 3828 Symc8xx - ok
20:52:27.0866 3828 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
20:52:27.0866 3828 Sym_hi - ok
20:52:27.0897 3828 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
20:52:27.0897 3828 Sym_u3 - ok
20:52:27.0975 3828 SynTP (451e8037e2eb6da6bdf0a66f65d1810b) C:\Windows\system32\DRIVERS\SynTP.sys
20:52:27.0975 3828 SynTP - ok
20:52:28.0068 3828 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
20:52:28.0084 3828 Tcpip - ok
20:52:28.0583 3828 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
20:52:28.0583 3828 Tcpip6 - ok
20:52:28.0911 3828 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
20:52:28.0926 3828 tcpipreg - ok
20:52:29.0036 3828 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
20:52:29.0051 3828 TDPIPE - ok
20:52:29.0145 3828 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
20:52:29.0145 3828 TDTCP - ok
20:52:29.0223 3828 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
20:52:29.0223 3828 tdx - ok
20:52:29.0285 3828 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
20:52:29.0301 3828 TermDD - ok
20:52:29.0472 3828 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:52:29.0488 3828 tssecsrv - ok
20:52:29.0660 3828 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
20:52:29.0675 3828 tunmp - ok
20:52:29.0769 3828 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
20:52:29.0769 3828 tunnel - ok
20:52:29.0831 3828 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
20:52:29.0847 3828 uagp35 - ok
20:52:29.0878 3828 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
20:52:29.0894 3828 udfs - ok
20:52:29.0987 3828 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
20:52:30.0003 3828 uliagpkx - ok
20:52:30.0096 3828 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
20:52:30.0096 3828 uliahci - ok
20:52:30.0159 3828 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
20:52:30.0159 3828 UlSata - ok
20:52:30.0252 3828 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
20:52:30.0284 3828 ulsata2 - ok
20:52:30.0362 3828 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
20:52:30.0362 3828 umbus - ok
20:52:30.0455 3828 UrlFilter - ok
20:52:30.0580 3828 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
20:52:30.0580 3828 USBAAPL - ok
20:52:30.0689 3828 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
20:52:30.0705 3828 usbaudio - ok
20:52:30.0798 3828 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
20:52:30.0814 3828 usbccgp - ok
20:52:30.0892 3828 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
20:52:30.0892 3828 usbcir - ok
20:52:30.0954 3828 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
20:52:30.0954 3828 usbehci - ok
20:52:31.0064 3828 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
20:52:31.0079 3828 usbhub - ok
20:52:31.0142 3828 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
20:52:31.0142 3828 usbohci - ok
20:52:31.0188 3828 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
20:52:31.0188 3828 usbprint - ok
20:52:31.0282 3828 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
20:52:31.0282 3828 usbscan - ok
20:52:31.0329 3828 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:52:31.0329 3828 USBSTOR - ok
20:52:31.0407 3828 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
20:52:31.0407 3828 usbuhci - ok
20:52:31.0547 3828 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
20:52:31.0547 3828 vga - ok
20:52:31.0641 3828 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
20:52:31.0656 3828 VgaSave - ok
20:52:31.0766 3828 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
20:52:31.0766 3828 viaagp - ok
20:52:31.0859 3828 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
20:52:31.0859 3828 ViaC7 - ok
20:52:32.0062 3828 viaide (f3b4762eb85a2aff4999401f14c3262b) C:\Windows\system32\drivers\viaide.sys
20:52:32.0078 3828 viaide - ok
20:52:32.0218 3828 vmm (e41fef9e3056fe88c71e411f705be41e) C:\Windows\system32\Drivers\vmm.sys
20:52:32.0249 3828 vmm - ok
20:52:32.0280 3828 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
20:52:32.0280 3828 volmgr - ok
20:52:32.0561 3828 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
20:52:32.0577 3828 volmgrx - ok
20:52:32.0858 3828 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
20:52:32.0858 3828 volsnap - ok
20:52:33.0185 3828 VPCNetS2 (f96a678debdccb0b4bb7f38cb2580589) C:\Windows\system32\DRIVERS\VMNetSrv.sys
20:52:33.0185 3828 VPCNetS2 - ok
20:52:33.0419 3828 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
20:52:33.0435 3828 vsmraid - ok
20:52:33.0482 3828 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
20:52:33.0482 3828 WacomPen - ok
20:52:33.0731 3828 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:52:33.0731 3828 Wanarp - ok
20:52:33.0747 3828 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:52:33.0762 3828 Wanarpv6 - ok
20:52:33.0856 3828 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
20:52:33.0872 3828 Wd - ok
20:52:33.0950 3828 WDC_SAM - ok
20:52:34.0043 3828 Wdf01000 (bfc4993b195eb4618acf33f7150f091e) C:\Windows\system32\drivers\Wdf01000.sys
20:52:34.0074 3828 Wdf01000 - ok
20:52:34.0355 3828 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
20:52:34.0371 3828 winachsf - ok
20:52:34.0558 3828 WinUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys
20:52:34.0574 3828 WinUSB - ok
20:52:34.0620 3828 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:52:34.0620 3828 WmiAcpi - ok
20:52:34.0667 3828 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
20:52:34.0683 3828 WpdUsb - ok
20:52:34.0823 3828 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
20:52:34.0823 3828 ws2ifsl - ok
20:52:34.0886 3828 WudfPf (492e9b6232af783173c8f0f612982f3b) C:\Windows\system32\drivers\WudfPf.sys
20:52:34.0886 3828 WudfPf - ok
20:52:34.0932 3828 WUDFRd (fbcc03fe3d9d8976931426f7ae2baae6) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:52:34.0932 3828 WUDFRd - ok
20:52:35.0057 3828 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
20:52:35.0057 3828 XAudio - ok
20:52:35.0120 3828 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
20:52:35.0166 3828 \Device\Harddisk0\DR0 - ok
20:52:35.0182 3828 Boot (0x1200) (d889849018b3a36b60a131df79f395cd) \Device\Harddisk0\DR0\Partition0
20:52:35.0182 3828 \Device\Harddisk0\DR0\Partition0 - ok
20:52:35.0182 3828 Boot (0x1200) (ae6b59cf43a6cedc56d7b528f8c02ede) \Device\Harddisk0\DR0\Partition1
20:52:35.0198 3828 \Device\Harddisk0\DR0\Partition1 - ok
20:52:35.0198 3828 ============================================================
20:52:35.0198 3828 Scan finished
20:52:35.0198 3828 ============================================================
20:52:35.0198 3212 Detected object count: 0
20:52:35.0198 3212 Actual detected object count: 0
20:53:58.0767 1556 Deinitialize success

#4
RKinner

Posted 19 January 2012 - 06:50 PM

Malware Expert

Expert
24,623 posts

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

DirLook::
C:\Program Files\Common
%user%\library

File::
c:\windows\system32\DRIVERS\36533902.sys
c:\windows\system32\DRIVERS\68564902.sys
c:\windows\system32\DRIVERS\81240692.sys
c:\windows\system32\DRIVERS\36533901.sys
c:\windows\system32\DRIVERS\68564901.sys
c:\windows\system32\DRIVERS\81240691.sys

Driver::
36533902
68564902
81240692
36533901
68564901
81240691

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

I need the aswMBR log.

Your original OTL did not include the Extras log.

#5
stormcat

Posted 19 January 2012 - 08:17 PM

Member

Topic Starter
Member
14 posts

Below are the new ComboFix log as well as the OTL Extras log.
Once ComboFix finished running my computer restarted. Since Panda Cloud AV is a startup, it booted first. Then my new ComboFix log opened in Notepad.

When I tried to run TDSSKiller I got this message: Illegal operation attempted on a registry key that has been marked for deletion.

I tried changing the name of the app and got this message: The directory name is invalid.
I got the same message for aswMBR. I also got the message for Firefox and Seamonkey when I tried to boot them.

Then I had a popup from Panda Cloud saying "Virus neutralized." I rebooted my computer and was able to boot Firefox just fine.

Here are the logs:

XOXOXOXO COMBOFIX LOG 01-19-2012 XOXOXOXO

ComboFix 12-01-19.02 - Rachel 01/19/2012 19:45:33.2.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2045.1253 [GMT -6:00]
Running from: c:\users\Rachel\Desktop\CFix.exe
Command switches used :: c:\users\Rachel\Desktop\CFScript.txt
AV: Panda Cloud Antivirus *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}
SP: Panda Cloud Antivirus *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\DRIVERS\36533901.sys"
"c:\windows\system32\DRIVERS\36533902.sys"
"c:\windows\system32\DRIVERS\68564901.sys"
"c:\windows\system32\DRIVERS\68564902.sys"
"c:\windows\system32\DRIVERS\81240691.sys"
"c:\windows\system32\DRIVERS\81240692.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_36533901
-------\Legacy_36533902
-------\Legacy_68564901
-------\Legacy_68564902
-------\Legacy_81240691
-------\Legacy_81240692
-------\Service_36533901
-------\Service_36533902
-------\Service_68564901
-------\Service_68564902
-------\Service_81240691
-------\Service_81240692
.
.
((((((((((((((((((((((((( Files Created from 2011-12-20 to 2012-01-20 )))))))))))))))))))))))))))))))
.
.
2012-01-20 01:53 . 2012-01-20 01:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-19 15:45 . 2012-01-19 16:00 -------- d-----w- C:\twerp28some
2012-01-19 02:55 . 2012-01-19 02:55 -------- d-----w- c:\programdata\Malwarebytes
2012-01-18 07:06 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-18 07:06 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-18 07:06 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-18 07:06 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-18 07:06 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-18 07:06 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-18 07:01 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7350BFDF-E14F-483A-8D73-560B582C8F01}\mpengine.dll
2012-01-11 06:08 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-11 06:08 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-11 06:08 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 06:07 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-11 06:07 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-11 06:07 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 06:07 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-01-05 03:25 . 2012-01-20 00:22 -------- d-----w- c:\users\Rachel\RealTemp
2011-12-24 23:01 . 2011-12-24 23:01 -------- d-----w- c:\programdata\InstallShield
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-17 04:02 . 2011-06-22 14:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-11 02:40 . 2007-10-11 04:55 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-12-11 02:40 . 2007-10-11 04:55 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-12-10 21:24 . 2011-09-11 02:46 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 13:37 . 2011-12-14 00:32 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 04:34 . 2011-11-21 04:34 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-11-15 20:29 . 2009-10-02 22:04 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-08 14:42 . 2011-12-14 00:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-03 22:47 . 2011-12-14 00:35 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40 . 2011-12-14 00:35 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39 . 2011-12-14 00:35 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31 . 2011-12-14 00:35 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-27 08:01 . 2011-12-14 00:32 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-27 08:01 . 2011-12-14 00:32 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 15:56 . 2011-12-14 00:32 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-09-29 06:53 . 2011-05-06 13:25 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-04-28 439616]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-10-26 20:39 1029416 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1472772605-2542600416-2604280586-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000002
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1472772605-2542600416-2604280586-500]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: fdch.com\%20info
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Rachel\AppData\Roaming\Mozilla\Firefox\Profiles\e2zp44ii.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=685749&p=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Malwarebytes' Anti-Malware_is1 - c:\program files\Malwarebytes' Anti-Malware\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-19 19:57
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5a,05,f2,65,fe,64,80,4d,97,2c,49,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5a,05,f2,65,fe,64,80,4d,97,2c,49,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3960)
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\STacSV.exe
c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-01-19 20:01:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-20 02:01
ComboFix2.txt 2012-01-19 16:00
.
Pre-Run: 63,492,112,384 bytes free
Post-Run: 63,059,439,616 bytes free
.
- - End Of File - - D5B30B62A618B92074AC6045530987E5

XOXOXOXOX OTL EXTRAS LOG XOXOXOXOXOXO

OTL Extras logfile created on: 1/19/2012 1:42:05 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Rachel\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 49.19% Memory free
4.23 Gb Paging File | 3.25 Gb Available in Paging File | 76.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.47 Gb Total Space | 59.16 Gb Free Space | 43.35% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.04 Gb Free Space | 50.37% Space Free | Partition Type: NTFS

Computer Name: STORMY-PC | User Name: Rachel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1472772605-2542600416-2604280586-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1472772605-2542600416-2604280586-500]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AFB6177-C487-4726-A58F-C2A225A7D4DD}" = rport=137 | protocol=17 | dir=out | app=system |
"{0CD76F65-E96D-4AF3-B27D-394F1DDA5C7E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{1DC90165-15E8-4A17-9015-8EC79EFB83B6}" = lport=138 | protocol=17 | dir=in | app=system |
"{26FC8347-F8AE-4EF6-BF5B-2F9AC6226E04}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
"{4515CF56-809E-4B9A-92AF-CB4829EBFFB8}" = lport=445 | protocol=6 | dir=in | app=system |
"{71AF288A-2A23-4FED-8908-070701775A66}" = rport=138 | protocol=17 | dir=out | app=system |
"{8B0824AD-497B-4E3A-A417-8007F793E86A}" = lport=137 | protocol=17 | dir=in | app=system |
"{D7DEEAE8-C325-45FA-9A03-DD8AB045B90A}" = rport=445 | protocol=6 | dir=out | app=system |
"{DB3F6899-6BC8-4E85-9E3E-C943E28DA447}" = lport=139 | protocol=6 | dir=in | app=system |
"{E6364D96-D5DC-46B8-B035-2A52FEA36929}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |
"{F79F330F-D752-49E8-9DA9-5F75157416C6}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{053E813C-CFE1-45FD-B0C5-D4EC5709EFAB}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{27F5826C-EDCC-4BCD-9025-CC80A4433EB6}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
"{3146189A-12D1-4F80-BA3D-CDE204CDEA74}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
"{32D2378B-8C95-43D5-8E39-BFCA0D0BA32B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{86D74C7A-5789-488D-B887-B926D83A4D6C}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
"{887F2CFD-BE05-4D96-9CDA-0BD142CE14E2}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
"{97C21FDB-44F3-46A9-9F85-5B68F162E430}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A524FE92-93AB-4F0E-93C2-777C3386BC35}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A8F78805-FCBD-4360-9816-1D572CCC3E2A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BA8209F1-A585-45CE-83F4-E1BF8126EFB0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CA1701D5-A714-40B8-84A8-9B2A18D8CB4B}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{D4F25EE4-9740-47E4-B555-8C81B57C7F00}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DA96B6AC-0658-43B8-98A8-A6F01847EDCA}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"TCP Query User{088ADBB5-6F09-4281-ABC0-1AD08782BB3F}C:\program files\microsoft virtual pc\virtual pc.exe" = protocol=6 | dir=in | app=c:\program files\microsoft virtual pc\virtual pc.exe |
"TCP Query User{26115009-CC43-4A09-9EF5-3A9BD3F291DA}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{D2BCE9F7-F0BA-4DBE-BB49-DB097DF64A40}C:\program files\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"UDP Query User{0C19018E-043E-4970-8750-9538527B6A4C}C:\program files\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"UDP Query User{86849FC2-FC9C-4753-AB51-6F3F386C3A3F}C:\program files\microsoft virtual pc\virtual pc.exe" = protocol=17 | dir=in | app=c:\program files\microsoft virtual pc\virtual pc.exe |
"UDP Query User{B559C143-4FD3-42BE-8BA1-24694A423D2B}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0360D8F0-626A-4E87-8A16-938BD0BEBCC5}" = 32 Bit HP CIO Components Installer
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0F95AA42-0FF6-4D48-9CA1-64C8D0777500}" = QuickSet
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{2357B8BC-88C9-4A72-818C-050CC4EB0778}" = AOL Install
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{42BBA4CC-EFB6-4653-A2CC-F305D4B399C3}" = PS_AIO_07_D110_SW_Min
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{59E98F3F-48D6-42A9-8250-079671E02B2D}" = StuffIt Expander 2011
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}" = EarthLink Setup Files
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91D3AD6F-09CD-4695-9FA3-8FB15429BE97}" = D110
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.6
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FEB2D0CA-9912-4AA1-8FBE-CFD852F9F1FC}" = Panda Cloud Antivirus
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"AIM_7" = AIM 7
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Defraggler" = Defraggler
"DELL Webcam Center" = DELL Webcam Center
"DELL Webcam Manager" = DELL Webcam Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"NVIDIA Drivers" = NVIDIA Drivers
"Panda Cloud Antivirus" = Panda Cloud Antivirus
"Paradise Quest" = Paradise Quest (remove only)
"Plants vs. Zombies" = Plants vs. Zombies (remove only)
"Scribe" = Express Scribe
"SeaMonkey (2.6.1)" = SeaMonkey (2.6.1)
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SynTPDeinstKey" = Dell Touchpad
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"f031ef6ac137efc5" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/27/2011 1:36:37 AM | Computer Name = Rachel-PC | Source = IMFservice | ID = 0
Description =

Error - 6/28/2011 2:17:34 AM | Computer Name = Rachel-PC | Source = EventSystem | ID = 4621
Description =

Error - 6/29/2011 1:25:33 AM | Computer Name = Rachel-PC | Source = EventSystem | ID = 4621
Description =

Error - 6/29/2011 10:09:10 AM | Computer Name = Rachel-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp
0x49e01da5, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x00000000, process id 0xa94, application start time
0x01cc3663075d4c0f.

Error - 6/30/2011 12:44:20 PM | Computer Name = Rachel-PC | Source = EventSystem | ID = 4621
Description =

Error - 6/30/2011 12:45:29 PM | Computer Name = Rachel-PC | Source = Application Error | ID = 1000
Description = Faulting application bcmwltry.exe, version 4.102.15.61, time stamp
0x45f8a9d0, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x013f4c5f, process id 0x6f8, application start time
0x01cc37451bed8cc4.

Error - 6/30/2011 4:16:04 PM | Computer Name = Rachel-PC | Source = IMFservice | ID = 0
Description =

Error - 6/30/2011 4:16:05 PM | Computer Name = Rachel-PC | Source = IMFservice | ID = 0
Description =

Error - 6/30/2011 4:17:10 PM | Computer Name = Rachel-PC | Source = Application Error | ID = 1000
Description = Faulting application bcmwltry.exe, version 4.102.15.61, time stamp
0x45f8a9d0, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436,
exception code 0xc015000f, fault offset 0x00075bf8, process id 0x704, application
start time 0x01cc3762ad857854.

Error - 6/30/2011 10:38:31 PM | Computer Name = Rachel-PC | Source = VSS | ID = 8194
Description =

[ Broadcom Wireless LAN Events ]
Error - 4/20/2011 8:15:07 AM | Computer Name = RACHEL-PC | Source = WLAN-Tray | ID = 0
Description = 07:15:07, Wed, Apr 20, 11 Error - Unable to gain access to user store

Error - 5/14/2011 11:29:15 PM | Computer Name = RACHEL-PC | Source = WLAN-Tray | ID = 0
Description = 22:29:15, Sat, May 14, 11 Error - Unable to gain access to user store

Error - 5/30/2011 6:02:42 PM | Computer Name = RACHEL-PC | Source = WLAN-Tray | ID = 0
Description = 17:02:42, Mon, May 30, 11 Error - Unable to gain access to user store

Error - 5/31/2011 2:05:35 AM | Computer Name = RACHEL-PC | Source = WLAN-Tray | ID = 0
Description = 01:05:35, Tue, May 31, 11 Error - Unable to gain access to user store

Error - 5/31/2011 8:38:49 PM | Computer Name = RACHEL-PC | Source = WLAN-Tray | ID = 0
Description = 19:38:49, Tue, May 31, 11 Error - Unable to gain access to user store

Error - 5/31/2011 11:10:46 PM | Computer Name = Rachel-PC | Source = WLAN-Tray | ID = 0
Description = 22:10:46, Tue, May 31, 11 Error - Unable to gain access to user store

Error - 6/2/2011 1:59:34 PM | Computer Name = Rachel-PC | Source = WLAN-Tray | ID = 0
Description = 12:59:34, Thu, Jun 02, 11 Error - Unable to gain access to user store

Error - 6/3/2011 9:22:44 AM | Computer Name = Rachel-PC | Source = WLAN-Tray | ID = 0
Description = 08:22:44, Fri, Jun 03, 11 Error - Unable to gain access to user store

Error - 6/6/2011 9:45:28 AM | Computer Name = RACHEL-PC | Source = WLAN-Tray | ID = 0
Description = 08:45:28, Mon, Jun 06, 11 Error - Unable to gain access to user store

Error - 6/6/2011 9:42:00 PM | Computer Name = Rachel-PC | Source = WLAN-Tray | ID = 0
Description = 20:42:00, Mon, Jun 06, 11 Error - Unable to gain access to user store

[ OSession Events ]
Error - 2/28/2011 2:44:11 PM | Computer Name = Rachel-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 206
seconds with 180 seconds of active time. This session ended with a crash.

Error - 2/28/2011 2:47:32 PM | Computer Name = Rachel-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 1/18/2012 11:42:40 AM | Computer Name = Stormy-PC | Source = DCOM | ID = 10001
Description =

Error - 1/18/2012 11:42:44 AM | Computer Name = Stormy-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 1/19/2012 10:59:30 AM | Computer Name = Stormy-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 1/19/2012 11:15:14 AM | Computer Name = Stormy-PC | Source = DCOM | ID = 10001
Description =

Error - 1/19/2012 11:48:35 AM | Computer Name = Stormy-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 1/19/2012 11:52:44 AM | Computer Name = Stormy-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 1/19/2012 11:57:28 AM | Computer Name = Stormy-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 1/19/2012 12:05:32 PM | Computer Name = Stormy-PC | Source = DCOM | ID = 10001
Description =

Error - 1/19/2012 12:05:43 PM | Computer Name = Stormy-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 1/19/2012 3:08:19 PM | Computer Name = Stormy-PC | Source = Service Control Manager | ID = 7011
Description =

< End of report >

#6
RKinner

Posted 19 January 2012 - 09:15 PM

Malware Expert

Expert
24,623 posts

Illegal operation attempted on a registry key that has been marked for deletion.

Happens sometimes after running Combofix. A reboot fixes it.

Combofix log looks clean now.

You need to update

Adobe Reader 8.2.6
Adobe Flash Player 10 ActiveX Old versions of Adobe are dangerous. Adobe reader should be 10 or better and Flash Player should be 11.

Still waiting on a new TDSSKiller and aswMBR logs.

Does Panda tell you anything about this virus it fixes?

#7
stormcat

Posted 19 January 2012 - 10:01 PM

Member

Topic Starter
Member
14 posts

Attached are TDSSKiller and aswMBR logs. FIX button was enabled at end of aswMBR scan.

XOXOXOX TDSS KILLER LOG XOXOXOXOX

21:21:07.0357 2872 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
21:21:07.0778 2872 ============================================================
21:21:07.0778 2872 Current date / time: 2012/01/19 21:21:07.0778
21:21:07.0778 2872 SystemInfo:
21:21:07.0778 2872
21:21:07.0778 2872 OS Version: 6.0.6002 ServicePack: 2.0
21:21:07.0778 2872 Product type: Workstation
21:21:07.0778 2872 ComputerName: STORMY-PC
21:21:07.0778 2872 UserName: Rachel
21:21:07.0778 2872 Windows directory: C:\Windows
21:21:07.0778 2872 System windows directory: C:\Windows
21:21:07.0778 2872 Processor architecture: Intel x86
21:21:07.0778 2872 Number of processors: 2
21:21:07.0778 2872 Page size: 0x1000
21:21:07.0778 2872 Boot type: Normal boot
21:21:07.0778 2872 ============================================================
21:21:09.0369 2872 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:21:09.0525 2872 Initialize success
21:21:30.0647 3436 ============================================================
21:21:30.0647 3436 Scan started
21:21:30.0647 3436 Mode: Manual; SigCheck; TDLFS;
21:21:30.0647 3436 ============================================================
21:21:31.0568 3436 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
21:21:31.0755 3436 ACPI - ok
21:21:32.0005 3436 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
21:21:32.0051 3436 adp94xx - ok
21:21:32.0301 3436 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
21:21:32.0332 3436 adpahci - ok
21:21:32.0551 3436 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
21:21:32.0566 3436 adpu160m - ok
21:21:32.0675 3436 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
21:21:32.0707 3436 adpu320 - ok
21:21:32.0878 3436 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
21:21:32.0925 3436 AFD - ok
21:21:33.0003 3436 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
21:21:33.0034 3436 agp440 - ok
21:21:33.0221 3436 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:21:33.0237 3436 aic78xx - ok
21:21:33.0377 3436 aliide (dc67a153fdb8105b25d05334b5e1d8e2) C:\Windows\system32\drivers\aliide.sys
21:21:33.0393 3436 aliide - ok
21:21:33.0830 3436 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
21:21:33.0861 3436 amdagp - ok
21:21:34.0235 3436 amdide (835c4c3355088298a5ebd818fa31430f) C:\Windows\system32\drivers\amdide.sys
21:21:34.0251 3436 amdide - ok
21:21:34.0579 3436 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
21:21:34.0766 3436 AmdK7 - ok
21:21:35.0062 3436 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
21:21:35.0125 3436 AmdK8 - ok
21:21:35.0343 3436 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
21:21:35.0359 3436 arc - ok
21:21:35.0702 3436 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
21:21:35.0717 3436 arcsas - ok
21:21:35.0983 3436 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:21:36.0092 3436 AsyncMac - ok
21:21:36.0341 3436 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
21:21:36.0357 3436 atapi - ok
21:21:36.0794 3436 BCM43XX (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
21:21:36.0903 3436 BCM43XX - ok
21:21:37.0199 3436 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
21:21:37.0246 3436 bcm4sbxp - ok
21:21:37.0527 3436 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:21:37.0574 3436 Beep - ok
21:21:37.0730 3436 blbdrive - ok
21:21:37.0855 3436 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
21:21:37.0886 3436 bowser - ok
21:21:38.0104 3436 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:21:38.0151 3436 BrFiltLo - ok
21:21:38.0182 3436 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:21:38.0229 3436 BrFiltUp - ok
21:21:38.0541 3436 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:21:38.0619 3436 Brserid - ok
21:21:38.0869 3436 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:21:38.0931 3436 BrSerWdm - ok
21:21:39.0212 3436 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:21:39.0290 3436 BrUsbMdm - ok
21:21:39.0602 3436 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:21:39.0680 3436 BrUsbSer - ok
21:21:40.0023 3436 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
21:21:40.0085 3436 BthEnum - ok
21:21:40.0397 3436 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
21:21:40.0444 3436 BTHMODEM - ok
21:21:40.0616 3436 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
21:21:40.0678 3436 BthPan - ok
21:21:40.0928 3436 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
21:21:40.0990 3436 BTHPORT - ok
21:21:41.0209 3436 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
21:21:41.0271 3436 BTHUSB - ok
21:21:41.0458 3436 catchme - ok
21:21:41.0786 3436 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:21:41.0833 3436 cdfs - ok
21:21:42.0067 3436 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
21:21:42.0113 3436 cdrom - ok
21:21:42.0379 3436 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
21:21:42.0457 3436 circlass - ok
21:21:42.0659 3436 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
21:21:42.0722 3436 CLFS - ok
21:21:42.0815 3436 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
21:21:42.0862 3436 CmBatt - ok
21:21:42.0987 3436 cmdide (e79cbb2195e965f6e3256e2c1b23fd1c) C:\Windows\system32\drivers\cmdide.sys
21:21:43.0003 3436 cmdide - ok
21:21:43.0159 3436 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
21:21:43.0190 3436 Compbatt - ok
21:21:43.0424 3436 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
21:21:43.0455 3436 crcdisk - ok
21:21:43.0767 3436 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
21:21:43.0829 3436 CSC - ok
21:21:44.0017 3436 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
21:21:44.0079 3436 DfsC - ok
21:21:44.0282 3436 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
21:21:44.0297 3436 disk - ok
21:21:44.0391 3436 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
21:21:44.0438 3436 Dot4 - ok
21:21:44.0750 3436 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
21:21:44.0797 3436 Dot4Print - ok
21:21:45.0046 3436 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
21:21:45.0093 3436 dot4usb - ok
21:21:45.0280 3436 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:21:45.0327 3436 drmkaud - ok
21:21:45.0421 3436 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
21:21:45.0467 3436 DXGKrnl - ok
21:21:45.0733 3436 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
21:21:45.0795 3436 e1express - ok
21:21:45.0982 3436 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:21:46.0060 3436 E1G60 - ok
21:21:46.0107 3436 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
21:21:46.0138 3436 Ecache - ok
21:21:46.0435 3436 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
21:21:46.0466 3436 elxstor - ok
21:21:46.0606 3436 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
21:21:46.0669 3436 exfat - ok
21:21:46.0731 3436 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
21:21:46.0762 3436 fastfat - ok
21:21:47.0027 3436 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
21:21:47.0121 3436 fdc - ok
21:21:47.0261 3436 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:21:47.0308 3436 FileInfo - ok
21:21:47.0402 3436 FileMonitor - ok
21:21:47.0683 3436 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:21:47.0745 3436 Filetrace - ok
21:21:47.0917 3436 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
21:21:47.0979 3436 flpydisk - ok
21:21:48.0057 3436 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
21:21:48.0088 3436 FltMgr - ok
21:21:48.0307 3436 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
21:21:48.0353 3436 Fs_Rec - ok
21:21:48.0400 3436 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
21:21:48.0431 3436 gagp30kx - ok
21:21:48.0697 3436 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:21:48.0712 3436 GEARAspiWDM - ok
21:21:48.0899 3436 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:21:48.0946 3436 HDAudBus - ok
21:21:49.0040 3436 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:21:49.0102 3436 HidBth - ok
21:21:49.0321 3436 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:21:49.0399 3436 HidIr - ok
21:21:49.0679 3436 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
21:21:49.0726 3436 HidUsb - ok
21:21:49.0882 3436 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
21:21:49.0913 3436 HpCISSs - ok
21:21:50.0303 3436 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys
21:21:50.0413 3436 HSF_DPV - ok
21:21:50.0631 3436 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
21:21:50.0693 3436 HSXHWAZL - ok
21:21:50.0881 3436 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
21:21:50.0974 3436 HTTP - ok
21:21:51.0115 3436 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
21:21:51.0130 3436 i2omp - ok
21:21:51.0208 3436 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:21:51.0255 3436 i8042prt - ok
21:21:51.0395 3436 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\drivers\iastor.sys
21:21:51.0442 3436 iaStor - ok
21:21:51.0489 3436 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
21:21:51.0520 3436 iaStorV - ok
21:21:51.0661 3436 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:21:51.0676 3436 iirsp - ok
21:21:51.0754 3436 intelide (0084046c084d68e494f8cf36bcf08186) C:\Windows\system32\DRIVERS\intelide.sys
21:21:51.0770 3436 intelide - ok
21:21:51.0832 3436 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:21:51.0879 3436 intelppm - ok
21:21:52.0019 3436 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:21:52.0082 3436 IpFilterDriver - ok
21:21:52.0097 3436 IpInIp - ok
21:21:52.0129 3436 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
21:21:52.0207 3436 IPMIDRV - ok
21:21:52.0331 3436 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:21:52.0394 3436 IPNAT - ok
21:21:52.0425 3436 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:21:52.0472 3436 IRENUM - ok
21:21:52.0612 3436 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
21:21:52.0628 3436 isapnp - ok
21:21:52.0675 3436 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
21:21:52.0706 3436 iScsiPrt - ok
21:21:52.0737 3436 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:21:52.0768 3436 iteatapi - ok
21:21:52.0924 3436 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:21:52.0940 3436 iteraid - ok
21:21:52.0971 3436 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:21:52.0987 3436 kbdclass - ok
21:21:53.0033 3436 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
21:21:53.0065 3436 kbdhid - ok
21:21:53.0127 3436 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
21:21:53.0158 3436 KSecDD - ok
21:21:53.0221 3436 Lavasoft Kernexplorer - ok
21:21:53.0377 3436 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:21:53.0408 3436 lltdio - ok
21:21:53.0470 3436 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
21:21:53.0486 3436 LSI_FC - ok
21:21:53.0517 3436 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
21:21:53.0533 3436 LSI_SAS - ok
21:21:53.0673 3436 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
21:21:53.0689 3436 LSI_SCSI - ok
21:21:53.0735 3436 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:21:53.0782 3436 luafv - ok
21:21:53.0876 3436 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
21:21:53.0891 3436 mdmxsdk - ok
21:21:54.0016 3436 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
21:21:54.0032 3436 megasas - ok
21:21:54.0079 3436 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:21:54.0125 3436 Modem - ok
21:21:54.0219 3436 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:21:54.0250 3436 monitor - ok
21:21:54.0359 3436 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:21:54.0391 3436 mouclass - ok
21:21:54.0422 3436 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:21:54.0453 3436 mouhid - ok
21:21:54.0500 3436 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:21:54.0531 3436 MountMgr - ok
21:21:54.0609 3436 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
21:21:54.0640 3436 mpio - ok
21:21:54.0718 3436 MpKsl2b3e3ece - ok
21:21:54.0749 3436 MpKsl70f21305 - ok
21:21:54.0765 3436 MpKsl8008c0b3 - ok
21:21:54.0781 3436 MpKsl8071bedb - ok
21:21:54.0796 3436 MpKsldab4039d - ok
21:21:54.0812 3436 MpKslfb6fcef5 - ok
21:21:54.0952 3436 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:21:54.0999 3436 mpsdrv - ok
21:21:55.0046 3436 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:21:55.0061 3436 Mraid35x - ok
21:21:55.0108 3436 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
21:21:55.0171 3436 MRxDAV - ok
21:21:55.0280 3436 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:21:55.0311 3436 mrxsmb - ok
21:21:55.0358 3436 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:21:55.0389 3436 mrxsmb10 - ok
21:21:55.0405 3436 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:21:55.0451 3436 mrxsmb20 - ok
21:21:55.0545 3436 msahci (d420bc42a637ac3cc4f411220549c0dc) C:\Windows\system32\drivers\msahci.sys
21:21:55.0576 3436 msahci - ok
21:21:55.0639 3436 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
21:21:55.0654 3436 msdsm - ok
21:21:55.0717 3436 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:21:55.0763 3436 Msfs - ok
21:21:55.0904 3436 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:21:55.0919 3436 msisadrv - ok
21:21:55.0966 3436 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:21:56.0029 3436 MSKSSRV - ok
21:21:56.0091 3436 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:21:56.0138 3436 MSPCLOCK - ok
21:21:56.0247 3436 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:21:56.0294 3436 MSPQM - ok
21:21:56.0341 3436 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
21:21:56.0372 3436 MsRPC - ok
21:21:56.0403 3436 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:21:56.0434 3436 mssmbios - ok
21:21:56.0543 3436 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:21:56.0575 3436 MSTEE - ok
21:21:56.0637 3436 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
21:21:56.0668 3436 Mup - ok
21:21:56.0824 3436 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
21:21:56.0871 3436 NativeWifiP - ok
21:21:56.0949 3436 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
21:21:56.0996 3436 NDIS - ok
21:21:57.0105 3436 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:21:57.0152 3436 NdisTapi - ok
21:21:57.0199 3436 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:21:57.0245 3436 Ndisuio - ok
21:21:57.0370 3436 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:21:57.0417 3436 NdisWan - ok
21:21:57.0464 3436 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:21:57.0495 3436 NDProxy - ok
21:21:57.0667 3436 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:21:57.0698 3436 NetBIOS - ok
21:21:57.0760 3436 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
21:21:57.0807 3436 netbt - ok
21:21:57.0932 3436 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:21:57.0963 3436 nfrd960 - ok
21:21:58.0010 3436 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
21:21:58.0072 3436 Npfs - ok
21:21:58.0103 3436 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:21:58.0150 3436 nsiproxy - ok
21:21:58.0306 3436 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
21:21:58.0369 3436 Ntfs - ok
21:21:58.0400 3436 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:21:58.0478 3436 ntrigdigi - ok
21:21:58.0603 3436 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:21:58.0634 3436 Null - ok
21:21:58.0993 3436 nvlddmkm (8fe5350fa6a9f0b6633aee811c468954) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:21:59.0539 3436 nvlddmkm - ok
21:21:59.0663 3436 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
21:21:59.0679 3436 nvraid - ok
21:21:59.0726 3436 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
21:21:59.0741 3436 nvstor - ok
21:21:59.0804 3436 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
21:21:59.0835 3436 nv_agp - ok
21:21:59.0929 3436 NwlnkFlt - ok
21:21:59.0960 3436 NwlnkFwd - ok
21:22:00.0007 3436 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
21:22:00.0069 3436 OEM02Dev - ok
21:22:00.0100 3436 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
21:22:00.0131 3436 OEM02Vfx - ok
21:22:00.0287 3436 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
21:22:00.0319 3436 ohci1394 - ok
21:22:00.0397 3436 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:22:00.0459 3436 Parport - ok
21:22:00.0584 3436 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
21:22:00.0599 3436 partmgr - ok
21:22:00.0631 3436 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:22:00.0693 3436 Parvdm - ok
21:22:00.0724 3436 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
21:22:00.0740 3436 pci - ok
21:22:00.0818 3436 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
21:22:00.0833 3436 pciide - ok
21:22:00.0974 3436 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
21:22:00.0989 3436 pcmcia - ok
21:22:01.0067 3436 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:22:01.0192 3436 PEAUTH - ok
21:22:01.0411 3436 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:22:01.0457 3436 PptpMiniport - ok
21:22:01.0489 3436 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
21:22:01.0567 3436 Processor - ok
21:22:01.0738 3436 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
21:22:01.0769 3436 PSched - ok
21:22:01.0832 3436 PSINAflt (18b347125d597751b69ce8c6c03a4ba2) C:\Windows\system32\DRIVERS\PSINAflt.sys
21:22:01.0863 3436 PSINAflt - ok
21:22:01.0894 3436 PSINFile (072a5c1983b85504239c307d41d741be) C:\Windows\system32\DRIVERS\PSINFile.sys
21:22:01.0925 3436 PSINFile - ok
21:22:02.0081 3436 PSINKNC (f778579e0b47f0027cce47da1a64ef88) C:\Windows\system32\DRIVERS\psinknc.sys
21:22:02.0097 3436 PSINKNC - ok
21:22:02.0113 3436 PSINProc (0fb3436762e672800eb1c0578ac379c8) C:\Windows\system32\DRIVERS\PSINProc.sys
21:22:02.0144 3436 PSINProc - ok
21:22:02.0159 3436 PSINProt (7534273ca15900cdd1c3b392dd6b595b) C:\Windows\system32\DRIVERS\PSINProt.sys
21:22:02.0191 3436 PSINProt - ok
21:22:02.0284 3436 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
21:22:02.0331 3436 ql2300 - ok
21:22:02.0456 3436 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:22:02.0471 3436 ql40xx - ok
21:22:02.0534 3436 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:22:02.0596 3436 QWAVEdrv - ok
21:22:02.0799 3436 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
21:22:02.0955 3436 R300 - ok
21:22:03.0080 3436 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:22:03.0127 3436 RasAcd - ok
21:22:03.0173 3436 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:22:03.0205 3436 Rasl2tp - ok
21:22:03.0329 3436 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
21:22:03.0376 3436 RasPppoe - ok
21:22:03.0407 3436 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
21:22:03.0439 3436 RasSstp - ok
21:22:03.0501 3436 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
21:22:03.0532 3436 rdbss - ok
21:22:03.0657 3436 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:22:03.0688 3436 RDPCDD - ok
21:22:03.0735 3436 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
21:22:03.0782 3436 rdpdr - ok
21:22:03.0813 3436 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:22:03.0860 3436 RDPENCDD - ok
21:22:03.0969 3436 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
21:22:04.0031 3436 RDPWD - ok
21:22:04.0125 3436 RegFilter - ok
21:22:04.0250 3436 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
21:22:04.0281 3436 RFCOMM - ok
21:22:04.0328 3436 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
21:22:04.0375 3436 rimmptsk - ok
21:22:04.0390 3436 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
21:22:04.0437 3436 rimsptsk - ok
21:22:04.0546 3436 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
21:22:04.0577 3436 rismxdp - ok
21:22:04.0624 3436 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:22:04.0671 3436 rspndr - ok
21:22:04.0780 3436 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:22:04.0811 3436 sbp2port - ok
21:22:04.0874 3436 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
21:22:04.0905 3436 sdbus - ok
21:22:04.0983 3436 SDHookDriver - ok
21:22:05.0092 3436 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:22:05.0155 3436 secdrv - ok
21:22:05.0201 3436 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
21:22:05.0279 3436 Serenum - ok
21:22:05.0373 3436 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
21:22:05.0435 3436 Serial - ok
21:22:05.0498 3436 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:22:05.0545 3436 sermouse - ok
21:22:05.0701 3436 setup_9.0.0.722_08.04.2011_14-41drv (64d93ec1218765498c40619427a85a91) C:\Windows\system32\DRIVERS\6856490.sys
21:22:05.0732 3436 setup_9.0.0.722_08.04.2011_14-41drv - ok
21:22:05.0779 3436 setup_9.0.0.722_12.04.2011_14-49drv (64d93ec1218765498c40619427a85a91) C:\Windows\system32\DRIVERS\3653390.sys
21:22:05.0810 3436 setup_9.0.0.722_12.04.2011_14-49drv - ok
21:22:05.0966 3436 setup_9.0.0.722_16.04.2011_16-52drv (64d93ec1218765498c40619427a85a91) C:\Windows\system32\DRIVERS\8124069.sys
21:22:05.0997 3436 setup_9.0.0.722_16.04.2011_16-52drv - ok
21:22:06.0044 3436 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
21:22:06.0075 3436 sffdisk - ok
21:22:06.0122 3436 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
21:22:06.0169 3436 sffp_mmc - ok
21:22:06.0293 3436 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:22:06.0325 3436 sffp_sd - ok
21:22:06.0371 3436 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:22:06.0434 3436 sfloppy - ok
21:22:06.0481 3436 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
21:22:06.0496 3436 sisagp - ok
21:22:06.0621 3436 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
21:22:06.0637 3436 SiSRaid2 - ok
21:22:06.0699 3436 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
21:22:06.0715 3436 SiSRaid4 - ok
21:22:06.0761 3436 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
21:22:06.0808 3436 Smb - ok
21:22:06.0933 3436 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:22:06.0964 3436 spldr - ok
21:22:07.0011 3436 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
21:22:07.0073 3436 srv - ok
21:22:07.0198 3436 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
21:22:07.0245 3436 srv2 - ok
21:22:07.0292 3436 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
21:22:07.0307 3436 srvnet - ok
21:22:07.0495 3436 STHDA (167909a1c36aa3e8f2582962f0ccc748) C:\Windows\system32\drivers\stwrt.sys
21:22:07.0557 3436 STHDA - ok
21:22:07.0588 3436 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:22:07.0619 3436 swenum - ok
21:22:07.0744 3436 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:22:07.0760 3436 Symc8xx - ok
21:22:07.0791 3436 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:22:07.0822 3436 Sym_hi - ok
21:22:07.0838 3436 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:22:07.0869 3436 Sym_u3 - ok
21:22:08.0041 3436 SynTP (451e8037e2eb6da6bdf0a66f65d1810b) C:\Windows\system32\DRIVERS\SynTP.sys
21:22:08.0056 3436 SynTP - ok
21:22:08.0150 3436 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
21:22:08.0212 3436 Tcpip - ok
21:22:08.0321 3436 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
21:22:08.0368 3436 Tcpip6 - ok
21:22:08.0399 3436 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
21:22:08.0446 3436 tcpipreg - ok
21:22:08.0493 3436 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:22:08.0555 3436 TDPIPE - ok
21:22:08.0649 3436 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:22:08.0696 3436 TDTCP - ok
21:22:08.0743 3436 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
21:22:08.0789 3436 tdx - ok
21:22:08.0821 3436 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
21:22:08.0852 3436 TermDD - ok
21:22:08.0977 3436 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:22:09.0039 3436 tssecsrv - ok
21:22:09.0117 3436 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:22:09.0164 3436 tunmp - ok
21:22:09.0289 3436 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
21:22:09.0320 3436 tunnel - ok
21:22:09.0367 3436 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
21:22:09.0398 3436 uagp35 - ok
21:22:09.0429 3436 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
21:22:09.0476 3436 udfs - ok
21:22:09.0585 3436 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
21:22:09.0616 3436 uliagpkx - ok
21:22:09.0663 3436 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
21:22:09.0679 3436 uliahci - ok
21:22:09.0757 3436 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:22:09.0772 3436 UlSata - ok
21:22:09.0819 3436 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:22:09.0835 3436 ulsata2 - ok
21:22:09.0944 3436 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:22:09.0991 3436 umbus - ok
21:22:10.0100 3436 UrlFilter - ok
21:22:10.0271 3436 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
21:22:10.0303 3436 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
21:22:10.0303 3436 USBAAPL - detected UnsignedFile.Multi.Generic (1)
21:22:10.0365 3436 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
21:22:10.0396 3436 usbaudio - ok
21:22:10.0490 3436 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:22:10.0537 3436 usbccgp - ok
21:22:10.0646 3436 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:22:10.0724 3436 usbcir - ok
21:22:10.0771 3436 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
21:22:10.0833 3436 usbehci - ok
21:22:10.0927 3436 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
21:22:10.0958 3436 usbhub - ok
21:22:11.0005 3436 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
21:22:11.0051 3436 usbohci - ok
21:22:11.0129 3436 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
21:22:11.0176 3436 usbprint - ok
21:22:11.0317 3436 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
21:22:11.0348 3436 usbscan - ok
21:22:11.0410 3436 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:22:11.0457 3436 USBSTOR - ok
21:22:11.0504 3436 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:22:11.0551 3436 usbuhci - ok
21:22:11.0675 3436 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
21:22:11.0738 3436 vga - ok
21:22:11.0800 3436 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:22:11.0847 3436 VgaSave - ok
21:22:11.0956 3436 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
21:22:11.0987 3436 viaagp - ok
21:22:12.0034 3436 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
21:22:12.0112 3436 ViaC7 - ok
21:22:12.0159 3436 viaide (f3b4762eb85a2aff4999401f14c3262b) C:\Windows\system32\drivers\viaide.sys
21:22:12.0190 3436 viaide - ok
21:22:12.0299 3436 vmm (e41fef9e3056fe88c71e411f705be41e) C:\Windows\system32\Drivers\vmm.sys
21:22:12.0331 3436 vmm - ok
21:22:12.0377 3436 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:22:12.0393 3436 volmgr - ok
21:22:12.0471 3436 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
21:22:12.0502 3436 volmgrx - ok
21:22:12.0580 3436 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
21:22:12.0611 3436 volsnap - ok
21:22:12.0705 3436 VPCNetS2 (f96a678debdccb0b4bb7f38cb2580589) C:\Windows\system32\DRIVERS\VMNetSrv.sys
21:22:12.0736 3436 VPCNetS2 - ok
21:22:12.0799 3436 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
21:22:12.0830 3436 vsmraid - ok
21:22:12.0923 3436 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:22:12.0986 3436 WacomPen - ok
21:22:13.0048 3436 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:22:13.0079 3436 Wanarp - ok
21:22:13.0111 3436 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:22:13.0142 3436 Wanarpv6 - ok
21:22:13.0220 3436 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
21:22:13.0235 3436 Wd - ok
21:22:13.0329 3436 WDC_SAM - ok
21:22:13.0407 3436 Wdf01000 (bfc4993b195eb4618acf33f7150f091e) C:\Windows\system32\drivers\Wdf01000.sys
21:22:13.0438 3436 Wdf01000 - ok
21:22:13.0532 3436 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
21:22:13.0610 3436 winachsf - ok
21:22:13.0766 3436 WinUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys
21:22:13.0797 3436 WinUSB - ok
21:22:13.0906 3436 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:22:13.0937 3436 WmiAcpi - ok
21:22:14.0047 3436 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
21:22:14.0093 3436 WpdUsb - ok
21:22:14.0234 3436 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:22:14.0281 3436 ws2ifsl - ok
21:22:14.0374 3436 WudfPf (492e9b6232af783173c8f0f612982f3b) C:\Windows\system32\drivers\WudfPf.sys
21:22:14.0437 3436 WudfPf - ok
21:22:14.0561 3436 WUDFRd (fbcc03fe3d9d8976931426f7ae2baae6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:22:14.0593 3436 WUDFRd - ok
21:22:14.0655 3436 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
21:22:14.0671 3436 XAudio - ok
21:22:14.0764 3436 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
21:22:14.0889 3436 \Device\Harddisk0\DR0 - ok
21:22:14.0920 3436 Boot (0x1200) (d889849018b3a36b60a131df79f395cd) \Device\Harddisk0\DR0\Partition0
21:22:14.0920 3436 \Device\Harddisk0\DR0\Partition0 - ok
21:22:14.0920 3436 Boot (0x1200) (ae6b59cf43a6cedc56d7b528f8c02ede) \Device\Harddisk0\DR0\Partition1
21:22:14.0920 3436 \Device\Harddisk0\DR0\Partition1 - ok
21:22:14.0920 3436 ============================================================
21:22:14.0920 3436 Scan finished
21:22:14.0920 3436 ============================================================
21:22:14.0936 0752 Detected object count: 1
21:22:14.0936 0752 Actual detected object count: 1
21:39:06.0627 0752 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
21:39:06.0627 0752 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip

XOXOXOXOXOX ASWMBR LOG XOXOXOXOXOXOXO

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-19 21:44:40
-----------------------------
21:44:40.357 OS Version: Windows 6.0.6002 Service Pack 2
21:44:40.357 Number of processors: 2 586 0xF0A
21:44:40.357 ComputerName: STORMY-PC UserName: Rachel
21:45:05.801 Initialize success
21:45:34.974 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
21:45:34.974 Disk 0 Vendor: TOSHIBA_MK1637GSX DL040D Size: 152627MB BusType: 3
21:45:35.021 Disk 0 MBR read successfully
21:45:35.021 Disk 0 MBR scan
21:45:35.021 Disk 0 Windows VISTA default MBR code
21:45:35.037 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63
21:45:35.037 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 161792
21:45:35.052 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 139747 MB offset 21133312
21:45:35.068 Disk 0 Partition - 00 0F Extended LBA 2560 MB offset 307335168
21:45:35.099 Disk 0 Partition 4 00 DD MSDOS5.0 2559 MB offset 307337216
21:45:35.115 Disk 0 scanning sectors +312578048
21:45:35.161 Disk 0 scanning C:\Windows\system32\drivers
21:45:42.961 Service scanning
21:45:44.943 Modules scanning
21:45:52.602 Scan finished successfully
21:52:08.718 Disk 0 MBR has been saved successfully to "C:\Users\Rachel\Desktop\MBR.dat"
21:52:08.718 The log file has been saved successfully to "C:\Users\Rachel\Desktop\aswMBR.txt"

#8
stormcat

Posted 19 January 2012 - 10:07 PM

Member

Topic Starter
Member
14 posts

When I boot the Flash Player control panel, it says ActiveX version not installed, Plug-in Version is 11.1.102.55, so the notation about the Flash Player is kind of weird.

However, I did use CCleaner to remove the Flash Player 10 ActiveX. I have also upgraded my copy of Adobe Reader.

#9
stormcat

Posted 19 January 2012 - 10:08 PM

Member

Topic Starter
Member
14 posts

Oh, and Panda Cloud AV says this is Adware/XPAntivirus2012

#10
RKinner

Posted 20 January 2012 - 12:58 AM

Malware Expert

Expert
24,623 posts

ActiveX is only used by Internet Explorer so you need to open Internet Explorer and got to adobe.com if you want to get the latest version of Flash Player for ActiveX.

No, what I meant: did it give the name of the file that it is detecting?

Copy the text in the code box by highlighting and Ctrl + c


:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
[2011/02/02 21:40:24 | 000,472,808 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://fb.familylink...geUploader5.cab (Reg Error: Key error.)
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:BC359956

:files
sc config setup_9.0.0.722_16.04.2011_16-52drv start= disabled /c
sc config setup_9.0.0.722_12.04.2011_14-49drv start= disabled /c
sc config setup_9.0.0.722_08.04.2011_14-41drv  start= disabled /c
sc delete setup_9.0.0.722_16.04.2011_16-52drv /c
sc delete setup_9.0.0.722_12.04.2011_14-49drv /c
sc delete setup_9.0.0.722_08.04.2011_14-41drv /c
reg query hklm\software\clients\startmenuinternet /s /c
    
:Commands
[EMPTYTEMP]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Please save the log and post it in your next reply.

Run OTL Quickscan and paste the log.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Copy the following:


:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:


cd  \windows\logs\cbs

copy  cbs.log  cbs.old

del  cbs.log

sfc  /scannow

findstr  /c:"[SR]"  cbs.log  >  junk.txt

attach the file \windows\logs\cbs\junk.txt to your next reply.

sigverif

Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.

Let's also try the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a report option. Click on it and copy and paste the report (even if it says nothing found).

Ron

#11
stormcat

Posted 20 January 2012 - 10:16 AM

Member

Topic Starter
Member
14 posts

oh, sorry, virus/whatever info is tcode3[1].htm

#12
RKinner

Posted 21 January 2012 - 12:38 AM

Malware Expert

Expert
24,623 posts

That's a false positive. Something to do with AOL from what I have read. Panda seems a little slow on catching on.

https://forums.comod...n-t74143.0.html

http://forum.avast.c...ic=52719.0;wap2

#13
stormcat

Posted 21 January 2012 - 09:52 AM

Member

Topic Starter
Member
14 posts

thanks, Ron, I'm hoping to get thru your last set of recommendations this morning.

#14
stormcat

Posted 21 January 2012 - 03:06 PM

Member

Topic Starter
Member
14 posts

Your last item on the list I could not get to run: quickscan.bitdefender.com. However, there are four interesting files in my Downloads folder. They are:

~$s29.txt (hidden)
AlbumArtSmall.jpg
desktop.ini
Folder.jpg

Both .jpg files appear to be identical. I did not try to investigate any of the four, other than to right-click/properties to copy the names to post here.

Here are the logs:

COCOCOCOCO OTL Run Fix Scan Log COCOCOCOOCOOO

All processes killed
========== OTL ==========
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6\ deleted successfully.
C:\Program Files\Yahoo!\Shared\npYState.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3049C3E9-B461-4BC5-8870-4C09146192CA}\ deleted successfully.
C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Starting removal of ActiveX control {5D637FAD-E202-48D1-8F18-5B9C459BD1E3}
C:\Windows\Downloaded Program Files\ImageUploader5.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5D637FAD-E202-48D1-8F18-5B9C459BD1E3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D637FAD-E202-48D1-8F18-5B9C459BD1E3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5D637FAD-E202-48D1-8F18-5B9C459BD1E3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D637FAD-E202-48D1-8F18-5B9C459BD1E3}\ not found.
ADS C:\ProgramData\TEMP:BC359956 deleted successfully.
========== FILES ==========
< sc config setup_9.0.0.722_16.04.2011_16-52drv start= disabled /c >
[SC] ChangeServiceConfig SUCCESS
C:\Users\Rachel\Desktop\cmd.bat deleted successfully.
C:\Users\Rachel\Desktop\cmd.txt deleted successfully.
< sc config setup_9.0.0.722_12.04.2011_14-49drv start= disabled /c >
[SC] ChangeServiceConfig SUCCESS
C:\Users\Rachel\Desktop\cmd.bat deleted successfully.
C:\Users\Rachel\Desktop\cmd.txt deleted successfully.
< sc config setup_9.0.0.722_08.04.2011_14-41drv start= disabled /c >
[SC] ChangeServiceConfig SUCCESS
C:\Users\Rachel\Desktop\cmd.bat deleted successfully.
C:\Users\Rachel\Desktop\cmd.txt deleted successfully.
< sc delete setup_9.0.0.722_16.04.2011_16-52drv /c >
[SC] DeleteService SUCCESS
C:\Users\Rachel\Desktop\cmd.bat deleted successfully.
C:\Users\Rachel\Desktop\cmd.txt deleted successfully.
< sc delete setup_9.0.0.722_12.04.2011_14-49drv /c >
[SC] DeleteService SUCCESS
C:\Users\Rachel\Desktop\cmd.bat deleted successfully.
C:\Users\Rachel\Desktop\cmd.txt deleted successfully.
< sc delete setup_9.0.0.722_08.04.2011_14-41drv /c >
[SC] DeleteService SUCCESS
C:\Users\Rachel\Desktop\cmd.bat deleted successfully.
C:\Users\Rachel\Desktop\cmd.txt deleted successfully.
< reg query hklm\software\clients\startmenuinternet /s /c >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet
(Default) REG_SZ IEXPLORE.EXE
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE
(Default) REG_SZ Mozilla Firefox
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\Capabilities
ApplicationDescription REG_SZ Firefox delivers safe, easy web browsing. A familiar user interface, enhanced security features including protection from online identity theft, and integrated search let you get the most out of the web.
ApplicationIcon REG_SZ C:\Program Files\Mozilla Firefox\firefox.exe,0
ApplicationName REG_SZ Firefox
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\Capabilities\FileAssociations
.htm REG_SZ FirefoxHTML
.html REG_SZ FirefoxHTML
.shtml REG_SZ FirefoxHTML
.xht REG_SZ FirefoxHTML
.xhtml REG_SZ FirefoxHTML
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\Capabilities\StartMenu
StartMenuInternet REG_SZ FIREFOX.EXE
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\Capabilities\URLAssociations
ftp REG_SZ FirefoxURL
http REG_SZ FirefoxURL
https REG_SZ FirefoxURL
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\DefaultIcon
(Default) REG_SZ C:\Program Files\Mozilla Firefox\firefox.exe,0
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo
HideIconsCommand REG_SZ "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts
ShowIconsCommand REG_SZ "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts
ReinstallCommand REG_SZ "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal
IconsVisible REG_DWORD 0x0
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command
(Default) REG_SZ firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties
(Default) REG_SZ Firefox &Options
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command
(Default) REG_SZ "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode
(Default) REG_SZ Firefox &Safe Mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command
(Default) REG_SZ firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE
(Default) REG_SZ Internet Explorer
LocalizedString REG_SZ @C:\Program Files\Internet Explorer\iexplore.exe,-702
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\DefaultIcon
(Default) REG_SZ C:\Program Files\Internet Explorer\iexplore.exe,-9
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo
HideIconsCommand REG_SZ "C:\Windows\system32\ie4uinit.exe" -hide
ShowIconsCommand REG_SZ "C:\Windows\system32\ie4uinit.exe" -show
ReinstallCommand REG_SZ "C:\Windows\system32\ie4uinit.exe" -reinstall
IconsVisible REG_DWORD 0x1
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom
MUIVerb REG_SZ @C:\Windows\System32\ieframe.dll,-39229
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command
(Default) REG_SZ "C:\Program Files\Internet Explorer\iexplore.exe" -extoff
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command
(Default) REG_SZ "C:\Program Files\Internet Explorer\iexplore.exe"
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE
(Default) REG_SZ SeaMonkey
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\Capabilities
ApplicationDescription REG_SZ SeaMonkey delivers safe, easy web browsing. A familiar user interface, enhanced security features including protection from online identity theft, and integrated search let you get the most out of the web.
ApplicationIcon REG_SZ C:\Program Files\SeaMonkey\seamonkey.exe,0
ApplicationName REG_SZ SeaMonkey
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\Capabilities\FileAssociations
.htm REG_SZ SeaMonkeyHTML
.html REG_SZ SeaMonkeyHTML
.shtml REG_SZ SeaMonkeyHTML
.xht REG_SZ SeaMonkeyHTML
.xhtml REG_SZ SeaMonkeyHTML
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\Capabilities\StartMenu
StartMenuInternet REG_SZ SEAMONKEY.EXE
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\Capabilities\URLAssociations
ftp REG_SZ SeaMonkeyURL
http REG_SZ SeaMonkeyURL
https REG_SZ SeaMonkeyURL
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\DefaultIcon
(Default) REG_SZ C:\Program Files\SeaMonkey\seamonkey.exe,0
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\InstallInfo
HideIconsCommand REG_SZ "C:\Program Files\SeaMonkey\uninstall\helper.exe" /HideShortcuts
ShowIconsCommand REG_SZ "C:\Program Files\SeaMonkey\uninstall\helper.exe" /ShowShortcuts
ReinstallCommand REG_SZ "C:\Program Files\SeaMonkey\uninstall\helper.exe" /SetAsDefaultAppGlobal
IconsVisible REG_DWORD 0x1
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\shell
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\shell\open
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\shell\open\command
(Default) REG_SZ C:\Program Files\SeaMonkey\seamonkey.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\shell\properties
(Default) REG_SZ SeaMonkey &Options
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\shell\properties\command
(Default) REG_SZ "C:\Program Files\SeaMonkey\seamonkey.exe" -preferences
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\shell\safemode
(Default) REG_SZ SeaMonkey &Safe Mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\shell\safemode\command
(Default) REG_SZ "C:\Program Files\SeaMonkey\seamonkey.exe" -safe-mode
C:\Users\Rachel\Desktop\cmd.bat deleted successfully.
C:\Users\Rachel\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 35040713 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 611 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Rachel
->Temp folder emptied: 274025 bytes
->Temporary Internet Files folder emptied: 62870711 bytes
->FireFox cache emptied: 52638231 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 1917 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1270 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 144.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 01212012_121330

Files\Folders moved on Reboot...
File\Folder C:\Users\Rachel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRD0000.doc not found!
File\Folder C:\Users\Rachel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{D902ED46-1DE0-40F9-8698-7CA3C74BB6D5}.tmp not found!
File\Folder C:\Users\Rachel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{941D7B79-AE3D-49E2-866B-FE4A748571B4}.tmp not found!
File\Folder C:\Users\Rachel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{DB1382E1-0C97-41E0-87B1-2F5167D04ADE}.tmp not found!

Registry entries deleted on Reboot...

COCOCOCOCO OTL Quick Scan COCOCCOCOCOCO

OTL logfile created on: 1/21/2012 12:20:08 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Rachel\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 68.06% Memory free
4.23 Gb Paging File | 3.68 Gb Available in Paging File | 87.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.47 Gb Total Space | 58.58 Gb Free Space | 42.93% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.04 Gb Free Space | 50.37% Space Free | Partition Type: NTFS

Computer Name: STORMY-PC | User Name: Rachel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/19 13:41:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Rachel\Desktop\OTL.exe
PRC - [2012/01/03 07:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/28 14:01:20 | 000,439,616 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
PRC - [2011/04/28 13:58:54 | 000,140,608 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/06/24 23:17:00 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\stacsv.exe

========== Modules (No Company Name) ==========

MOD - [2010/03/15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (HPSLPSVC)
SRV - File not found [On_Demand | Stopped] -- -- (hpqddsvc)
SRV - File not found [Disabled | Stopped] -- -- (hpqcxs08)
SRV - [2012/01/03 07:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/28 13:58:54 | 000,140,608 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/24 23:17:00 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)

========== Driver Services (SafeList) ==========

DRV - [2011/08/01 05:23:23 | 000,143,624 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSINAflt.sys -- (PSINAflt)
DRV - [2011/04/28 13:57:30 | 000,112,712 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSINProt.sys -- (PSINProt)
DRV - [2011/04/28 13:57:07 | 000,126,024 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\PSINKNC.sys -- (PSINKNC)
DRV - [2011/04/28 13:57:07 | 000,111,176 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PSINProc.sys -- (PSINProc)
DRV - [2011/04/28 13:57:07 | 000,099,400 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PSINFile.sys -- (PSINFile)
DRV - [2010/11/13 23:32:44 | 000,229,208 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm)
DRV - [2009/06/16 13:59:00 | 009,768,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/04/10 22:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2007/10/10 16:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/06/24 23:17:04 | 000,326,656 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/03/05 20:45:00 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/01/29 06:20:34 | 000,059,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2006/11/27 01:48:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/27 01:48:44 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/27 01:48:44 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/21 06:25:44 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/02 01:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 01:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/08/04 18:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=685749"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: [email protected]:3.1.4
FF - prefs.js..keyword.URL: "http://search.yahoo....type=685749&p="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/10 20:40:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/10 20:14:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/21 12:13:31 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.6.1\extensions\\Components: C:\Program Files\SeaMonkey\components [2012/01/16 22:04:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.6.1\extensions\\Plugins: C:\Program Files\SeaMonkey\plugins

[2009/02/03 07:33:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rachel\AppData\Roaming\mozilla\Extensions
[2011/12/01 14:48:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rachel\AppData\Roaming\mozilla\Firefox\Profiles\e2zp44ii.default\extensions
[2011/10/17 08:13:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rachel\AppData\Roaming\mozilla\SeaMonkey\Profiles\ax9fe304.default\extensions
[2011/10/08 09:06:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/10 20:40:42 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
() (No name found) -- C:\USERS\RACHEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\E2ZP44II.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/09/29 00:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/28 18:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.91\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.91\pdf.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\Google\Chrome\Application\12.0.742.91\ppGoogleNaClPluginChrome.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.91\gears.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Rachel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Rachel\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Minimal = C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnfhcmjkebafbfikmbkhdpbmfpfjgiog\1.0_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\

O1 HOSTS File: ([2012/01/19 19:55:58 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [PSUNMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: fdch.com ([%20info] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1449DD32-2506-43C0-81CD-7FE99048DF13}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/21 12:18:23 | 000,000,000 | ---D | C] -- C:\Users\Rachel\Desktop\Sat Logs
[2012/01/21 12:13:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/21 12:07:58 | 000,061,440 | ---- | C] ( ) -- C:\Users\Rachel\Desktop\VEW.exe
[2012/01/19 22:14:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2012/01/19 22:11:42 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/01/19 22:07:25 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/01/19 20:09:49 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/01/19 19:56:03 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/01/19 19:43:03 | 000,000,000 | ---D | C] -- C:\CFix
[2012/01/19 19:41:58 | 000,000,000 | ---D | C] -- C:\Users\Rachel\Desktop\logs to post
[2012/01/19 19:22:12 | 004,388,721 | R--- | C] (Swearware) -- C:\Users\Rachel\Desktop\CFix.exe
[2012/01/19 13:41:26 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Rachel\Desktop\OTL.exe
[2012/01/19 10:00:45 | 000,000,000 | ---D | C] -- C:\Users\Rachel\AppData\Local\temp
[2012/01/19 09:46:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/19 09:46:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/19 09:46:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/19 09:45:56 | 000,000,000 | ---D | C] -- C:\twerp28some
[2012/01/19 09:45:56 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/19 09:45:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/18 20:55:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/14 10:56:05 | 000,000,000 | ---D | C] -- C:\Users\Rachel\Desktop\NCH
[2012/01/04 21:25:46 | 000,000,000 | ---D | C] -- C:\Users\Rachel\RealTemp
[2012/01/01 09:56:53 | 000,000,000 | ---D | C] -- C:\Users\Rachel\Desktop\Pix
[2012/01/01 09:56:34 | 000,000,000 | ---D | C] -- C:\Users\Rachel\Desktop\Weblinks for Stuff
[2011/12/28 22:43:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Webcam
[2011/12/24 17:01:45 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield

========== Files - Modified Within 30 Days ==========

[2012/01/21 12:17:57 | 000,048,734 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/01/21 12:17:57 | 000,048,734 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/01/21 12:17:46 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/21 12:17:46 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/21 12:17:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/21 12:08:02 | 000,061,440 | ---- | M] ( ) -- C:\Users\Rachel\Desktop\VEW.exe
[2012/01/21 09:51:07 | 000,609,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/21 09:51:07 | 000,105,730 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/20 12:08:35 | 000,002,609 | ---- | M] () -- C:\Users\Rachel\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
[2012/01/19 19:55:58 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/01/19 19:22:22 | 004,388,721 | R--- | M] (Swearware) -- C:\Users\Rachel\Desktop\CFix.exe
[2012/01/19 13:41:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Rachel\Desktop\OTL.exe
[2012/01/19 13:31:28 | 000,013,374 | ---- | M] () -- C:\Users\Rachel\.recently-used.xbel
[2012/01/18 01:10:43 | 000,374,120 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/01/19 22:13:20 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/01/19 13:31:28 | 000,013,374 | ---- | C] () -- C:\Users\Rachel\.recently-used.xbel
[2012/01/19 09:46:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/19 09:46:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/19 09:46:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/19 09:46:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/19 09:46:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/18 01:09:08 | 000,374,120 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/19 12:31:07 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2011/12/01 16:59:13 | 000,000,264 | ---- | C] () -- C:\Windows\System32\PSUNCpl.dat
[2011/11/20 20:12:12 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/11/20 20:12:12 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/11/07 21:19:36 | 000,206,995 | ---- | C] () -- C:\Windows\hpoins46.dat
[2011/10/22 19:58:07 | 000,023,580 | ---- | C] () -- C:\Users\Rachel\AppData\Roaming\UserTile.png
[2011/07/25 11:40:34 | 000,214,016 | ---- | C] () -- C:\Users\Rachel\AppData\Roaming\SharedSettings.ccs
[2011/07/11 08:22:07 | 000,048,734 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011/07/11 08:22:03 | 000,048,734 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011/04/23 09:09:56 | 000,000,094 | ---- | C] () -- C:\Windows\family.ini
[2011/04/23 07:55:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/04/21 13:59:46 | 000,192,140 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/01/25 20:57:42 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/01/17 09:46:41 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2010/03/31 18:34:36 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2009/11/17 18:41:45 | 000,000,508 | ---- | C] () -- C:\Windows\WinSig.Ini
[2009/11/17 18:41:45 | 000,000,144 | ---- | C] () -- C:\Windows\Reader.Ini
[2009/11/17 18:41:44 | 000,028,672 | ---- | C] () -- C:\Windows\System32\proxydll.dll
[2009/11/17 18:41:44 | 000,017,920 | ---- | C] () -- C:\Windows\System32\Implode.dll
[2009/11/17 18:40:42 | 000,002,628 | ---- | C] () -- C:\Windows\WinRos.Ini
[2009/09/18 16:05:58 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/18 16:05:58 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/18 16:05:03 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/03/17 16:24:23 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/01/24 12:31:35 | 000,041,478 | ---- | C] () -- C:\Users\Rachel\AppData\Roaming\nvModes.001
[2009/01/24 10:12:30 | 000,041,478 | ---- | C] () -- C:\Users\Rachel\AppData\Roaming\nvModes.dat
[2009/01/18 18:32:43 | 000,000,031 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2007/10/11 06:30:49 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/10/10 22:57:28 | 000,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2007/10/10 22:57:25 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2006/11/09 22:45:20 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 06:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:33:01 | 000,609,082 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,105,730 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/01/17 11:03:35 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\acccore
[2011/10/30 18:53:02 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\BlueSprig
[2011/08/23 17:33:10 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\FileZilla
[2012/01/07 11:29:24 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\gtk-2.0
[2010/02/05 20:46:57 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\iLike
[2011/08/19 09:03:07 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\IObit
[2009/03/26 10:38:05 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\MusicNet
[2011/02/28 12:54:38 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\NCH Swift Sound
[2011/12/01 17:00:22 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\Panda Security
[2011/10/22 19:58:06 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\PeerNetworking
[2011/01/18 10:40:59 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\Uniblue
[2012/01/21 12:16:52 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

COCOCCOCOCOCO \windows\logs\cbs\junk.txt COCCOCOOCOCOCOCOO

2012-01-21 12:31:17, Info CSI 00000006 [SR] Verifying 100 (0x00000064) components
2012-01-21 12:31:17, Info CSI 00000007 [SR] Beginning Verify and Repair transaction
2012-01-21 12:31:23, Info CSI 00000009 [SR] Verify complete
2012-01-21 12:31:24, Info CSI 0000000a [SR] Verifying 100 (0x00000064) components
2012-01-21 12:31:24, Info CSI 0000000b [SR] Beginning Verify and Repair transaction
2012-01-21 12:31:30, Info CSI 0000000d [SR] Verify complete
2012-01-21 12:31:31, Info CSI 0000000e [SR] Verifying 100 (0x00000064) components
2012-01-21 12:31:31, Info CSI 0000000f [SR] Beginning Verify and Repair transaction
2012-01-21 12:31:33, Info CSI 00000011 [SR] Verify complete
2012-01-21 12:31:33, Info CSI 00000012 [SR] Verifying 100 (0x00000064) components
2012-01-21 12:31:33, Info CSI 00000013 [SR] Beginning Verify and Repair transaction
2012-01-21 12:31:35, Info CSI 00000015 [SR] Verify complete
2012-01-21 12:31:37, Info CSI 00000016 [SR] Verifying 100 (0x00000064) components
2012-01-21 12:31:37, Info CSI 00000017 [SR] Beginning Verify and Repair transaction
2012-01-21 12:31:42, Info CSI 00000019 [SR] Verify complete
2012-01-21 12:31:44, Info CSI 0000001a [SR] Verifying 100 (0x00000064) components
2012-01-21 12:31:44, Info CSI 0000001b [SR] Beginning Verify and Repair transaction
2012-01-21 12:31:45, Info CSI 0000001d [SR] Verify complete
2012-01-21 12:31:46, Info CSI 0000001e [SR] Verifying 100 (0x00000064) components
2012-01-21 12:31:46, Info CSI 0000001f [SR] Beginning Verify and Repair transaction
2012-01-21 12:31:48, Info CSI 00000021 [SR] Verify complete
2012-01-21 12:31:49, Info CSI 00000022 [SR] Verifying 100 (0x00000064) components
2012-01-21 12:31:49, Info CSI 00000023 [SR] Beginning Verify and Repair transaction
2012-01-21 12:31:50, Info CSI 00000025 [SR] Verify complete
2012-01-21 12:31:51, Info CSI 00000026 [SR] Verifying 100 (0x00000064) components
2012-01-21 12:31:51, Info CSI 00000027 [SR] Beginning Verify and Repair transaction
2012-01-21 12:31:53, Info CSI 00000029 [SR] Verify complete
2012-01-21 12:31:53, Info CSI 0000002a [SR] Verifying 100 (0x00000064) components
2012-01-21 12:31:53, Info CSI 0000002b [SR] Beginning Verify and Repair transaction
2012-01-21 12:31:55, Info CSI 0000002d [SR] Verify complete
2012-01-21 12:31:56, Info CSI 0000002e [SR] Verifying 100 (0x00000064) components
2012-01-21 12:31:56, Info CSI 0000002f [SR] Beginning Verify and Repair transaction
2012-01-21 12:31:57, Info CSI 00000031 [SR] Verify complete
2012-01-21 12:31:58, Info CSI 00000032 [SR] Verifying 100 (0x00000064) components
2012-01-21 12:31:58, Info CSI 00000033 [SR] Beginning Verify and Repair transaction
2012-01-21 12:32:00, Info CSI 00000035 [SR] Verify complete
2012-01-21 12:32:01, Info CSI 00000036 [SR] Verifying 100 (0x00000064) components
2012-01-21 12:32:01, Info CSI 00000037 [SR] Beginning Verify and Repair transaction
2012-01-21 12:32:02, Info CSI 00000039 [SR] Verify complete
2012-01-21 12:32:03, Info CSI 0000003a [SR] Verifying 100 (0x00000064) components
2012-01-21 12:32:03, Info CSI 0000003b [SR] Beginning Verify and Repair transaction
2012-01-21 12:32:04, Info CSI 0000003d [SR] Verify complete
2012-01-21 12:32:05, Info CSI 0000003e [SR] Verifying 100 (0x00000064) components
2012-01-21 12:32:05, Info CSI 0000003f [SR] Beginning Verify and Repair transaction
2012-01-21 12:32:07, Info CSI 00000041 [SR] Verify complete
2012-01-21 12:32:08, Info CSI 00000042 [SR] Verifying 100 (0x00000064) components
2012-01-21 12:32:08, Info CSI 00000043 [SR] Beginning Verify and Repair transaction
2012-01-21 12:32:09, Info CSI 00000045 [SR] Verify complete
2012-01-21 12:32:10, Info CSI 00000046 [SR] Verifying 100 (0x00000064) components
2012-01-21 12:32:10, Info CSI 00000047 [SR] Beginning Verify and Repair transaction
2012-01-21 12:32:12, Info CSI 00000049 [SR] Verify complete
2012-01-21 12:32:13, Info CSI 0000004a [SR] Verifying 100 (0x00000064) components
2012-01-21 12:32:13, Info CSI 0000004b [SR] Beginning Verify and Repair transaction
2012-01-21 12:32:14, Info CSI 0000004d [SR] Verify complete
2012-01-21 12:32:15, Info CSI 0000004e [SR] Verifying 100 (0x00000064) components
2012-01-21 12:32:15, Info CSI 0000004f [SR] Beginning Verify and Repair transaction
2012-01-21 12:32:16, Info CSI 00000051 [SR] Verify complete
2012-01-21 12:32:17, Info CSI 00000052 [SR] Verifying 100 (0x00000064) components
2012-01-21 12:32:17, Info CSI 00000053 [SR] Beginning Verify and Repair transaction
2012-01-21 12:32:18, Info CSI 00000055 [SR] Verify complete
2012-01-21 12:32:19, Info CSI 00000056 [SR] Verifying 100 (0x00000064) components
2012-01-21 12:32:19, Info CSI 00000057 [SR] Beginning Verify and Repair transaction
2012-01-21 12:32:21, Info CSI 00000059 [SR] Verify complete
2012-01-21 12:32:21, Info CSI 0000005a [SR] Verifying 100 (0x00000064) components
2012-01-21 12:32:21, Info CSI 0000005b [SR] Beginning Verify and Repair transaction
2012-01-21 12:32:24, Info CSI 0000005d [SR] Verify complete
2012-01-21 12:32:25, Info CSI 0000005e [SR] Verifying 100 (0x00000064) components
2012-01-21 12:32:25, Info CSI 0000005f [SR] Beginning Verify and Repair transaction
2012-01-21 12:32:26, Info CSI 00000061 [SR] Verify complete
2012-01-21 12:32:27, Info CSI 00000062 [SR] Verifying 100 (0x00000064) components
2012-01-21 12:32:27, Info CSI 00000063 [SR] Beginning Verify and Repair transaction
2012-01-21 12:32:30, Info CSI 00000065 [SR] Verify complete
2012-01-21 12:32:31, Info CSI 00000066 [SR] Verifying 100 (0x00000064) components
2012-01-21 12:32:31, Info CSI 00000067 [SR] Beginning Verify and Repair transaction
2012-01-21 12:32:33, Info CSI 00000069 [SR] Verify complete
2012-01-21 12:32:33, Info CSI 0000006a [SR] Verifying 100 (0x00000064) components
2012-01-21 12:32:33, Info CSI 0000006b [SR] Beginning Verify and Repair transaction
2012-01-21 12:32:36, Info CSI 0000006d [SR] Verify complete
2012-01-21 12:32:36, Info CSI 0000006e [SR] Verifying 100 (0x00000064) components
2012-01-21 12:32:36, Info CSI 0000006f [SR] Beginning Verify and Repair transaction
2012-01-21 12:32:38, Info CSI 00000071 [SR] Verify complete
2012-01-21 12:32:39, Info CSI 00000072 [SR] Verifying 100 (0x00000064) components
2012-01-21 12:32:39, Info CSI 00000073 [SR] Beginning Verify and Repair transaction
2012-01-21 12:32:41, Info CSI 00000075 [SR] Verify complete
2012-01-21 12:32:41, Info CSI 00000076 [SR] Verifying 100 (0x00000064) components
2012-01-21 12:32:41, Info CSI 00000077 [SR] Beginning Verify and Repair transaction
2012-01-21 12:32:44, Info CSI 00000079 [SR] Verify complete
2012-01-21 12:32:45, Info CSI 0000007a [SR] Verifying 100 (0x00000064) components
2012-01-21 12:32:45, Info CSI 0000007b [SR] Beginning Verify and Repair transaction
2012-01-21 12:32:47, Info CSI 0000007d [SR] Verify complete
2012-01-21 12:32:47, Info CSI 0000007e [SR] Verifying 100 (0x00000064) components
2012-01-21 12:32:47, Info CSI 0000007f [SR] Beginning Verify and Repair transaction
2012-01-21 12:32:49, Info CSI 00000081 [SR] Verify complete
2012-01-21 12:32:50, Info CSI 00000082 [SR] Verifying 100 (0x00000064) components
2012-01-21 12:32:50, Info CSI 00000083 [SR] Beginning Verify and Repair transaction
2012-01-21 12:32:53, Info CSI 00000085 [SR] Verify complete
2012-01-21 12:32:54, Info CSI 00000086 [SR] Verifying 100 (0x00000064) components
2012-01-21 12:32:54, Info CSI 00000087 [SR] Beginning Verify and Repair transaction
2012-01-21 12:32:59, Info CSI 00000089 [SR] Verify complete
2012-01-21 12:33:00, Info CSI 0000008a [SR] Verifying 100 (0x00000064) components
2012-01-21 12:33:00, Info CSI 0000008b [SR] Beginning Verify and Repair transaction
2012-01-21 12:33:04, Info CSI 0000008d [SR] Verify complete
2012-01-21 12:33:05, Info CSI 0000008e [SR] Verifying 100 (0x00000064) components
2012-01-21 12:33:05, Info CSI 0000008f [SR] Beginning Verify and Repair transaction
2012-01-21 12:33:12, Info CSI 00000092 [SR] Verify complete
2012-01-21 12:33:12, Info CSI 00000093 [SR] Verifying 100 (0x00000064) components
2012-01-21 12:33:12, Info CSI 00000094 [SR] Beginning Verify and Repair transaction
2012-01-21 12:33:16, Info CSI 00000096 [SR] Verify complete
2012-01-21 12:33:17, Info CSI 00000097 [SR] Verifying 100 (0x00000064) components
2012-01-21 12:33:17, Info CSI 00000098 [SR] Beginning Verify and Repair transaction
2012-01-21 12:33:22, Info CSI 0000009b [SR] Verify complete
2012-01-21 12:33:22, Info CSI 0000009c [SR] Verifying 100 (0x00000064) components
2012-01-21 12:33:22, Info CSI 0000009d [SR] Beginning Verify and Repair transaction
2012-01-21 12:33:29, Info CSI 0000009f [SR] Verify complete
2012-01-21 12:33:29, Info CSI 000000a0 [SR] Verifying 100 (0x00000064) components
2012-01-21 12:33:29, Info CSI 000000a1 [SR] Beginning Verify and Repair transaction
2012-01-21 12:33:39, Info CSI 000000ab [SR] Verify complete
2012-01-21 12:33:39, Info CSI 000000ac [SR] Verifying 100 (0x00000064) components
2012-01-21 12:33:39, Info CSI 000000ad [SR] Beginning Verify and Repair transaction
2012-01-21 12:33:45, Info CSI 000000af [SR] Verify complete
2012-01-21 12:33:45, Info CSI 000000b0 [SR] Verifying 100 (0x00000064) components
2012-01-21 12:33:45, Info CSI 000000b1 [SR] Beginning Verify and Repair transaction
2012-01-21 12:33:51, Info CSI 000000b3 [SR] Verify complete
2012-01-21 12:33:52, Info CSI 000000b4 [SR] Verifying 100 (0x00000064) components
2012-01-21 12:33:52, Info CSI 000000b5 [SR] Beginning Verify and Repair transaction
2012-01-21 12:33:57, Info CSI 000000b7 [SR] Verify complete
2012-01-21 12:33:58, Info CSI 000000b8 [SR] Verifying 100 (0x00000064) components
2012-01-21 12:33:58, Info CSI 000000b9 [SR] Beginning Verify and Repair transaction
2012-01-21 12:34:03, Info CSI 000000bb [SR] Verify complete
2012-01-21 12:34:04, Info CSI 000000bc [SR] Verifying 100 (0x00000064) components
2012-01-21 12:34:04, Info CSI 000000bd [SR] Beginning Verify and Repair transaction
2012-01-21 12:34:13, Info CSI 000000c1 [SR] Verify complete
2012-01-21 12:34:14, Info CSI 000000c2 [SR] Verifying 100 (0x00000064) components
2012-01-21 12:34:14, Info CSI 000000c3 [SR] Beginning Verify and Repair transaction
2012-01-21 12:34:27, Info CSI 000000c5 [SR] Verify complete
2012-01-21 12:34:27, Info CSI 000000c6 [SR] Verifying 100 (0x00000064) components
2012-01-21 12:34:27, Info CSI 000000c7 [SR] Beginning Verify and Repair transaction
2012-01-21 12:34:43, Info CSI 000000c9 [SR] Verify complete
2012-01-21 12:34:44, Info CSI 000000ca [SR] Verifying 100 (0x00000064) components
2012-01-21 12:34:44, Info CSI 000000cb [SR] Beginning Verify and Repair transaction
2012-01-21 12:34:56, Info CSI 000000cd [SR] Verify complete
2012-01-21 12:34:56, Info CSI 000000ce [SR] Verifying 100 (0x00000064) components
2012-01-21 12:34:56, Info CSI 000000cf [SR] Beginning Verify and Repair transaction
2012-01-21 12:35:00, Info CSI 000000d1 [SR] Verify complete
2012-01-21 12:35:00, Info CSI 000000d2 [SR] Verifying 100 (0x00000064) components
2012-01-21 12:35:00, Info CSI 000000d3 [SR] Beginning Verify and Repair transaction
2012-01-21 12:35:03, Info CSI 000000d5 [SR] Verify complete
2012-01-21 12:35:03, Info CSI 000000d6 [SR] Verifying 100 (0x00000064) components
2012-01-21 12:35:03, Info CSI 000000d7 [SR] Beginning Verify and Repair transaction
2012-01-21 12:35:06, Info CSI 000000d9 [SR] Verify complete
2012-01-21 12:35:06, Info CSI 000000da [SR] Verifying 100 (0x00000064) components
2012-01-21 12:35:06, Info CSI 000000db [SR] Beginning Verify and Repair transaction
2012-01-21 12:35:19, Info CSI 000000f9 [SR] Verify complete
2012-01-21 12:35:19, Info CSI 000000fa [SR] Verifying 100 (0x00000064) components
2012-01-21 12:35:19, Info CSI 000000fb [SR] Beginning Verify and Repair transaction
2012-01-21 12:35:21, Info CSI 000000fd [SR] Verify complete
2012-01-21 12:35:21, Info CSI 000000fe [SR] Verifying 100 (0x00000064) components
2012-01-21 12:35:21, Info CSI 000000ff [SR] Beginning Verify and Repair transaction
2012-01-21 12:35:25, Info CSI 00000101 [SR] Verify complete
2012-01-21 12:35:26, Info CSI 00000102 [SR] Verifying 100 (0x00000064) components
2012-01-21 12:35:26, Info CSI 00000103 [SR] Beginning Verify and Repair transaction
2012-01-21 12:35:30, Info CSI 00000105 [SR] Verify complete
2012-01-21 12:35:31, Info CSI 00000106 [SR] Verifying 100 (0x00000064) components
2012-01-21 12:35:31, Info CSI 00000107 [SR] Beginning Verify and Repair transaction
2012-01-21 12:35:39, Info CSI 00000109 [SR] Verify complete
2012-01-21 12:35:40, Info CSI 0000010a [SR] Verifying 100 (0x00000064) components
2012-01-21 12:35:40, Info CSI 0000010b [SR] Beginning Verify and Repair transaction
2012-01-21 12:35:50, Info CSI 0000010e [SR] Verify complete
2012-01-21 12:35:51, Info CSI 0000010f [SR] Verifying 100 (0x00000064) components
2012-01-21 12:35:51, Info CSI 00000110 [SR] Beginning Verify and Repair transaction
2012-01-21 12:35:54, Info CSI 00000112 [SR] Verify complete
2012-01-21 12:35:54, Info CSI 00000113 [SR] Verifying 100 (0x00000064) components
2012-01-21 12:35:54, Info CSI 00000114 [SR] Beginning Verify and Repair transaction
2012-01-21 12:36:02, Info CSI 00000116 [SR] Verify complete
2012-01-21 12:36:03, Info CSI 00000117 [SR] Verifying 100 (0x00000064) components
2012-01-21 12:36:03, Info CSI 00000118 [SR] Beginning Verify and Repair transaction
2012-01-21 12:36:07, Info CSI 0000011a [SR] Verify complete
2012-01-21 12:36:08, Info CSI 0000011b [SR] Verifying 100 (0x00000064) components
2012-01-21 12:36:08, Info CSI 0000011c [SR] Beginning Verify and Repair transaction
2012-01-21 12:36:13, Info CSI 0000011e [SR] Verify complete
2012-01-21 12:36:14, Info CSI 0000011f [SR] Verifying 100 (0x00000064) components
2012-01-21 12:36:14, Info CSI 00000120 [SR] Beginning Verify and Repair transaction
2012-01-21 12:36:25, Info CSI 00000125 [SR] Verify complete
2012-01-21 12:36:25, Info CSI 00000126 [SR] Verifying 100 (0x00000064) components
2012-01-21 12:36:25, Info CSI 00000127 [SR] Beginning Verify and Repair transaction
2012-01-21 12:36:36, Info CSI 00000149 [SR] Verify complete
2012-01-21 12:36:36, Info CSI 0000014a [SR] Verifying 100 (0x00000064) components
2012-01-21 12:36:36, Info CSI 0000014b [SR] Beginning Verify and Repair transaction
2012-01-21 12:36:47, Info CSI 0000014d [SR] Verify complete
2012-01-21 12:36:48, Info CSI 0000014e [SR] Verifying 100 (0x00000064) components
2012-01-21 12:36:48, Info CSI 0000014f [SR] Beginning Verify and Repair transaction
2012-01-21 12:37:17, Info CSI 00000151 [SR] Verify complete
2012-01-21 12:37:18, Info CSI 00000152 [SR] Verifying 100 (0x00000064) components
2012-01-21 12:37:18, Info CSI 00000153 [SR] Beginning Verify and Repair transaction
2012-01-21 12:37:26, Info CSI 00000155 [SR] Verify complete
2012-01-21 12:37:26, Info CSI 00000156 [SR] Verifying 100 (0x00000064) components
2012-01-21 12:37:26, Info CSI 00000157 [SR] Beginning Verify and Repair transaction
2012-01-21 12:37:36, Info CSI 00000159 [SR] Verify complete
2012-01-21 12:37:37, Info CSI 0000015a [SR] Verifying 100 (0x00000064) components
2012-01-21 12:37:37, Info CSI 0000015b [SR] Beginning Verify and Repair transaction
2012-01-21 12:37:44, Info CSI 0000015d [SR] Verify complete
2012-01-21 12:37:44, Info CSI 0000015e [SR] Verifying 100 (0x00000064) components
2012-01-21 12:37:44, Info CSI 0000015f [SR] Beginning Verify and Repair transaction
2012-01-21 12:37:49, Info CSI 00000161 [SR] Verify complete
2012-01-21 12:37:50, Info CSI 00000162 [SR] Verifying 100 (0x00000064) components
2012-01-21 12:37:50, Info CSI 00000163 [SR] Beginning Verify and Repair transaction
2012-01-21 12:37:56, Info CSI 00000166 [SR] Verify complete
2012-01-21 12:37:57, Info CSI 00000167 [SR] Verifying 100 (0x00000064) components
2012-01-21 12:37:57, Info CSI 00000168 [SR] Beginning Verify and Repair transaction
2012-01-21 12:38:18, Info CSI 0000016a [SR] Verify complete
2012-01-21 12:38:19, Info CSI 0000016b [SR] Verifying 100 (0x00000064) components
2012-01-21 12:38:19, Info CSI 0000016c [SR] Beginning Verify and Repair transaction
2012-01-21 12:38:26, Info CSI 0000016e [SR] Verify complete
2012-01-21 12:38:27, Info CSI 0000016f [SR] Verifying 100 (0x00000064) components
2012-01-21 12:38:27, Info CSI 00000170 [SR] Beginning Verify and Repair transaction
2012-01-21 12:38:40, Info CSI 00000172 [SR] Verify complete
2012-01-21 12:38:40, Info CSI 00000173 [SR] Verifying 100 (0x00000064) components
2012-01-21 12:38:40, Info CSI 00000174 [SR] Beginning Verify and Repair transaction
2012-01-21 12:38:55, Info CSI 00000176 [SR] Verify complete
2012-01-21 12:38:55, Info CSI 00000177 [SR] Verifying 100 (0x00000064) components
2012-01-21 12:38:55, Info CSI 00000178 [SR] Beginning Verify and Repair transaction
2012-01-21 12:39:03, Info CSI 0000017a [SR] Verify complete
2012-01-21 12:39:03, Info CSI 0000017b [SR] Verifying 100 (0x00000064) components
2012-01-21 12:39:03, Info CSI 0000017c [SR] Beginning Verify and Repair transaction
2012-01-21 12:39:16, Info CSI 0000017e [SR] Verify complete
2012-01-21 12:39:16, Info CSI 0000017f [SR] Verifying 100 (0x00000064) components
2012-01-21 12:39:16, Info CSI 00000180 [SR] Beginning Verify and Repair transaction
2012-01-21 12:39:32, Info CSI 00000183 [SR] Verify complete
2012-01-21 12:39:33, Info CSI 00000184 [SR] Verifying 100 (0x00000064) components
2012-01-21 12:39:33, Info CSI 00000185 [SR] Beginning Verify and Repair transaction
2012-01-21 12:39:38, Info CSI 00000187 [SR] Verify complete
2012-01-21 12:39:38, Info CSI 00000188 [SR] Verifying 100 (0x00000064) components
2012-01-21 12:39:38, Info CSI 00000189 [SR] Beginning Verify and Repair transaction
2012-01-21 12:39:45, Info CSI 0000018b [SR] Verify complete
2012-01-21 12:39:45, Info CSI 0000018c [SR] Verifying 100 (0x00000064) components
2012-01-21 12:39:45, Info CSI 0000018d [SR] Beginning Verify and Repair transaction
2012-01-21 12:39:53, Info CSI 0000018f [SR] Verify complete
2012-01-21 12:39:54, Info CSI 00000190 [SR] Verifying 100 (0x00000064) components
2012-01-21 12:39:54, Info CSI 00000191 [SR] Beginning Verify and Repair transaction
2012-01-21 12:40:02, Info CSI 00000196 [SR] Verify complete
2012-01-21 12:40:02, Info CSI 00000197 [SR] Verifying 100 (0x00000064) components
2012-01-21 12:40:02, Info CSI 00000198 [SR] Beginning Verify and Repair transaction
2012-01-21 12:40:09, Info CSI 0000019a [SR] Verify complete
2012-01-21 12:40:10, Info CSI 0000019b [SR] Verifying 100 (0x00000064) components
2012-01-21 12:40:10, Info CSI 0000019c [SR] Beginning Verify and Repair transaction
2012-01-21 12:40:22, Info CSI 0000019e [SR] Verify complete
2012-01-21 12:40:23, Info CSI 0000019f [SR] Verifying 100 (0x00000064) components
2012-01-21 12:40:23, Info CSI 000001a0 [SR] Beginning Verify and Repair transaction
2012-01-21 12:40:29, Info CSI 000001a2 [SR] Verify complete
2012-01-21 12:40:29, Info CSI 000001a3 [SR] Verifying 100 (0x00000064) components
2012-01-21 12:40:29, Info CSI 000001a4 [SR] Beginning Verify and Repair transaction
2012-01-21 12:40:31, Info CSI 000001a6 [SR] Verify complete
2012-01-21 12:40:32, Info CSI 000001a7 [SR] Verifying 100 (0x00000064) components
2012-01-21 12:40:32, Info CSI 000001a8 [SR] Beginning Verify and Repair transaction
2012-01-21 12:40:43, Info CSI 000001aa [SR] Verify complete
2012-01-21 12:40:44, Info CSI 000001ab [SR] Verifying 100 (0x00000064) components
2012-01-21 12:40:44, Info CSI 000001ac [SR] Beginning Verify and Repair transaction
2012-01-21 12:40:53, Info CSI 000001ae [SR] Verify complete
2012-01-21 12:40:53, Info CSI 000001af [SR] Verifying 100 (0x00000064) components
2012-01-21 12:40:53, Info CSI 000001b0 [SR] Beginning Verify and Repair transaction
2012-01-21 12:41:00, Info CSI 000001b2 [SR] Verify complete
2012-01-21 12:41:01, Info CSI 000001b3 [SR] Verifying 100 (0x00000064) components
2012-01-21 12:41:01, Info CSI 000001b4 [SR] Beginning Verify and Repair transaction
2012-01-21 12:41:18, Info CSI 000001b6 [SR] Verify complete
2012-01-21 12:41:18, Info CSI 000001b7 [SR] Verifying 100 (0x00000064) components
2012-01-21 12:41:18, Info CSI 000001b8 [SR] Beginning Verify and Repair transaction
2012-01-21 12:41:22, Info CSI 000001ba [SR] Verify complete
2012-01-21 12:41:23, Info CSI 000001bb [SR] Verifying 100 (0x00000064) components
2012-01-21 12:41:23, Info CSI 000001bc [SR] Beginning Verify and Repair transaction
2012-01-21 12:41:29, Info CSI 000001be [SR] Verify complete
2012-01-21 12:41:30, Info CSI 000001bf [SR] Verifying 100 (0x00000064) components
2012-01-21 12:41:30, Info CSI 000001c0 [SR] Beginning Verify and Repair transaction
2012-01-21 12:41:40, Info CSI 000001cb [SR] Verify complete
2012-01-21 12:41:41, Info CSI 000001cc [SR] Verifying 22 (0x00000016) components
2012-01-21 12:41:41, Info CSI 000001cd [SR] Beginning Verify and Repair transaction
2012-01-21 12:41:42, Info CSI 000001cf [SR] Verify complete
2012-01-21 12:41:42, Info CSI 000001d0 [SR] Repairing 0 components
2012-01-21 12:41:42, Info CSI 000001d1 [SR] Beginning Verify and Repair transaction
2012-01-21 12:41:42, Info CSI 000001d3 [SR] Repair complete

COCOCCOCOOCOC sigverif did not display any unsigned drivers COCCOCOCOCOC

COCCOCOCOCOCO VEW sys log COCOCOCOCOOC

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 21/01/2012 12:48:18 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 21/01/2012 6:28:45 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: SDHookDriver

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 21/01/2012 6:28:15 PM
Type: Warning Category: 0
Event: 4 Source: bcm4sbxp
Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 21/01/2012 6:27:18 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

COCOCOCOCOOCOC VEW app log COCOCOCCOCOCDOO

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 21/01/2012 12:49:32 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 21/01/2012 6:27:17 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-1472772605-2542600416-2604280586-1000_Classes:
Process 1808 (\Device\HarddiskVolume3\Windows\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-1472772605-2542600416-2604280586-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache

COCOCOCOCOCOCO ESETscan log CCOCOCOCOOCOOCO

C:\ProgramData\~0\rbia.exe Win32/RegistryBooster application
C:\Users\All Users\~0\rbia.exe Win32/RegistryBooster application
C:\Users\Rachel\Desktop\Stormy\Software\imf-setup.exe a variant of Win32/Toolbar.Widgi application

#15
RKinner

Posted 21 January 2012 - 05:30 PM

Malware Expert

Expert
24,623 posts

The following boot-start or system-start driver(s) failed to load: SDHookDriver

This is from Spybot S&D. I would uninstall it as it is not working correctly. You can reinstall it if you like.

~$s29.txt - normally just an open text file. Close all programs and if it is still there then delete it.
AlbumArtSmall.jpg - Looks like just a picture. Delete it if you want to.
desktop.ini - normal windows file. You can delete it if you want it will comes back.
Folder.jpg - Looks like just a picture. Delete it if you want to.

SRV - File not found [On_Demand | Stopped] -- -- (HPSLPSVC)
SRV - File not found [On_Demand | Stopped] -- -- (hpqddsvc)
SRV - File not found [Disabled | Stopped] -- -- (hpqcxs08)

Three dead services from HP. Nothing to worry about.

C:\ProgramData\~0\rbia.exe Win32/RegistryBooster application
C:\Users\All Users\~0\rbia.exe Win32/RegistryBooster application
C:\Users\Rachel\Desktop\Stormy\Software\imf-setup.exe a variant of Win32/Toolbar.Widgi application

Registry Boosters don't really do anything and can damage your system so we do not recommend them. The last one is just an adware toolbar.

Looks pretty clean to me. I think you just have a false positive. If you can find the file that Panda is complaining about you can submit it to http://www.virustotal.com and see what the other a-v companies have to say about it.

Ron