Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Redirecting virus and proxy settings

Started by FelixMutch , Feb 08 2012 07:55 PM

  • Please log in to reply

#1
FelixMutch
Posted 08 February 2012 - 07:55 PM

FelixMutch

    New Member

  • Member
  • Pip
  • 5 posts
My computer is acting very strange. I keep getting redirected to websites that try and sell me stuff. When I go to google, it takes me to Google.uk.co. And when I go to google it firefox, it won't load because of my proxy settings. Below is my OTL log.

I ran MBAM and it found a couple of items, but I am still getting re-directed. My symptoms are pretty bad as I cannot navigate the internet.

Thank you very much for your help.

OTL logfile created on: 2/8/2012 8:49:06 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\civ\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.12 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 61.09% Memory free
6.24 Gb Paging File | 4.89 Gb Available in Paging File | 78.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.99 Gb Total Space | 38.59 Gb Free Space | 12.95% Space Free | Partition Type: NTFS
Drive F: | 100.00 Mb Total Space | 61.86 Mb Free Space | 61.86% Space Free | Partition Type: NTFS
Drive G: | 931.41 Gb Total Space | 116.72 Gb Free Space | 12.53% Space Free | Partition Type: NTFS

Computer Name: MIKE-PC | User Name: civ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/06 21:09:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\civ\Desktop\OTL.exe
PRC - [2012/01/29 10:55:53 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/07 20:06:12 | 000,803,432 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011/01/07 18:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/10/14 11:17:10 | 000,615,312 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\WasherSvc.exe
PRC - [2007/05/16 08:27:38 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/05/16 08:27:16 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/29 10:55:53 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/19 09:46:31 | 006,271,136 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/01/07 18:48:38 | 000,235,624 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2009/08/16 16:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/03/16 09:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/01/07 18:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/10/14 11:17:10 | 000,615,312 | ---- | M] (Webroot Software, Inc.) [Auto | Running] -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc)
SRV - [2010/08/15 22:52:45 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)


========== Driver Services (SafeList) ==========

DRV - [2011/01/07 20:27:00 | 010,467,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/11 16:10:50 | 000,122,984 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010/02/11 02:42:22 | 004,450,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 17:02:53 | 000,545,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2009/07/13 17:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/06/26 09:45:12 | 000,286,208 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WMP54Gv41x86.sys -- (rt61x86)
DRV - [2007/06/02 14:59:42 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DF 32 56 25 3A E5 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:56121

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/08 20:41:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/20 13:54:04 | 000,000,000 | ---D | M]

[2012/02/08 20:41:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\civ\AppData\Roaming\Mozilla\Extensions
[2012/02/08 20:41:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/29 10:55:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/07/31 10:36:27 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/01/23 21:52:10 | 000,550,504 | ---- | M] (WholeSecurity,Inc.) -- C:\Program Files\mozilla firefox\plugins\NPNTEE.dll
[2012/01/29 08:36:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/29 08:36:35 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/02/08 20:32:43 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77B274DA-A97E-4257-8477-2C6807C94A95}: DhcpNameServer = 208.59.247.45 208.59.247.46
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7E11AAE-4C0A-46ED-ACFF-E49A7FEEC62B}: DhcpNameServer = 208.59.247.45 208.59.247.46
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E871A26C-DF6B-48ED-8711-911231FB818D}: DhcpNameServer = 192.168.10.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - G:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/08 20:41:16 | 000,000,000 | ---D | C] -- C:\Users\civ\AppData\Roaming\Mozilla
[2012/02/08 19:02:02 | 000,000,000 | ---D | C] -- C:\Users\civ\Desktop\trojan
[2012/02/06 21:11:51 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\civ\Desktop\OTL.exe
[2012/02/06 21:09:17 | 000,000,000 | ---D | C] -- C:\Users\civ\Desktop\Virus Removal
[2012/02/06 20:59:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2012/02/06 20:41:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/06 20:18:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/06 20:18:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/06 20:18:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/06 20:18:34 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/06 20:17:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/06 20:12:18 | 000,000,000 | ---D | C] -- C:\Users\civ\AppData\Local\VirtualStore
[2012/02/06 19:38:28 | 000,000,000 | ---D | C] -- C:\Program Files\C2E82
[2012/02/06 19:38:05 | 000,000,000 | ---D | C] -- C:\Users\civ\AppData\Roaming\20EC2
[2012/02/06 19:37:49 | 000,000,000 | -HSD | C] -- C:\Users\civ\AppData\Roaming\AV Security Essentials
[2012/02/06 19:37:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\AVNJSE
[2012/01/30 19:51:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/01/30 19:50:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/01/30 19:50:05 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/01/30 19:48:15 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/01/30 19:45:40 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/01/23 22:36:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avery Dennison
[2012/01/23 22:35:53 | 000,000,000 | ---D | C] -- C:\Program Files\Avery Dennison
[2012/01/23 22:35:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Avery

========== Files - Modified Within 30 Days ==========

[2012/02/08 20:41:49 | 000,015,040 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/08 20:41:49 | 000,015,040 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/08 20:41:06 | 000,001,092 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/08 20:39:08 | 000,626,844 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/08 20:39:08 | 000,107,160 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/08 20:34:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/08 20:34:31 | 2514,948,096 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/08 20:32:43 | 000,000,824 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/02/08 19:03:11 | 001,008,141 | ---- | M] () -- C:\Users\civ\Desktop\iExplore.exe
[2012/02/06 23:20:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4245107733-2559119671-2056312466-1000UA.job
[2012/02/06 21:09:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\civ\Desktop\OTL.exe
[2012/02/06 20:12:44 | 000,006,586 | ---- | M] () -- C:\Users\civ\Desktop\mbam-log-2012-02-06 (19-59-22) 1st log.rar
[2012/02/06 19:44:03 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/06 19:37:53 | 000,001,643 | ---- | M] () -- C:\Users\civ\Application Data\Microsoft\Internet Explorer\Quick Launch\AV Security Essentials.lnk
[2012/02/06 15:20:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4245107733-2559119671-2056312466-1000Core.job
[2012/01/31 03:17:55 | 003,892,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/01/30 19:51:01 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/20 13:30:17 | 304,406,707 | ---- | M] () -- C:\Windows\MEMORY.DMP

========== Files Created - No Company Name ==========

[2012/02/08 20:41:06 | 000,001,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/02/08 20:41:06 | 000,001,092 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/08 19:03:11 | 001,008,141 | ---- | C] () -- C:\Users\civ\Desktop\iExplore.exe
[2012/02/06 20:18:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/06 20:18:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/06 20:18:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/06 20:18:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/06 20:18:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/06 20:12:44 | 000,006,586 | ---- | C] () -- C:\Users\civ\Desktop\mbam-log-2012-02-06 (19-59-22) 1st log.rar
[2012/02/06 19:44:03 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/06 19:37:53 | 000,001,649 | ---- | C] () -- C:\Users\civ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Security Essentials.lnk
[2012/02/06 19:37:53 | 000,001,643 | ---- | C] () -- C:\Users\civ\Application Data\Microsoft\Internet Explorer\Quick Launch\AV Security Essentials.lnk
[2012/01/30 19:51:01 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/06/06 21:34:42 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/05/26 18:38:39 | 000,001,502 | -HS- | C] () -- C:\ProgramData\o46m08r2kous668313xtbml47c0l680o07f
[2011/05/11 19:00:41 | 000,013,138 | -HS- | C] () -- C:\ProgramData\t5h3710btkyvc7ysrur63f5pk32e0x8r082s66
[2011/04/29 17:11:13 | 000,000,551 | ---- | C] () -- C:\Windows\eReg.dat
[2011/04/24 11:07:34 | 000,187,816 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/04/04 12:28:45 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/12/05 16:55:14 | 000,052,864 | R--- | C] () -- C:\Windows\System32\SetupWizard.exe
[2010/09/28 17:33:51 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/09/28 17:22:56 | 000,258,048 | ---- | C] () -- C:\Windows\System32\libFLAC.dll
[2010/08/25 18:33:59 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010/08/14 23:38:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/08/14 23:22:39 | 000,194,438 | ---- | C] () -- C:\Windows\hpoins41.dat
[2010/02/11 00:30:38 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 003,892,808 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,626,844 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,107,160 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/06/04 19:14:55 | 000,001,253 | ---- | C] () -- C:\Windows\hpomdl41.dat
[2009/04/23 17:29:16 | 000,189,051 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007/06/12 10:25:54 | 000,000,920 | ---- | C] () -- C:\Windows\System32\WLAN.INI

========== LOP Check ==========

[2012/02/06 20:11:06 | 000,000,000 | ---D | M] -- C:\Users\civ\AppData\Roaming\20EC2
[2012/02/06 19:39:54 | 000,000,000 | -HSD | M] -- C:\Users\civ\AppData\Roaming\AV Security Essentials
[2012/02/06 20:00:11 | 000,000,000 | ---D | M] -- C:\Users\civ\AppData\Roaming\uTorrent
[2011/10/13 18:14:02 | 000,032,656 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0F8F5844
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:A9662AE0

< End of report >
  • 0

Advertisements

#2
RKinner
Posted 09 February 2012 - 07:22 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c


:OTL
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:56121
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
[2012/02/06 19:38:28 | 000,000,000 | ---D | C] -- C:\Program Files\C2E82
[2012/02/06 19:38:05 | 000,000,000 | ---D | C] -- C:\Users\civ\AppData\Roaming\20EC2
[2012/02/06 19:37:49 | 000,000,000 | -HSD | C] -- C:\Users\civ\AppData\Roaming\AV Security Essentials
[2012/02/06 19:37:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\AVNJSE
[2012/02/06 19:37:53 | 000,001,643 | ---- | M] () -- C:\Users\civ\Application Data\Microsoft\Internet Explorer\Quick Launch\AV Security Essentials.lnk
[2012/02/06 19:37:53 | 000,001,649 | ---- | C] () -- C:\Users\civ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Security Essentials.lnk
[2011/05/26 18:38:39 | 000,001,502 | -HS- | C] () -- C:\ProgramData\o46m08r2kous668313xtbml47c0l680o07f
[2011/05/11 19:00:41 | 000,013,138 | -HS- | C] () -- C:\ProgramData\t5h3710btkyvc7ysrur63f5pk32e0x8r082s66
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0F8F5844
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:A9662AE0

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
     
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.


ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

If you get an error: 'illegal operation attempted on a registry key that has been marked for deletion'
just reboot once and it should go away.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator

uncheck trace disk IO calls
Click the "Scan" button to start scan (Allow the Avast Engine)
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Ron
  • 0

#3
FelixMutch
Posted 10 February 2012 - 09:30 PM

FelixMutch

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Below are the logs. On completion of the aswMBR.exe scan the "Fix" button was not enabled.

For some reason I cannot see this topic on geekstogo.com. When I click on "my contect" i get this message "There is no information to show." or this error "This is not a problem with IP.Board but rather with your SQL server. Please contact your host and copy the message shown above."

I can see other topics, but not mine. I can click on my topic in the forum now to see it, but I could not do that earlier.

Thank you for your help.

ComboFix 12-02-10.03 - civ 02/10/2012 21:34:06.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3198.2202 [GMT -5:00]
Running from: c:\users\civ\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\GroupPolicy\Machine\Registry.pol
.
.
((((((((((((((((((((((((( Files Created from 2012-01-11 to 2012-02-11 )))))))))))))))))))))))))))))))
.
.
2012-02-11 02:42 . 2012-02-11 02:42 -------- d-----w- c:\users\civ\AppData\Local\temp
2012-02-11 02:42 . 2012-02-11 02:42 -------- d-----w- c:\users\Mike\AppData\Local\temp
2012-02-11 02:42 . 2012-02-11 02:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-11 02:26 . 2012-02-11 02:26 -------- d-----w- C:\_OTL
2012-02-11 00:28 . 2012-02-11 00:28 -------- d-----w- c:\users\civ\AppData\Local\Apple
2012-02-07 01:12 . 2012-02-07 01:12 -------- d-----w- c:\users\civ\AppData\Local\VirtualStore
2012-01-31 05:41 . 2011-11-17 05:41 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-31 05:41 . 2011-11-17 05:41 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-31 05:41 . 2011-11-17 05:39 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-31 05:41 . 2011-11-17 05:35 314880 ----a-w- c:\windows\system32\webio.dll
2012-01-31 05:41 . 2011-11-17 05:34 15872 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-31 05:41 . 2011-11-17 05:34 100352 ----a-w- c:\windows\system32\sspicli.dll
2012-01-31 05:41 . 2011-11-17 05:34 224768 ----a-w- c:\windows\system32\schannel.dll
2012-01-31 05:41 . 2011-11-17 05:34 22016 ----a-w- c:\windows\system32\secur32.dll
2012-01-31 05:41 . 2011-11-17 05:32 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-31 05:41 . 2011-11-17 05:29 22528 ----a-w- c:\windows\system32\lsass.exe
2012-01-31 00:50 . 2012-01-31 00:50 -------- d-----w- c:\program files\iPod
2012-01-31 00:50 . 2012-01-31 00:51 -------- d-----w- c:\program files\iTunes
2012-01-31 00:48 . 2012-01-31 00:48 -------- d-----w- c:\program files\Bonjour
2012-01-31 00:45 . 2012-01-31 00:45 -------- d-----w- c:\program files\Apple Software Update
2012-01-29 16:59 . 2012-01-29 16:59 -------- d-----w- c:\users\Mike\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-01-24 03:35 . 2012-01-24 03:35 -------- d-----w- c:\programdata\Avery
2012-01-24 03:35 . 2012-01-24 03:35 -------- d-----w- c:\program files\Avery Dennison
2012-01-20 16:57 . 2011-10-26 04:32 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-01-20 16:57 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\system32\quartz.dll
2012-01-20 16:38 . 2011-11-17 05:38 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-01-20 16:38 . 2011-11-19 14:01 67072 ----a-w- c:\windows\system32\packager.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-29 10:10 . 2010-08-15 02:15 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-12-10 20:24 . 2010-08-20 00:45 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-24 04:25 . 2011-12-15 22:50 2342912 ----a-w- c:\windows\system32\win32k.sys
2012-01-29 15:55 . 2012-02-09 01:41 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-02 139776]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-16 1343400]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
S2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [2010-10-14 615312]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-11-11 122984]
S3 rt61x86;Linksys Wireless-G PCI Adapter Driver;c:\windows\system32\DRIVERS\WMP54Gv41x86.sys [2007-06-26 286208]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4245107733-2559119671-2056312466-1000Core.job
- c:\users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-04 14:38]
.
2012-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4245107733-2559119671-2056312466-1000UA.job
- c:\users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-04 14:38]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\civ\AppData\Roaming\Mozilla\Firefox\Profiles\uqubjbet.default\
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-10 21:44:38
ComboFix-quarantined-files.txt 2012-02-11 02:44
.
Pre-Run: 40,736,092,160 bytes free
Post-Run: 40,721,600,512 bytes free
.
- - End Of File - - 664F49E70235C4F5E82CF5615CEE0425

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>


21:55:39.0833 2476 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
21:55:40.0067 2476 ============================================================
21:55:40.0067 2476 Current date / time: 2012/02/10 21:55:40.0067
21:55:40.0067 2476 SystemInfo:
21:55:40.0067 2476
21:55:40.0067 2476 OS Version: 6.1.7601 ServicePack: 1.0
21:55:40.0067 2476 Product type: Workstation
21:55:40.0067 2476 ComputerName: MIKE-PC
21:55:40.0067 2476 UserName: civ
21:55:40.0067 2476 Windows directory: C:\Windows
21:55:40.0067 2476 System windows directory: C:\Windows
21:55:40.0067 2476 Processor architecture: Intel x86
21:55:40.0067 2476 Number of processors: 2
21:55:40.0067 2476 Page size: 0x1000
21:55:40.0067 2476 Boot type: Normal boot
21:55:40.0067 2476 ============================================================
21:55:40.0566 2476 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:55:40.0581 2476 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:55:40.0628 2476 \Device\Harddisk0\DR0:
21:55:40.0628 2476 MBR used
21:55:40.0628 2476 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:55:40.0628 2476 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
21:55:40.0628 2476 \Device\Harddisk1\DR1:
21:55:40.0628 2476 MBR used
21:55:40.0628 2476 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:55:40.0628 2476 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
21:55:40.0675 2476 Initialize success
21:55:40.0675 2476 ============================================================
21:55:56.0400 4536 ============================================================
21:55:56.0400 4536 Scan started
21:55:56.0400 4536 Mode: Manual;
21:55:56.0400 4536 ============================================================
21:55:57.0351 4536 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
21:55:57.0351 4536 1394ohci - ok
21:55:57.0414 4536 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
21:55:57.0414 4536 ACPI - ok
21:55:57.0476 4536 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
21:55:57.0476 4536 AcpiPmi - ok
21:55:57.0523 4536 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
21:55:57.0523 4536 adp94xx - ok
21:55:57.0570 4536 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
21:55:57.0570 4536 adpahci - ok
21:55:57.0601 4536 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
21:55:57.0601 4536 adpu320 - ok
21:55:57.0663 4536 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
21:55:57.0679 4536 AFD - ok
21:55:57.0726 4536 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
21:55:57.0726 4536 agp440 - ok
21:55:57.0757 4536 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
21:55:57.0757 4536 aic78xx - ok
21:55:57.0819 4536 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
21:55:57.0819 4536 aliide - ok
21:55:57.0882 4536 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
21:55:57.0882 4536 amdagp - ok
21:55:57.0913 4536 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
21:55:57.0913 4536 amdide - ok
21:55:57.0929 4536 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
21:55:57.0929 4536 AmdK8 - ok
21:55:57.0944 4536 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
21:55:57.0944 4536 AmdPPM - ok
21:55:57.0991 4536 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
21:55:57.0991 4536 amdsata - ok
21:55:58.0022 4536 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
21:55:58.0022 4536 amdsbs - ok
21:55:58.0022 4536 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
21:55:58.0022 4536 amdxata - ok
21:55:58.0085 4536 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
21:55:58.0100 4536 AppID - ok
21:55:58.0131 4536 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
21:55:58.0131 4536 arc - ok
21:55:58.0163 4536 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
21:55:58.0163 4536 arcsas - ok
21:55:58.0194 4536 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
21:55:58.0194 4536 AsyncMac - ok
21:55:58.0225 4536 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
21:55:58.0225 4536 atapi - ok
21:55:58.0365 4536 atikmdag (7db96c2801a78513bdc133c25d07929e) C:\Windows\system32\DRIVERS\atikmdag.sys
21:55:58.0397 4536 atikmdag - ok
21:55:58.0459 4536 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
21:55:58.0475 4536 b06bdrv - ok
21:55:58.0506 4536 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
21:55:58.0506 4536 b57nd60x - ok
21:55:58.0521 4536 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
21:55:58.0521 4536 Beep - ok
21:55:58.0553 4536 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
21:55:58.0553 4536 blbdrive - ok
21:55:58.0662 4536 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
21:55:58.0662 4536 bowser - ok
21:55:58.0677 4536 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:55:58.0677 4536 BrFiltLo - ok
21:55:58.0693 4536 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:55:58.0693 4536 BrFiltUp - ok
21:55:58.0740 4536 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
21:55:58.0740 4536 BridgeMP - ok
21:55:58.0771 4536 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
21:55:58.0771 4536 Brserid - ok
21:55:58.0818 4536 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
21:55:58.0818 4536 BrSerWdm - ok
21:55:58.0833 4536 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:55:58.0833 4536 BrUsbMdm - ok
21:55:58.0865 4536 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
21:55:58.0865 4536 BrUsbSer - ok
21:55:58.0896 4536 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
21:55:58.0896 4536 BTHMODEM - ok
21:55:59.0036 4536 catchme - ok
21:55:59.0067 4536 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
21:55:59.0067 4536 cdfs - ok
21:55:59.0130 4536 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
21:55:59.0130 4536 cdrom - ok
21:55:59.0161 4536 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
21:55:59.0161 4536 circlass - ok
21:55:59.0192 4536 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
21:55:59.0192 4536 CLFS - ok
21:55:59.0239 4536 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
21:55:59.0239 4536 CmBatt - ok
21:55:59.0301 4536 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
21:55:59.0301 4536 cmdide - ok
21:55:59.0348 4536 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
21:55:59.0348 4536 CNG - ok
21:55:59.0364 4536 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
21:55:59.0364 4536 Compbatt - ok
21:55:59.0411 4536 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
21:55:59.0411 4536 CompositeBus - ok
21:55:59.0457 4536 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
21:55:59.0457 4536 crcdisk - ok
21:55:59.0520 4536 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
21:55:59.0520 4536 CSC - ok
21:55:59.0567 4536 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
21:55:59.0567 4536 DfsC - ok
21:55:59.0598 4536 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
21:55:59.0598 4536 discache - ok
21:55:59.0613 4536 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
21:55:59.0613 4536 Disk - ok
21:55:59.0676 4536 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
21:55:59.0676 4536 Dot4 - ok
21:55:59.0723 4536 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\drivers\Dot4Prt.sys
21:55:59.0723 4536 Dot4Print - ok
21:55:59.0754 4536 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
21:55:59.0754 4536 dot4usb - ok
21:55:59.0785 4536 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
21:55:59.0785 4536 drmkaud - ok
21:55:59.0863 4536 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
21:55:59.0863 4536 DXGKrnl - ok
21:55:59.0925 4536 e1express (cf0a6015f437161698c5b2a0a12cf052) C:\Windows\system32\DRIVERS\e1e6032.sys
21:55:59.0925 4536 e1express - ok
21:56:00.0019 4536 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
21:56:00.0050 4536 ebdrv - ok
21:56:00.0097 4536 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
21:56:00.0097 4536 elxstor - ok
21:56:00.0159 4536 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
21:56:00.0159 4536 ErrDev - ok
21:56:00.0206 4536 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
21:56:00.0206 4536 exfat - ok
21:56:00.0222 4536 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
21:56:00.0222 4536 fastfat - ok
21:56:00.0253 4536 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
21:56:00.0253 4536 fdc - ok
21:56:00.0284 4536 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
21:56:00.0284 4536 FileInfo - ok
21:56:00.0315 4536 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
21:56:00.0315 4536 Filetrace - ok
21:56:00.0331 4536 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
21:56:00.0331 4536 flpydisk - ok
21:56:00.0362 4536 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
21:56:00.0362 4536 FltMgr - ok
21:56:00.0393 4536 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
21:56:00.0393 4536 FsDepends - ok
21:56:00.0425 4536 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
21:56:00.0425 4536 Fs_Rec - ok
21:56:00.0471 4536 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
21:56:00.0471 4536 fvevol - ok
21:56:00.0487 4536 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:56:00.0487 4536 gagp30kx - ok
21:56:00.0534 4536 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:56:00.0534 4536 GEARAspiWDM - ok
21:56:00.0565 4536 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
21:56:00.0565 4536 hcw85cir - ok
21:56:00.0627 4536 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
21:56:00.0643 4536 HdAudAddService - ok
21:56:00.0659 4536 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
21:56:00.0659 4536 HDAudBus - ok
21:56:00.0674 4536 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
21:56:00.0674 4536 HidBatt - ok
21:56:00.0690 4536 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
21:56:00.0690 4536 HidBth - ok
21:56:00.0721 4536 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
21:56:00.0721 4536 HidIr - ok
21:56:00.0768 4536 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
21:56:00.0768 4536 HidUsb - ok
21:56:00.0815 4536 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
21:56:00.0815 4536 HpSAMD - ok
21:56:00.0893 4536 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
21:56:00.0893 4536 HTTP - ok
21:56:00.0939 4536 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
21:56:00.0939 4536 hwpolicy - ok
21:56:01.0002 4536 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
21:56:01.0002 4536 i8042prt - ok
21:56:01.0064 4536 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
21:56:01.0064 4536 iaStorV - ok
21:56:01.0095 4536 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
21:56:01.0095 4536 iirsp - ok
21:56:01.0111 4536 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
21:56:01.0111 4536 intelide - ok
21:56:01.0142 4536 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
21:56:01.0142 4536 intelppm - ok
21:56:01.0158 4536 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:56:01.0158 4536 IpFilterDriver - ok
21:56:01.0205 4536 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
21:56:01.0205 4536 IPMIDRV - ok
21:56:01.0236 4536 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
21:56:01.0236 4536 IPNAT - ok
21:56:01.0267 4536 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
21:56:01.0267 4536 IRENUM - ok
21:56:01.0283 4536 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
21:56:01.0283 4536 isapnp - ok
21:56:01.0345 4536 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
21:56:01.0345 4536 iScsiPrt - ok
21:56:01.0376 4536 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:56:01.0376 4536 kbdclass - ok
21:56:01.0392 4536 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
21:56:01.0392 4536 kbdhid - ok
21:56:01.0439 4536 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
21:56:01.0439 4536 KSecDD - ok
21:56:01.0485 4536 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
21:56:01.0485 4536 KSecPkg - ok
21:56:01.0548 4536 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
21:56:01.0548 4536 lltdio - ok
21:56:01.0595 4536 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:56:01.0595 4536 LSI_FC - ok
21:56:01.0626 4536 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:56:01.0626 4536 LSI_SAS - ok
21:56:01.0657 4536 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:56:01.0657 4536 LSI_SAS2 - ok
21:56:01.0673 4536 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:56:01.0673 4536 LSI_SCSI - ok
21:56:01.0704 4536 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
21:56:01.0704 4536 luafv - ok
21:56:01.0719 4536 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
21:56:01.0719 4536 megasas - ok
21:56:01.0751 4536 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
21:56:01.0751 4536 MegaSR - ok
21:56:01.0797 4536 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
21:56:01.0797 4536 Modem - ok
21:56:01.0829 4536 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
21:56:01.0829 4536 monitor - ok
21:56:01.0891 4536 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
21:56:01.0891 4536 mouclass - ok
21:56:01.0922 4536 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
21:56:01.0922 4536 mouhid - ok
21:56:01.0985 4536 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
21:56:02.0000 4536 mountmgr - ok
21:56:02.0047 4536 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
21:56:02.0047 4536 mpio - ok
21:56:02.0078 4536 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
21:56:02.0078 4536 mpsdrv - ok
21:56:02.0141 4536 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
21:56:02.0141 4536 MRxDAV - ok
21:56:02.0203 4536 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:56:02.0203 4536 mrxsmb - ok
21:56:02.0265 4536 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:56:02.0265 4536 mrxsmb10 - ok
21:56:02.0297 4536 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:56:02.0297 4536 mrxsmb20 - ok
21:56:02.0359 4536 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
21:56:02.0359 4536 msahci - ok
21:56:02.0406 4536 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
21:56:02.0406 4536 msdsm - ok
21:56:02.0453 4536 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
21:56:02.0453 4536 Msfs - ok
21:56:02.0484 4536 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
21:56:02.0484 4536 mshidkmdf - ok
21:56:02.0531 4536 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
21:56:02.0546 4536 msisadrv - ok
21:56:02.0593 4536 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
21:56:02.0593 4536 MSKSSRV - ok
21:56:02.0624 4536 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
21:56:02.0624 4536 MSPCLOCK - ok
21:56:02.0624 4536 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
21:56:02.0624 4536 MSPQM - ok
21:56:02.0671 4536 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
21:56:02.0671 4536 MsRPC - ok
21:56:02.0687 4536 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
21:56:02.0687 4536 mssmbios - ok
21:56:02.0718 4536 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
21:56:02.0718 4536 MSTEE - ok
21:56:02.0733 4536 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
21:56:02.0733 4536 MTConfig - ok
21:56:02.0780 4536 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
21:56:02.0780 4536 Mup - ok
21:56:02.0827 4536 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
21:56:02.0827 4536 NativeWifiP - ok
21:56:02.0921 4536 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
21:56:02.0936 4536 NDIS - ok
21:56:02.0952 4536 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
21:56:02.0952 4536 NdisCap - ok
21:56:02.0983 4536 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
21:56:02.0983 4536 NdisTapi - ok
21:56:03.0030 4536 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
21:56:03.0030 4536 Ndisuio - ok
21:56:03.0092 4536 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
21:56:03.0092 4536 NdisWan - ok
21:56:03.0170 4536 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
21:56:03.0170 4536 NDProxy - ok
21:56:03.0217 4536 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
21:56:03.0217 4536 NetBIOS - ok
21:56:03.0279 4536 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
21:56:03.0279 4536 NetBT - ok
21:56:03.0342 4536 netr73 (76b1157ef850830c5ece61d3e591ca8b) C:\Windows\system32\DRIVERS\netr73.sys
21:56:03.0357 4536 netr73 - ok
21:56:03.0373 4536 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
21:56:03.0373 4536 nfrd960 - ok
21:56:03.0404 4536 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
21:56:03.0404 4536 Npfs - ok
21:56:03.0420 4536 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
21:56:03.0420 4536 nsiproxy - ok
21:56:03.0513 4536 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
21:56:03.0513 4536 Ntfs - ok
21:56:03.0529 4536 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
21:56:03.0529 4536 Null - ok
21:56:03.0623 4536 NVHDA (92cfe8964b3a6da0692331fa66630db3) C:\Windows\system32\drivers\nvhda32v.sys
21:56:03.0623 4536 NVHDA - ok
21:56:03.0888 4536 nvlddmkm (73a70f1d89c942eedd99a3f10459b051) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:56:03.0950 4536 nvlddmkm - ok
21:56:04.0013 4536 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
21:56:04.0028 4536 nvraid - ok
21:56:04.0044 4536 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
21:56:04.0044 4536 nvstor - ok
21:56:04.0059 4536 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
21:56:04.0059 4536 nv_agp - ok
21:56:04.0106 4536 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
21:56:04.0106 4536 ohci1394 - ok
21:56:04.0184 4536 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
21:56:04.0184 4536 Parport - ok
21:56:04.0215 4536 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
21:56:04.0215 4536 partmgr - ok
21:56:04.0247 4536 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
21:56:04.0247 4536 Parvdm - ok
21:56:04.0293 4536 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
21:56:04.0293 4536 pci - ok
21:56:04.0309 4536 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
21:56:04.0309 4536 pciide - ok
21:56:04.0325 4536 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
21:56:04.0325 4536 pcmcia - ok
21:56:04.0356 4536 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
21:56:04.0356 4536 pcw - ok
21:56:04.0403 4536 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
21:56:04.0403 4536 PEAUTH - ok
21:56:04.0481 4536 pgfilter - ok
21:56:04.0527 4536 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
21:56:04.0527 4536 PptpMiniport - ok
21:56:04.0559 4536 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
21:56:04.0559 4536 Processor - ok
21:56:04.0637 4536 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
21:56:04.0637 4536 Psched - ok
21:56:04.0683 4536 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
21:56:04.0699 4536 ql2300 - ok
21:56:04.0730 4536 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
21:56:04.0730 4536 ql40xx - ok
21:56:04.0761 4536 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
21:56:04.0761 4536 QWAVEdrv - ok
21:56:04.0777 4536 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
21:56:04.0777 4536 RasAcd - ok
21:56:04.0824 4536 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:56:04.0824 4536 RasAgileVpn - ok
21:56:04.0839 4536 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:56:04.0839 4536 Rasl2tp - ok
21:56:04.0871 4536 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
21:56:04.0871 4536 RasPppoe - ok
21:56:04.0902 4536 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
21:56:04.0902 4536 RasSstp - ok
21:56:04.0980 4536 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
21:56:04.0980 4536 rdbss - ok
21:56:05.0011 4536 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
21:56:05.0011 4536 rdpbus - ok
21:56:05.0073 4536 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:56:05.0073 4536 RDPCDD - ok
21:56:05.0120 4536 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
21:56:05.0120 4536 RDPDR - ok
21:56:05.0151 4536 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
21:56:05.0151 4536 RDPENCDD - ok
21:56:05.0167 4536 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
21:56:05.0167 4536 RDPREFMP - ok
21:56:05.0229 4536 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
21:56:05.0229 4536 RDPWD - ok
21:56:05.0307 4536 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
21:56:05.0307 4536 rdyboost - ok
21:56:05.0370 4536 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
21:56:05.0385 4536 rspndr - ok
21:56:05.0448 4536 rt61x86 (6de7a483204ca5a57b672dcb25716361) C:\Windows\system32\DRIVERS\WMP54Gv41x86.sys
21:56:05.0448 4536 rt61x86 - ok
21:56:05.0510 4536 RTL8167 (3983cea05bb855351d75f5482b6c42ce) C:\Windows\system32\DRIVERS\Rt86win7.sys
21:56:05.0510 4536 RTL8167 - ok
21:56:05.0573 4536 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
21:56:05.0573 4536 s3cap - ok
21:56:05.0604 4536 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
21:56:05.0604 4536 sbp2port - ok
21:56:05.0651 4536 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
21:56:05.0651 4536 scfilter - ok
21:56:05.0682 4536 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:56:05.0682 4536 secdrv - ok
21:56:05.0713 4536 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
21:56:05.0713 4536 Serenum - ok
21:56:05.0729 4536 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
21:56:05.0729 4536 Serial - ok
21:56:05.0775 4536 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
21:56:05.0775 4536 sermouse - ok
21:56:05.0807 4536 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
21:56:05.0807 4536 sffdisk - ok
21:56:05.0822 4536 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
21:56:05.0822 4536 sffp_mmc - ok
21:56:05.0838 4536 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
21:56:05.0838 4536 sffp_sd - ok
21:56:05.0869 4536 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
21:56:05.0869 4536 sfloppy - ok
21:56:05.0931 4536 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
21:56:05.0931 4536 sisagp - ok
21:56:05.0963 4536 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:56:05.0963 4536 SiSRaid2 - ok
21:56:05.0978 4536 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
21:56:05.0978 4536 SiSRaid4 - ok
21:56:06.0009 4536 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
21:56:06.0009 4536 Smb - ok
21:56:06.0025 4536 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
21:56:06.0025 4536 spldr - ok
21:56:06.0103 4536 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
21:56:06.0103 4536 srv - ok
21:56:06.0150 4536 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
21:56:06.0165 4536 srv2 - ok
21:56:06.0212 4536 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
21:56:06.0212 4536 srvnet - ok
21:56:06.0259 4536 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
21:56:06.0259 4536 stexstor - ok
21:56:06.0337 4536 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
21:56:06.0337 4536 storflt - ok
21:56:06.0353 4536 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
21:56:06.0353 4536 storvsc - ok
21:56:06.0399 4536 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
21:56:06.0399 4536 swenum - ok
21:56:06.0493 4536 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
21:56:06.0509 4536 Tcpip - ok
21:56:06.0555 4536 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
21:56:06.0571 4536 TCPIP6 - ok
21:56:06.0618 4536 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
21:56:06.0618 4536 tcpipreg - ok
21:56:06.0665 4536 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
21:56:06.0665 4536 TDPIPE - ok
21:56:06.0680 4536 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
21:56:06.0680 4536 TDTCP - ok
21:56:06.0727 4536 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
21:56:06.0727 4536 tdx - ok
21:56:06.0789 4536 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
21:56:06.0789 4536 TermDD - ok
21:56:06.0836 4536 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:56:06.0852 4536 tssecsrv - ok
21:56:06.0914 4536 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
21:56:06.0914 4536 TsUsbFlt - ok
21:56:06.0977 4536 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
21:56:06.0977 4536 tunnel - ok
21:56:07.0008 4536 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
21:56:07.0008 4536 uagp35 - ok
21:56:07.0055 4536 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
21:56:07.0055 4536 udfs - ok
21:56:07.0117 4536 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
21:56:07.0117 4536 uliagpkx - ok
21:56:07.0164 4536 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
21:56:07.0164 4536 umbus - ok
21:56:07.0195 4536 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
21:56:07.0195 4536 UmPass - ok
21:56:07.0242 4536 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
21:56:07.0257 4536 USBAAPL - ok
21:56:07.0273 4536 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
21:56:07.0273 4536 usbccgp - ok
21:56:07.0320 4536 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
21:56:07.0320 4536 usbcir - ok
21:56:07.0382 4536 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
21:56:07.0382 4536 usbehci - ok
21:56:07.0413 4536 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
21:56:07.0429 4536 usbhub - ok
21:56:07.0445 4536 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
21:56:07.0460 4536 usbohci - ok
21:56:07.0491 4536 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
21:56:07.0491 4536 usbprint - ok
21:56:07.0523 4536 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
21:56:07.0523 4536 usbscan - ok
21:56:07.0538 4536 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:56:07.0538 4536 USBSTOR - ok
21:56:07.0569 4536 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
21:56:07.0569 4536 usbuhci - ok
21:56:07.0601 4536 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
21:56:07.0601 4536 vdrvroot - ok
21:56:07.0616 4536 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
21:56:07.0616 4536 vga - ok
21:56:07.0632 4536 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
21:56:07.0632 4536 VgaSave - ok
21:56:07.0679 4536 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
21:56:07.0679 4536 vhdmp - ok
21:56:07.0710 4536 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
21:56:07.0710 4536 viaagp - ok
21:56:07.0725 4536 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
21:56:07.0725 4536 ViaC7 - ok
21:56:07.0741 4536 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
21:56:07.0741 4536 viaide - ok
21:56:07.0772 4536 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
21:56:07.0772 4536 vmbus - ok
21:56:07.0788 4536 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
21:56:07.0788 4536 VMBusHID - ok
21:56:07.0819 4536 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
21:56:07.0835 4536 volmgr - ok
21:56:07.0850 4536 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
21:56:07.0850 4536 volmgrx - ok
21:56:07.0866 4536 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
21:56:07.0866 4536 volsnap - ok
21:56:07.0881 4536 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
21:56:07.0897 4536 vsmraid - ok
21:56:07.0913 4536 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
21:56:07.0913 4536 vwifibus - ok
21:56:07.0944 4536 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
21:56:07.0944 4536 vwififlt - ok
21:56:07.0959 4536 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
21:56:07.0959 4536 vwifimp - ok
21:56:07.0991 4536 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
21:56:07.0991 4536 WacomPen - ok
21:56:08.0053 4536 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:56:08.0053 4536 WANARP - ok
21:56:08.0053 4536 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:56:08.0053 4536 Wanarpv6 - ok
21:56:08.0084 4536 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
21:56:08.0084 4536 Wd - ok
21:56:08.0115 4536 Wdf01000 (73c5809c82828e34232f9811cb51490e) C:\Windows\system32\drivers\Wdf01000.sys
21:56:08.0115 4536 Wdf01000 ( Virus.Win32.Rloader.a ) - infected
21:56:08.0115 4536 Wdf01000 - detected Virus.Win32.Rloader.a (0)
21:56:08.0178 4536 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
21:56:08.0178 4536 WfpLwf - ok
21:56:08.0193 4536 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
21:56:08.0193 4536 WIMMount - ok
21:56:08.0303 4536 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
21:56:08.0303 4536 WinUsb - ok
21:56:08.0318 4536 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
21:56:08.0318 4536 WmiAcpi - ok
21:56:08.0349 4536 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
21:56:08.0349 4536 ws2ifsl - ok
21:56:08.0427 4536 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
21:56:08.0427 4536 WudfPf - ok
21:56:08.0459 4536 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:56:08.0459 4536 WUDFRd - ok
21:56:08.0552 4536 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:56:08.0599 4536 \Device\Harddisk0\DR0 - ok
21:56:08.0615 4536 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
21:56:09.0083 4536 \Device\Harddisk1\DR1 - ok
21:56:09.0098 4536 Boot (0x1200) (e3e24b2cf52e76f01547abb4ca570f54) \Device\Harddisk0\DR0\Partition0
21:56:09.0098 4536 \Device\Harddisk0\DR0\Partition0 - ok
21:56:09.0114 4536 Boot (0x1200) (48cbe38732dddc04619360d83d020864) \Device\Harddisk0\DR0\Partition1
21:56:09.0114 4536 \Device\Harddisk0\DR0\Partition1 - ok
21:56:09.0114 4536 Boot (0x1200) (e73d811206c24510c9d6162cb9013b46) \Device\Harddisk1\DR1\Partition0
21:56:09.0114 4536 \Device\Harddisk1\DR1\Partition0 - ok
21:56:09.0114 4536 Boot (0x1200) (a0ac0b0da385e2c42781b3f74410ad64) \Device\Harddisk1\DR1\Partition1
21:56:09.0114 4536 \Device\Harddisk1\DR1\Partition1 - ok
21:56:09.0114 4536 ============================================================
21:56:09.0114 4536 Scan finished
21:56:09.0114 4536 ============================================================
21:56:09.0129 4580 Detected object count: 1
21:56:09.0129 4580 Actual detected object count: 1
21:56:15.0900 4580 C:\Windows\system32\drivers\Wdf01000.sys - copied to quarantine
21:56:16.0087 4580 Backup copy not found, trying to cure infected file..
21:56:16.0087 4580 Cure success, using it..
21:56:16.0103 4580 C:\Windows\system32\drivers\Wdf01000.sys - will be cured on reboot
21:56:16.0103 4580 Wdf01000 ( Virus.Win32.Rloader.a ) - User select action: Cure
21:56:18.0786 4864 Deinitialize success

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>


aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-10 22:00:12
-----------------------------
22:00:12.522 OS Version: Windows 6.1.7601 Service Pack 1
22:00:12.522 Number of processors: 2 586 0xF02
22:00:12.522 ComputerName: MIKE-PC UserName: civ
22:00:27.638 Initialize success
22:02:55.777 AVAST engine defs: 12021001
22:03:21.500 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
22:03:21.503 Disk 0 Vendor: ST332062 3.AD Size: 305245MB BusType: 8
22:03:21.506 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-3
22:03:21.509 Disk 1 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 8
22:03:21.520 Disk 0 MBR read successfully
22:03:21.523 Disk 0 MBR scan
22:03:21.529 Disk 0 Windows 7 default MBR code
22:03:21.541 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:03:21.554 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 305143 MB offset 206848
22:03:21.570 Disk 0 scanning sectors +625139712
22:03:21.634 Disk 0 scanning C:\Windows\system32\drivers
22:03:33.325 Service scanning
22:03:36.784 Modules scanning
22:03:54.662 AVAST engine scan C:\Windows
22:04:05.283 AVAST engine scan C:\Windows\system32
22:07:07.889 AVAST engine scan C:\Windows\system32\drivers
22:07:18.840 AVAST engine scan C:\Users\civ
22:08:08.495 AVAST engine scan C:\ProgramData
22:09:11.929 Scan finished successfully
22:14:30.730 Disk 0 MBR has been saved successfully to "C:\Users\civ\Desktop\MBR.dat"
22:14:30.730 The log file has been saved successfully to "C:\Users\civ\Desktop\aswMBR.txt"



>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

OTL logfile created on: 2/10/2012 10:15:23 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\civ\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.12 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 72.17% Memory free
6.24 Gb Paging File | 5.36 Gb Available in Paging File | 85.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.99 Gb Total Space | 37.90 Gb Free Space | 12.72% Space Free | Partition Type: NTFS
Drive F: | 100.00 Mb Total Space | 61.86 Mb Free Space | 61.86% Space Free | Partition Type: NTFS
Drive G: | 931.41 Gb Total Space | 116.74 Gb Free Space | 12.53% Space Free | Partition Type: NTFS

Computer Name: MIKE-PC | User Name: civ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/06 21:09:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\civ\Desktop\OTL.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/07 20:06:12 | 000,803,432 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011/01/07 18:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/10/14 11:17:10 | 000,615,312 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\WasherSvc.exe
PRC - [2007/05/16 08:27:38 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/05/16 08:27:16 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/08/16 16:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/03/16 09:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/01/07 18:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/10/14 11:17:10 | 000,615,312 | ---- | M] (Webroot Software, Inc.) [Auto | Running] -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc)
SRV - [2010/08/15 22:52:45 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)


========== Driver Services (SafeList) ==========

DRV - [2011/01/07 20:27:00 | 010,467,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/11 16:10:50 | 000,122,984 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010/02/11 02:42:22 | 004,450,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 17:02:53 | 000,545,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2009/07/13 17:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/06/26 09:45:12 | 000,286,208 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WMP54Gv41x86.sys -- (rt61x86)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 92 7E 51 6F 68 E8 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/08 20:41:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/10 21:30:04 | 000,000,000 | ---D | M]

[2012/02/08 20:41:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\civ\AppData\Roaming\Mozilla\Extensions
[2012/02/08 20:41:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/29 10:55:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/07/31 10:36:27 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/01/23 21:52:10 | 000,550,504 | ---- | M] (WholeSecurity,Inc.) -- C:\Program Files\mozilla firefox\plugins\NPNTEE.dll
[2012/01/29 08:36:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/29 08:36:35 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/02/10 21:42:42 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77B274DA-A97E-4257-8477-2C6807C94A95}: DhcpNameServer = 208.59.247.45 208.59.247.46
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7E11AAE-4C0A-46ED-ACFF-E49A7FEEC62B}: DhcpNameServer = 208.59.247.45 208.59.247.46
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E871A26C-DF6B-48ED-8711-911231FB818D}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - G:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/10 21:58:53 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\civ\Desktop\aswMBR.exe
[2012/02/10 21:56:15 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/10 21:55:01 | 002,059,824 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\civ\Desktop\tdsskiller.exe
[2012/02/10 21:44:41 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/10 21:44:39 | 000,000,000 | ---D | C] -- C:\Users\civ\AppData\Local\temp
[2012/02/10 21:26:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/10 19:28:51 | 000,000,000 | ---D | C] -- C:\Users\civ\AppData\Local\Apple
[2012/02/08 20:41:16 | 000,000,000 | ---D | C] -- C:\Users\civ\AppData\Roaming\Mozilla
[2012/02/08 19:02:02 | 000,000,000 | ---D | C] -- C:\Users\civ\Desktop\trojan
[2012/02/06 21:11:51 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\civ\Desktop\OTL.exe
[2012/02/06 21:09:17 | 000,000,000 | ---D | C] -- C:\Users\civ\Desktop\Virus Removal
[2012/02/06 20:59:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2012/02/06 20:18:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/06 20:18:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/06 20:18:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/06 20:18:34 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/06 20:17:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/06 20:17:20 | 004,400,207 | R--- | C] (Swearware) -- C:\Users\civ\Desktop\ComboFix.exe
[2012/02/06 20:12:18 | 000,000,000 | ---D | C] -- C:\Users\civ\AppData\Local\VirtualStore
[2012/01/31 00:41:22 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2012/01/31 00:41:22 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2012/01/30 19:51:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/01/30 19:50:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/01/30 19:50:05 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/01/30 19:48:15 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/01/30 19:45:40 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/01/23 22:36:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avery Dennison
[2012/01/23 22:35:53 | 000,000,000 | ---D | C] -- C:\Program Files\Avery Dennison
[2012/01/23 22:35:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Avery
[2012/01/20 11:57:27 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/01/20 11:57:27 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012/01/20 11:38:23 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll

========== Files - Modified Within 30 Days ==========

[2012/02/10 22:14:30 | 000,000,512 | ---- | M] () -- C:\Users\civ\Desktop\MBR.dat
[2012/02/10 22:04:17 | 000,015,040 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/10 22:04:17 | 000,015,040 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/10 22:02:55 | 000,626,844 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/10 22:02:55 | 000,107,160 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/10 21:59:48 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\civ\Desktop\aswMBR.exe
[2012/02/10 21:57:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/10 21:56:59 | 2514,948,096 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/10 21:55:09 | 002,059,824 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\civ\Desktop\tdsskiller.exe
[2012/02/10 21:42:42 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/02/10 21:30:04 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/02/10 21:29:43 | 004,400,207 | R--- | M] (Swearware) -- C:\Users\civ\Desktop\ComboFix.exe
[2012/02/10 21:20:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4245107733-2559119671-2056312466-1000UA.job
[2012/02/08 20:41:06 | 000,001,092 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/08 19:03:11 | 001,008,141 | ---- | M] () -- C:\Users\civ\Desktop\iExplore.exe
[2012/02/06 21:09:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\civ\Desktop\OTL.exe
[2012/02/06 20:12:44 | 000,006,586 | ---- | M] () -- C:\Users\civ\Desktop\mbam-log-2012-02-06 (19-59-22) 1st log.rar
[2012/02/06 19:44:03 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/06 15:20:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4245107733-2559119671-2056312466-1000Core.job
[2012/01/31 03:17:55 | 003,892,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/01/30 19:51:01 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/29 05:10:42 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012/01/20 13:30:17 | 304,406,707 | ---- | M] () -- C:\Windows\MEMORY.DMP

========== Files Created - No Company Name ==========

[2012/02/10 22:14:30 | 000,000,512 | ---- | C] () -- C:\Users\civ\Desktop\MBR.dat
[2012/02/10 21:30:04 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/02/10 21:30:04 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/02/08 20:41:06 | 000,001,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/02/08 20:41:06 | 000,001,092 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/08 19:03:11 | 001,008,141 | ---- | C] () -- C:\Users\civ\Desktop\iExplore.exe
[2012/02/06 20:18:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/06 20:18:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/06 20:18:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/06 20:18:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/06 20:18:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/06 20:12:44 | 000,006,586 | ---- | C] () -- C:\Users\civ\Desktop\mbam-log-2012-02-06 (19-59-22) 1st log.rar
[2012/02/06 19:44:03 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/30 19:51:01 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/06/06 21:34:42 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/04/29 17:11:13 | 000,000,551 | ---- | C] () -- C:\Windows\eReg.dat
[2011/04/24 11:07:34 | 000,187,816 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/04/04 12:28:45 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/12/05 16:55:14 | 000,052,864 | R--- | C] () -- C:\Windows\System32\SetupWizard.exe
[2010/09/28 17:33:51 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/09/28 17:22:56 | 000,258,048 | ---- | C] () -- C:\Windows\System32\libFLAC.dll
[2010/08/25 18:33:59 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010/08/14 23:38:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/08/14 23:22:39 | 000,194,438 | ---- | C] () -- C:\Windows\hpoins41.dat
[2010/02/11 00:30:38 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 003,892,808 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,626,844 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,107,160 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/06/04 19:14:55 | 000,001,253 | ---- | C] () -- C:\Windows\hpomdl41.dat
[2009/04/23 17:29:16 | 000,189,051 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007/06/12 10:25:54 | 000,000,920 | ---- | C] () -- C:\Windows\System32\WLAN.INI

< End of report >

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

OTL Extras logfile created on: 2/10/2012 10:15:23 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\civ\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.12 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 72.17% Memory free
6.24 Gb Paging File | 5.36 Gb Available in Paging File | 85.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.99 Gb Total Space | 37.90 Gb Free Space | 12.72% Space Free | Partition Type: NTFS
Drive F: | 100.00 Mb Total Space | 61.86 Mb Free Space | 61.86% Space Free | Partition Type: NTFS
Drive G: | 931.41 Gb Total Space | 116.74 Gb Free Space | 12.53% Space Free | Partition Type: NTFS

Computer Name: MIKE-PC | User Name: civ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{181AC4C7-B83C-4B5F-B566-E19BF2472429}" = HP Photosmart Premium C309g-m All-In-One Driver Software 13.0 Rel .6
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 26
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{32821558-2C36-4FD0-A891-CA65360B0EC7}" = DesignPro 5
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{47FDEFC7-BFE6-FD75-41D1-28DD572BD2D9}" = ATI Catalyst Install Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4DDC3BED-CC68-44AA-B435-D727B620CA5B}" = Linksys Wireless-G PCI Adapter Driver - WMP54Gv4.1
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A905A05-964C-4F03-9A96-D34167807EC0}" = PS_AIO_06_C309g-m_SW_Min
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A27AAF5-1FD6-48B4-95C4-7354A1C35455}" = C309g-m
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8C4504A1-9280-11D5-9F7E-00902712427E}" = Sid Meier's SimGolf
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DBCF44B-77AC-81D8-0F8E-1E60D6330AC2}" = Catalyst Control Center InstallProxy
"{A20A58C4-6784-4B4B-86CC-94E2E3671033}" = Nero 7 Ultra Edition
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 266.58
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.13.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{F6B2ED65-7378-4065-802D-F2E5689F3A4E}" = Photo Viewer
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AviSynth" = AviSynth 2.5
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ffdshow_is1" = ffdshow v1.1.3572 [2010-09-13]
"HaaliMkx" = Haali Media Splitter
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InstallShield_{32821558-2C36-4FD0-A891-CA65360B0EC7}" = DesignPro 5
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 10.0 (x86 en-US)" = Mozilla Firefox 10.0 (x86 en-US)
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Picasa 3" = Picasa 3
"Precision" = EVGA Precision 2.0.0
"Steam App 8930" = Sid Meier's Civilization V
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.4
"WinRAR archiver" = WinRAR archiver
"YTdetect" = Yahoo! Detect

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/31/2012 10:04:40 PM | Computer Name = Mike-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.1.7601.17567 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 908 Start
Time: 01cce07384f2b2c3 Termination Time: 0 Application Path: C:\Windows\Explorer.EXE

Report
Id: e1471a2a-4c78-11e1-a262-0019d14cd7b9

Error - 2/1/2012 5:01:35 AM | Computer Name = Mike-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 2/2/2012 1:33:00 AM | Computer Name = Mike-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 2/4/2012 1:37:20 PM | Computer Name = Mike-PC | Source = Application Hang | ID = 1002
Description = The program CivilizationV.exe version 1.0.1.511 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1378 Start
Time: 01cce3635522e326 Termination Time: 231 Application Path: C:\Program Files\Steam\steamapps\common\Sid
Meier's Civilization V\CivilizationV.exe Report Id:

Error - 2/6/2012 1:48:38 PM | Computer Name = Mike-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 2/6/2012 8:38:24 PM | Computer Name = Mike-PC | Source = Application Error | ID = 1000
Description = Faulting application name: 1550.exe, version: 0.0.0.0, time stamp:
0x435de69c Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x0033c72c Faulting process id: 0x1190 Faulting application
start time: 0x01cce530c8b4be7c Faulting application path: C:\Program Files\LP\7B92\1550.exe
Faulting
module path: unknown Report Id: 0a7039bc-5124-11e1-9e14-0019d14cd7b9

Error - 2/6/2012 8:49:28 PM | Computer Name = Mike-PC | Source = Application Hang | ID = 1002
Description = The program wmplayer.exe version 12.0.7601.17514 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: acc Start
Time: 01cce53246c9f4b4 Termination Time: 77 Application Path: C:\Program Files\Windows
Media Player\wmplayer.exe Report Id: 93f61256-5125-11e1-9e14-0019d14cd7b9

Error - 2/6/2012 9:12:34 PM | Computer Name = Mike-PC | Source = Application Error | ID = 1000
Description = Faulting application name: AV8a9_8044.exe, version: 0.0.0.0, time
stamp: 0x2a425e19 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651,
time stamp: 0x4e2111c0 Exception code: 0x0eedfade Fault offset: 0x0000d36f Faulting
process id: 0xcc8 Faulting application start time: 0x01cce5358e5cf955 Faulting application
path: C:\ProgramData\8a999e\AV8a9_8044.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
Id: d092b195-5128-11e1-b4c5-0019d14cd7b9

Error - 2/6/2012 10:11:25 PM | Computer Name = Mike-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.31.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 740 Start Time:
01cce53d955d6df8 Termination Time: 0 Application Path: C:\Users\civ\Desktop\Virus
Removal\OTL.exe Report Id: 03247f8b-5131-11e1-b4c5-0019d14cd7b9

Error - 2/10/2012 9:42:59 PM | Computer Name = Mike-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

[ OSession Events ]
Error - 8/24/2011 6:48:44 PM | Computer Name = Mike-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 351940
seconds with 240 seconds of active time. This session ended with a crash.

Error - 1/23/2012 11:56:41 PM | Computer Name = Mike-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1203
seconds with 120 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/17/2011 7:29:35 PM | Computer Name = Mike-PC | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 6/17/2011 7:29:38 PM | Computer Name = Mike-PC | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom1.

Error - 6/19/2011 3:06:50 AM | Computer Name = Mike-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8007000e: Cumulative Security Update for ActiveX Killbits for Windows
7 (KB2508272).

Error - 6/19/2011 3:09:29 AM | Computer Name = Mike-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8007000e: Update for Windows 7 (KB2492386).

Error - 6/19/2011 3:09:36 AM | Computer Name = Mike-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8007000e: Security Update for Windows 7 (KB2503665).

Error - 6/19/2011 3:12:27 AM | Computer Name = Mike-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8007000e: Security Update for Windows 7 (KB2536275).

Error - 6/19/2011 3:29:15 AM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7043
Description = The Windows Update service did not shut down properly after receiving
a preshutdown control.

Error - 6/19/2011 3:54:38 AM | Computer Name = Mike-PC | Source = BROWSER | ID = 8032
Description =

Error - 7/17/2011 3:35:11 PM | Computer Name = Mike-PC | Source = bowser | ID = 8003
Description =

Error - 7/22/2011 1:47:48 PM | Computer Name = Mike-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:46:02 PM on ?7/?22/?2011 was unexpected.


< End of report >
  • 0

#4
RKinner
Posted 11 February 2012 - 10:26 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Forum was down yesterday. I was locked out totally. Working OK today.



Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml


Uninstall
Java™ 6 Update 26 - Get the latest from java.com
Adobe AIR (You get this foisted on you when you get Adobe Reader and it is broken on your PC)
Adobe Flash Player 10 ActiveX - Get the latest Flash from adobe.com (Use IE)
Adobe Flash Player 10 Plugin - Get the latest Flash from adobe.com (use Firefox)
Adobe Reader 9.5.0 -Get the latest Reader from Adobe.com (Uncheck the McAfee Security Scan before downloading)
µTorrent
Yahoo! Detect


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sfc  /scannow

(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#5
FelixMutch
Posted 11 February 2012 - 12:47 PM

FelixMutch

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
I performed the above tasks. The critical system scan showed "Windows resource protection did not find any integrity violations"

Below are the logs

Thank you

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 11/02/2012 1:44:32 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 11/02/2012 5:34:15 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

12:31:10.0969 3412 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
12:31:11.0226 3412 ============================================================
12:31:11.0226 3412 Current date / time: 2012/02/11 12:31:11.0226
12:31:11.0226 3412 SystemInfo:
12:31:11.0226 3412
12:31:11.0227 3412 OS Version: 6.1.7601 ServicePack: 1.0
12:31:11.0227 3412 Product type: Workstation
12:31:11.0227 3412 ComputerName: MIKE-PC
12:31:11.0227 3412 UserName: civ
12:31:11.0227 3412 Windows directory: C:\Windows
12:31:11.0227 3412 System windows directory: C:\Windows
12:31:11.0227 3412 Processor architecture: Intel x86
12:31:11.0227 3412 Number of processors: 2
12:31:11.0227 3412 Page size: 0x1000
12:31:11.0227 3412 Boot type: Normal boot
12:31:11.0227 3412 ============================================================
12:31:12.0153 3412 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:31:12.0154 3412 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:31:12.0194 3412 \Device\Harddisk0\DR0:
12:31:12.0198 3412 MBR used
12:31:12.0198 3412 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:31:12.0198 3412 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
12:31:12.0198 3412 \Device\Harddisk1\DR1:
12:31:12.0198 3412 MBR used
12:31:12.0198 3412 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:31:12.0198 3412 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
12:31:12.0743 3412 Initialize success
12:31:12.0743 3412 ============================================================
12:31:50.0182 0312 ============================================================
12:31:50.0182 0312 Scan started
12:31:50.0182 0312 Mode: Manual; SigCheck; TDLFS;
12:31:50.0182 0312 ============================================================
12:31:50.0961 0312 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
12:31:51.0049 0312 1394ohci - ok
12:31:51.0098 0312 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
12:31:51.0115 0312 ACPI - ok
12:31:51.0145 0312 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
12:31:51.0180 0312 AcpiPmi - ok
12:31:51.0240 0312 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
12:31:51.0261 0312 adp94xx - ok
12:31:51.0286 0312 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
12:31:51.0303 0312 adpahci - ok
12:31:51.0338 0312 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
12:31:51.0352 0312 adpu320 - ok
12:31:51.0435 0312 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
12:31:51.0482 0312 AFD - ok
12:31:51.0533 0312 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
12:31:51.0545 0312 agp440 - ok
12:31:51.0572 0312 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
12:31:51.0585 0312 aic78xx - ok
12:31:51.0621 0312 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
12:31:51.0632 0312 aliide - ok
12:31:51.0650 0312 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
12:31:51.0662 0312 amdagp - ok
12:31:51.0674 0312 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
12:31:51.0687 0312 amdide - ok
12:31:51.0704 0312 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
12:31:51.0745 0312 AmdK8 - ok
12:31:51.0775 0312 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
12:31:51.0802 0312 AmdPPM - ok
12:31:51.0877 0312 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
12:31:51.0890 0312 amdsata - ok
12:31:51.0916 0312 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
12:31:51.0930 0312 amdsbs - ok
12:31:51.0947 0312 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
12:31:51.0958 0312 amdxata - ok
12:31:52.0015 0312 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
12:31:52.0052 0312 AppID - ok
12:31:52.0120 0312 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
12:31:52.0133 0312 arc - ok
12:31:52.0147 0312 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
12:31:52.0160 0312 arcsas - ok
12:31:52.0184 0312 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
12:31:52.0227 0312 AsyncMac - ok
12:31:52.0307 0312 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
12:31:52.0319 0312 atapi - ok
12:31:52.0481 0312 atikmdag (7db96c2801a78513bdc133c25d07929e) C:\Windows\system32\DRIVERS\atikmdag.sys
12:31:52.0642 0312 atikmdag - ok
12:31:52.0729 0312 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
12:31:52.0756 0312 b06bdrv - ok
12:31:52.0806 0312 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
12:31:52.0823 0312 b57nd60x - ok
12:31:52.0852 0312 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
12:31:52.0913 0312 Beep - ok
12:31:52.0976 0312 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
12:31:53.0004 0312 blbdrive - ok
12:31:53.0105 0312 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
12:31:53.0119 0312 bowser - ok
12:31:53.0149 0312 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:31:53.0210 0312 BrFiltLo - ok
12:31:53.0248 0312 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:31:53.0307 0312 BrFiltUp - ok
12:31:53.0384 0312 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
12:31:53.0432 0312 BridgeMP - ok
12:31:53.0473 0312 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
12:31:53.0504 0312 Brserid - ok
12:31:53.0528 0312 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
12:31:53.0569 0312 BrSerWdm - ok
12:31:53.0598 0312 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:31:53.0624 0312 BrUsbMdm - ok
12:31:53.0639 0312 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
12:31:53.0659 0312 BrUsbSer - ok
12:31:53.0673 0312 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
12:31:53.0700 0312 BTHMODEM - ok
12:31:53.0870 0312 catchme - ok
12:31:53.0975 0312 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
12:31:54.0017 0312 cdfs - ok
12:31:54.0095 0312 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
12:31:54.0120 0312 cdrom - ok
12:31:54.0169 0312 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
12:31:54.0198 0312 circlass - ok
12:31:54.0246 0312 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
12:31:54.0262 0312 CLFS - ok
12:31:54.0300 0312 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
12:31:54.0314 0312 CmBatt - ok
12:31:54.0376 0312 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
12:31:54.0387 0312 cmdide - ok
12:31:54.0457 0312 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
12:31:54.0484 0312 CNG - ok
12:31:54.0504 0312 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
12:31:54.0516 0312 Compbatt - ok
12:31:54.0556 0312 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
12:31:54.0588 0312 CompositeBus - ok
12:31:54.0612 0312 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
12:31:54.0624 0312 crcdisk - ok
12:31:54.0688 0312 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
12:31:54.0718 0312 CSC - ok
12:31:54.0779 0312 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
12:31:54.0807 0312 DfsC - ok
12:31:54.0844 0312 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
12:31:54.0887 0312 discache - ok
12:31:54.0909 0312 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
12:31:54.0921 0312 Disk - ok
12:31:54.0974 0312 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
12:31:55.0001 0312 Dot4 - ok
12:31:55.0070 0312 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\drivers\Dot4Prt.sys
12:31:55.0107 0312 Dot4Print - ok
12:31:55.0148 0312 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
12:31:55.0181 0312 dot4usb - ok
12:31:55.0236 0312 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
12:31:55.0263 0312 drmkaud - ok
12:31:55.0328 0312 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
12:31:55.0352 0312 DXGKrnl - ok
12:31:55.0389 0312 e1express (cf0a6015f437161698c5b2a0a12cf052) C:\Windows\system32\DRIVERS\e1e6032.sys
12:31:55.0430 0312 e1express - ok
12:31:55.0532 0312 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
12:31:55.0644 0312 ebdrv - ok
12:31:55.0691 0312 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
12:31:55.0712 0312 elxstor - ok
12:31:55.0759 0312 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
12:31:55.0784 0312 ErrDev - ok
12:31:55.0836 0312 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
12:31:55.0868 0312 exfat - ok
12:31:55.0908 0312 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
12:31:55.0940 0312 fastfat - ok
12:31:55.0985 0312 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
12:31:56.0009 0312 fdc - ok
12:31:56.0029 0312 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
12:31:56.0041 0312 FileInfo - ok
12:31:56.0057 0312 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
12:31:56.0109 0312 Filetrace - ok
12:31:56.0138 0312 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
12:31:56.0172 0312 flpydisk - ok
12:31:56.0202 0312 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
12:31:56.0217 0312 FltMgr - ok
12:31:56.0242 0312 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
12:31:56.0255 0312 FsDepends - ok
12:31:56.0275 0312 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
12:31:56.0286 0312 Fs_Rec - ok
12:31:56.0360 0312 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
12:31:56.0378 0312 fvevol - ok
12:31:56.0411 0312 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:31:56.0424 0312 gagp30kx - ok
12:31:56.0469 0312 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:31:56.0476 0312 GEARAspiWDM - ok
12:31:56.0513 0312 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
12:31:56.0538 0312 hcw85cir - ok
12:31:56.0607 0312 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
12:31:56.0641 0312 HdAudAddService - ok
12:31:56.0657 0312 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
12:31:56.0686 0312 HDAudBus - ok
12:31:56.0706 0312 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
12:31:56.0732 0312 HidBatt - ok
12:31:56.0759 0312 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
12:31:56.0789 0312 HidBth - ok
12:31:56.0816 0312 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
12:31:56.0855 0312 HidIr - ok
12:31:56.0936 0312 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
12:31:56.0962 0312 HidUsb - ok
12:31:57.0016 0312 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
12:31:57.0029 0312 HpSAMD - ok
12:31:57.0139 0312 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
12:31:57.0193 0312 HTTP - ok
12:31:57.0237 0312 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
12:31:57.0249 0312 hwpolicy - ok
12:31:57.0322 0312 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
12:31:57.0358 0312 i8042prt - ok
12:31:57.0393 0312 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
12:31:57.0409 0312 iaStorV - ok
12:31:57.0444 0312 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
12:31:57.0457 0312 iirsp - ok
12:31:57.0481 0312 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
12:31:57.0492 0312 intelide - ok
12:31:57.0518 0312 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
12:31:57.0549 0312 intelppm - ok
12:31:57.0576 0312 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:31:57.0620 0312 IpFilterDriver - ok
12:31:57.0658 0312 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
12:31:57.0684 0312 IPMIDRV - ok
12:31:57.0715 0312 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
12:31:57.0767 0312 IPNAT - ok
12:31:57.0811 0312 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
12:31:57.0836 0312 IRENUM - ok
12:31:57.0853 0312 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
12:31:57.0865 0312 isapnp - ok
12:31:57.0883 0312 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
12:31:57.0899 0312 iScsiPrt - ok
12:31:57.0927 0312 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
12:31:57.0939 0312 kbdclass - ok
12:31:58.0006 0312 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
12:31:58.0029 0312 kbdhid - ok
12:31:58.0092 0312 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
12:31:58.0105 0312 KSecDD - ok
12:31:58.0151 0312 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
12:31:58.0166 0312 KSecPkg - ok
12:31:58.0234 0312 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
12:31:58.0289 0312 lltdio - ok
12:31:58.0341 0312 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:31:58.0354 0312 LSI_FC - ok
12:31:58.0369 0312 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:31:58.0381 0312 LSI_SAS - ok
12:31:58.0411 0312 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:31:58.0424 0312 LSI_SAS2 - ok
12:31:58.0452 0312 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:31:58.0465 0312 LSI_SCSI - ok
12:31:58.0510 0312 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
12:31:58.0553 0312 luafv - ok
12:31:58.0590 0312 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
12:31:58.0602 0312 megasas - ok
12:31:58.0637 0312 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
12:31:58.0653 0312 MegaSR - ok
12:31:58.0681 0312 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
12:31:58.0744 0312 Modem - ok
12:31:58.0780 0312 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
12:31:58.0807 0312 monitor - ok
12:31:58.0872 0312 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
12:31:58.0883 0312 mouclass - ok
12:31:58.0908 0312 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
12:31:58.0932 0312 mouhid - ok
12:31:58.0981 0312 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
12:31:58.0993 0312 mountmgr - ok
12:31:59.0044 0312 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
12:31:59.0058 0312 mpio - ok
12:31:59.0073 0312 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
12:31:59.0123 0312 mpsdrv - ok
12:31:59.0197 0312 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
12:31:59.0228 0312 MRxDAV - ok
12:31:59.0290 0312 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:31:59.0319 0312 mrxsmb - ok
12:31:59.0374 0312 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:31:59.0390 0312 mrxsmb10 - ok
12:31:59.0405 0312 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:31:59.0431 0312 mrxsmb20 - ok
12:31:59.0483 0312 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
12:31:59.0495 0312 msahci - ok
12:31:59.0517 0312 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
12:31:59.0531 0312 msdsm - ok
12:31:59.0563 0312 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
12:31:59.0593 0312 Msfs - ok
12:31:59.0617 0312 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
12:31:59.0656 0312 mshidkmdf - ok
12:31:59.0710 0312 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
12:31:59.0721 0312 msisadrv - ok
12:31:59.0762 0312 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
12:31:59.0792 0312 MSKSSRV - ok
12:31:59.0811 0312 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
12:31:59.0848 0312 MSPCLOCK - ok
12:31:59.0870 0312 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
12:31:59.0921 0312 MSPQM - ok
12:31:59.0980 0312 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
12:31:59.0994 0312 MsRPC - ok
12:32:00.0057 0312 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
12:32:00.0068 0312 mssmbios - ok
12:32:00.0111 0312 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
12:32:00.0151 0312 MSTEE - ok
12:32:00.0178 0312 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
12:32:00.0199 0312 MTConfig - ok
12:32:00.0230 0312 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
12:32:00.0243 0312 Mup - ok
12:32:00.0284 0312 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
12:32:00.0306 0312 NativeWifiP - ok
12:32:00.0423 0312 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
12:32:00.0449 0312 NDIS - ok
12:32:00.0462 0312 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
12:32:00.0509 0312 NdisCap - ok
12:32:00.0532 0312 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
12:32:00.0574 0312 NdisTapi - ok
12:32:00.0637 0312 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
12:32:00.0665 0312 Ndisuio - ok
12:32:00.0720 0312 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
12:32:00.0765 0312 NdisWan - ok
12:32:00.0813 0312 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
12:32:00.0841 0312 NDProxy - ok
12:32:00.0887 0312 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
12:32:00.0944 0312 NetBIOS - ok
12:32:00.0997 0312 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
12:32:01.0039 0312 NetBT - ok
12:32:01.0094 0312 netr73 (76b1157ef850830c5ece61d3e591ca8b) C:\Windows\system32\DRIVERS\netr73.sys
12:32:01.0135 0312 netr73 - ok
12:32:01.0167 0312 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
12:32:01.0179 0312 nfrd960 - ok
12:32:01.0210 0312 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
12:32:01.0249 0312 Npfs - ok
12:32:01.0289 0312 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
12:32:01.0329 0312 nsiproxy - ok
12:32:01.0479 0312 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
12:32:01.0544 0312 Ntfs - ok
12:32:01.0563 0312 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
12:32:01.0593 0312 Null - ok
12:32:01.0662 0312 NVHDA (92cfe8964b3a6da0692331fa66630db3) C:\Windows\system32\drivers\nvhda32v.sys
12:32:01.0672 0312 NVHDA - ok
12:32:02.0295 0312 nvlddmkm (73a70f1d89c942eedd99a3f10459b051) C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:32:02.0489 0312 nvlddmkm - ok
12:32:02.0541 0312 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
12:32:02.0555 0312 nvraid - ok
12:32:02.0575 0312 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
12:32:02.0589 0312 nvstor - ok
12:32:02.0613 0312 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
12:32:02.0627 0312 nv_agp - ok
12:32:02.0661 0312 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
12:32:02.0688 0312 ohci1394 - ok
12:32:02.0764 0312 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
12:32:02.0780 0312 Parport - ok
12:32:02.0840 0312 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
12:32:02.0852 0312 partmgr - ok
12:32:02.0886 0312 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
12:32:02.0914 0312 Parvdm - ok
12:32:02.0983 0312 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
12:32:02.0998 0312 pci - ok
12:32:03.0047 0312 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
12:32:03.0058 0312 pciide - ok
12:32:03.0083 0312 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
12:32:03.0098 0312 pcmcia - ok
12:32:03.0115 0312 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
12:32:03.0126 0312 pcw - ok
12:32:03.0154 0312 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
12:32:03.0210 0312 PEAUTH - ok
12:32:03.0307 0312 pgfilter - ok
12:32:03.0362 0312 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
12:32:03.0405 0312 PptpMiniport - ok
12:32:03.0428 0312 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
12:32:03.0469 0312 Processor - ok
12:32:03.0542 0312 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
12:32:03.0591 0312 Psched - ok
12:32:03.0653 0312 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
12:32:03.0695 0312 ql2300 - ok
12:32:03.0730 0312 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
12:32:03.0744 0312 ql40xx - ok
12:32:03.0760 0312 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
12:32:03.0777 0312 QWAVEdrv - ok
12:32:03.0796 0312 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
12:32:03.0834 0312 RasAcd - ok
12:32:03.0851 0312 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:32:03.0878 0312 RasAgileVpn - ok
12:32:03.0897 0312 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:32:03.0941 0312 Rasl2tp - ok
12:32:03.0968 0312 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
12:32:04.0008 0312 RasPppoe - ok
12:32:04.0043 0312 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
12:32:04.0083 0312 RasSstp - ok
12:32:04.0153 0312 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
12:32:04.0187 0312 rdbss - ok
12:32:04.0204 0312 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
12:32:04.0221 0312 rdpbus - ok
12:32:04.0271 0312 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:32:04.0314 0312 RDPCDD - ok
12:32:04.0363 0312 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
12:32:04.0398 0312 RDPDR - ok
12:32:04.0446 0312 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
12:32:04.0482 0312 RDPENCDD - ok
12:32:04.0517 0312 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
12:32:04.0560 0312 RDPREFMP - ok
12:32:04.0621 0312 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
12:32:04.0655 0312 RDPWD - ok
12:32:04.0716 0312 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
12:32:04.0733 0312 rdyboost - ok
12:32:04.0789 0312 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
12:32:04.0834 0312 rspndr - ok
12:32:04.0922 0312 rt61x86 (6de7a483204ca5a57b672dcb25716361) C:\Windows\system32\DRIVERS\WMP54Gv41x86.sys
12:32:04.0946 0312 rt61x86 - ok
12:32:05.0015 0312 RTL8167 (3983cea05bb855351d75f5482b6c42ce) C:\Windows\system32\DRIVERS\Rt86win7.sys
12:32:05.0046 0312 RTL8167 - ok
12:32:05.0103 0312 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
12:32:05.0118 0312 s3cap - ok
12:32:05.0150 0312 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
12:32:05.0164 0312 sbp2port - ok
12:32:05.0217 0312 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
12:32:05.0246 0312 scfilter - ok
12:32:05.0287 0312 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
12:32:05.0326 0312 secdrv - ok
12:32:05.0349 0312 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
12:32:05.0365 0312 Serenum - ok
12:32:05.0388 0312 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
12:32:05.0425 0312 Serial - ok
12:32:05.0508 0312 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
12:32:05.0529 0312 sermouse - ok
12:32:05.0596 0312 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
12:32:05.0636 0312 sffdisk - ok
12:32:05.0679 0312 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
12:32:05.0719 0312 sffp_mmc - ok
12:32:05.0750 0312 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
12:32:05.0776 0312 sffp_sd - ok
12:32:05.0804 0312 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
12:32:05.0835 0312 sfloppy - ok
12:32:05.0877 0312 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
12:32:05.0890 0312 sisagp - ok
12:32:05.0920 0312 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:32:05.0933 0312 SiSRaid2 - ok
12:32:05.0947 0312 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
12:32:05.0962 0312 SiSRaid4 - ok
12:32:05.0990 0312 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
12:32:06.0024 0312 Smb - ok
12:32:06.0068 0312 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
12:32:06.0082 0312 spldr - ok
12:32:06.0159 0312 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
12:32:06.0189 0312 srv - ok
12:32:06.0243 0312 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
12:32:06.0273 0312 srv2 - ok
12:32:06.0317 0312 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
12:32:06.0343 0312 srvnet - ok
12:32:06.0407 0312 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
12:32:06.0419 0312 stexstor - ok
12:32:06.0481 0312 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
12:32:06.0493 0312 storflt - ok
12:32:06.0510 0312 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
12:32:06.0522 0312 storvsc - ok
12:32:06.0573 0312 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
12:32:06.0584 0312 swenum - ok
12:32:06.0675 0312 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
12:32:06.0726 0312 Tcpip - ok
12:32:06.0775 0312 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
12:32:06.0809 0312 TCPIP6 - ok
12:32:06.0840 0312 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
12:32:06.0883 0312 tcpipreg - ok
12:32:06.0933 0312 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
12:32:06.0970 0312 TDPIPE - ok
12:32:06.0991 0312 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
12:32:07.0028 0312 TDTCP - ok
12:32:07.0072 0312 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
12:32:07.0114 0312 tdx - ok
12:32:07.0168 0312 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
12:32:07.0180 0312 TermDD - ok
12:32:07.0235 0312 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:32:07.0283 0312 tssecsrv - ok
12:32:07.0351 0312 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
12:32:07.0365 0312 TsUsbFlt - ok
12:32:07.0423 0312 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
12:32:07.0467 0312 tunnel - ok
12:32:07.0496 0312 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
12:32:07.0509 0312 uagp35 - ok
12:32:07.0568 0312 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
12:32:07.0612 0312 udfs - ok
12:32:07.0692 0312 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
12:32:07.0705 0312 uliagpkx - ok
12:32:07.0779 0312 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
12:32:07.0795 0312 umbus - ok
12:32:07.0834 0312 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
12:32:07.0870 0312 UmPass - ok
12:32:07.0944 0312 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
12:32:07.0949 0312 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
12:32:07.0949 0312 USBAAPL - detected UnsignedFile.Multi.Generic (1)
12:32:08.0005 0312 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
12:32:08.0034 0312 usbccgp - ok
12:32:08.0057 0312 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
12:32:08.0076 0312 usbcir - ok
12:32:08.0097 0312 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
12:32:08.0123 0312 usbehci - ok
12:32:08.0156 0312 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
12:32:08.0186 0312 usbhub - ok
12:32:08.0205 0312 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
12:32:08.0229 0312 usbohci - ok
12:32:08.0266 0312 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
12:32:08.0292 0312 usbprint - ok
12:32:08.0316 0312 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
12:32:08.0342 0312 usbscan - ok
12:32:08.0361 0312 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:32:08.0385 0312 USBSTOR - ok
12:32:08.0399 0312 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
12:32:08.0423 0312 usbuhci - ok
12:32:08.0482 0312 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
12:32:08.0494 0312 vdrvroot - ok
12:32:08.0524 0312 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
12:32:08.0547 0312 vga - ok
12:32:08.0567 0312 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
12:32:08.0597 0312 VgaSave - ok
12:32:08.0644 0312 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
12:32:08.0659 0312 vhdmp - ok
12:32:08.0702 0312 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
12:32:08.0715 0312 viaagp - ok
12:32:08.0737 0312 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
12:32:08.0761 0312 ViaC7 - ok
12:32:08.0806 0312 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
12:32:08.0819 0312 viaide - ok
12:32:08.0836 0312 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
12:32:08.0850 0312 vmbus - ok
12:32:08.0868 0312 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
12:32:08.0900 0312 VMBusHID - ok
12:32:08.0954 0312 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
12:32:08.0966 0312 volmgr - ok
12:32:08.0999 0312 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
12:32:09.0017 0312 volmgrx - ok
12:32:09.0037 0312 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
12:32:09.0053 0312 volsnap - ok
12:32:09.0075 0312 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
12:32:09.0089 0312 vsmraid - ok
12:32:09.0105 0312 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
12:32:09.0129 0312 vwifibus - ok
12:32:09.0157 0312 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
12:32:09.0175 0312 vwififlt - ok
12:32:09.0219 0312 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
12:32:09.0236 0312 vwifimp - ok
12:32:09.0279 0312 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
12:32:09.0300 0312 WacomPen - ok
12:32:09.0366 0312 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
12:32:09.0408 0312 WANARP - ok
12:32:09.0412 0312 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
12:32:09.0440 0312 Wanarpv6 - ok
12:32:09.0506 0312 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
12:32:09.0518 0312 Wd - ok
12:32:09.0542 0312 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
12:32:09.0563 0312 Wdf01000 - ok
12:32:09.0620 0312 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
12:32:09.0650 0312 WfpLwf - ok
12:32:09.0674 0312 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
12:32:09.0687 0312 WIMMount - ok
12:32:09.0800 0312 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
12:32:09.0830 0312 WinUsb - ok
12:32:09.0859 0312 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
12:32:09.0886 0312 WmiAcpi - ok
12:32:09.0928 0312 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
12:32:09.0970 0312 ws2ifsl - ok
12:32:10.0041 0312 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
12:32:10.0083 0312 WudfPf - ok
12:32:10.0115 0312 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:32:10.0162 0312 WUDFRd - ok
12:32:10.0293 0312 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:32:10.0445 0312 \Device\Harddisk0\DR0 - ok
12:32:10.0450 0312 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
12:32:10.0503 0312 \Device\Harddisk1\DR1 - ok
12:32:10.0507 0312 Boot (0x1200) (e3e24b2cf52e76f01547abb4ca570f54) \Device\Harddisk0\DR0\Partition0
12:32:10.0508 0312 \Device\Harddisk0\DR0\Partition0 - ok
12:32:10.0536 0312 Boot (0x1200) (48cbe38732dddc04619360d83d020864) \Device\Harddisk0\DR0\Partition1
12:32:10.0537 0312 \Device\Harddisk0\DR0\Partition1 - ok
12:32:10.0541 0312 Boot (0x1200) (e73d811206c24510c9d6162cb9013b46) \Device\Harddisk1\DR1\Partition0
12:32:10.0542 0312 \Device\Harddisk1\DR1\Partition0 - ok
12:32:10.0547 0312 Boot (0x1200) (a0ac0b0da385e2c42781b3f74410ad64) \Device\Harddisk1\DR1\Partition1
12:32:10.0548 0312 \Device\Harddisk1\DR1\Partition1 - ok
12:32:10.0550 0312 ============================================================
12:32:10.0551 0312 Scan finished
12:32:10.0551 0312 ============================================================
12:32:10.0563 5428 Detected object count: 1
12:32:10.0563 5428 Actual detected object count: 1
12:32:29.0533 5428 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
12:32:29.0533 5428 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:10.0519 4924 Deinitialize success
  • 0

#6
RKinner
Posted 11 February 2012 - 03:28 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
I don't see anything else that looks bad in your logs. How is it running now? Are the redirects gone?

Ron
  • 0

#7
FelixMutch
Posted 11 February 2012 - 03:42 PM

FelixMutch

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
it seems to be running much better. I don't go to google UK anymore, but I haven't done much surfing or computing today. Just did a quick search and hit a couple websites, but no problems so far.

Thank you for all your help. I really appreciate it.
  • 0

#8
RKinner
Posted 11 February 2012 - 04:09 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
OK I think we can cleanup now.


We need to cleanup System Restore:

Copy the following:


:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]
Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.



You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab if you go there it will remove itself and its logs.

To hide hidden files again (OTL may do it for you):

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser. You can also try Secunia PSI http://secunia.com/v...l/download_psi/ Same kind of info. You don't need both.
If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

#9
FelixMutch
Posted 13 February 2012 - 09:00 AM

FelixMutch

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
My computer is running much better now. I am surfing the web just fine. Thank you for all of your help. I really appreciate it.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP