Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware - "System Message - Write Fault Error" [Solved]

Started by Rick1974 , Jun 21 2012 10:23 PM

  • This topic is locked This topic is locked

#16
Essexboy
Posted 26 June 2012 - 07:13 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK aswMBR found some nasties so lets sweep them away now .. We wil use Combofix, so I have reposted the instructions for it

Again run Rogue Killer
Select the following options as before

  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.

  • Next click on the ShortcutsFix
    Posted Image
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.


Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

Advertisements

#17
Rick1974
Posted 26 June 2012 - 08:05 PM

Rick1974

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I ran RogueKiller and ComboFix. Results are below.

The PC is looking a lot better. I have no error messages or harddrive failure messages.
I have 3 users on the PC. 2 of them seem to be back to normal. The desktop is as expected, etc.

The third (the one which the infection originally appeared) is still all blue and the shortcuts are missing.
Anything we can do for that user?

Thanks!

RogueKiller V7.6.0 [06/26/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Rick [Admin rights]
Mode: Scan -- Date: 06/26/2012 17:38:50

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 18 ¤¤¤
[BLACKLIST DLL] HKLM\[...]\Run : omdmc (rundll32.exe "C:\Documents and Settings\Rick\Application Data\omdmc.dll",AddColumn) -> FOUND
[BLACKLIST DLL] HKLM\[...]\Run : cshesv ("C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\Rick\Application Data\cshesv.dll",FileHandleToInstanceNameW) -> FOUND
[SUSP PATH] HKLM\[...]\Run : LFJGJxpDcfY.exe (C:\Documents and Settings\All Users\Application Data\LFJGJxpDcfY.exe) -> FOUND
[HJPOL] HKCU\[...]\Policies\Explorer\Explorer : NoDesktop (1) -> FOUND
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyComputer (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSearch (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : atapi.sys -> HOOKED ([INLINE] atapi.sys @ 0xF74A0852)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD800LB-60DNA1 +++++
--- User ---
[MBR] 275f36113d1a1a8ce398d05920d4abe8
[BSP] 44ee1a806098d583ff9794b28b9198e1 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST340016A +++++
--- User ---
[MBR] 9f6afccdfb8a9ce5a71ca6501f8dfb4b
[BSP] 99a62f08ad8d4d0b7f06de40db7ff734 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 38162 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[7].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt ; RKreport[7].txt



RogueKiller V7.6.0 [06/26/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Rick [Admin rights]
Mode: Remove -- Date: 06/26/2012 17:40:10

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 18 ¤¤¤
[BLACKLIST DLL] HKLM\[...]\Run : omdmc (rundll32.exe "C:\Documents and Settings\Rick\Application Data\omdmc.dll",AddColumn) -> DELETED
[BLACKLIST DLL] HKLM\[...]\Run : cshesv ("C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\Rick\Application Data\cshesv.dll",FileHandleToInstanceNameW) -> DELETED
[SUSP PATH] HKLM\[...]\Run : LFJGJxpDcfY.exe (C:\Documents and Settings\All Users\Application Data\LFJGJxpDcfY.exe) -> DELETED
[HJPOL] HKCU\[...]\Policies\Explorer\Explorer : NoDesktop (1) -> DELETED
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> REPLACED (C:\Documents and Settings\Rick\Local Settings\Application Data\Microsoft\Wallpaper1.bmp)
[HJ] HKCU\[...]\Advanced : Start_ShowMyComputer (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowSearch (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : atapi.sys -> HOOKED ([INLINE] atapi.sys @ 0xF74A0852)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD800LB-60DNA1 +++++
--- User ---
[MBR] 275f36113d1a1a8ce398d05920d4abe8
[BSP] 44ee1a806098d583ff9794b28b9198e1 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST340016A +++++
--- User ---
[MBR] 9f6afccdfb8a9ce5a71ca6501f8dfb4b
[BSP] 99a62f08ad8d4d0b7f06de40db7ff734 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 38162 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[8].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt



RogueKiller V7.6.0 [06/26/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Rick [Admin rights]
Mode: Shortcuts HJfix -- Date: 06/26/2012 17:48:47

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 0 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 19 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 5 / Fail 0
Backup: [FOUND] Success 0 / Fail 201

Drives:
[A:] \Device\Floppy0 -- 0x2 --> Skipped
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[E:] \Device\HarddiskVolume2 -- 0x3 --> Restored

¤¤¤ Infection : Rogue.FakeHDD ¤¤¤

Finished : << RKreport[9].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt



ComboFix 12-06-26.02 - Rick 06/26/2012 17:55:17.7.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1527.949 [GMT -6:00]
Running from: c:\documents and settings\Rick\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\LFJGJxpDcfY.exe
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{80E158EA-7181-40FE-A701-301CE6BE64AB}\PostBuild.exe
c:\documents and settings\Michelle\My Documents\~WRL0546.tmp
c:\documents and settings\Michelle\My Documents\~WRL2774.tmp
c:\documents and settings\Michelle\WINDOWS
c:\documents and settings\Rick\Application Data\cshesv.dll
c:\documents and settings\Rick\Application Data\omdmc.dll
c:\documents and settings\Rick\g2mdlhlpx.exe
c:\documents and settings\Rick\Local Settings\Application Data\aewrp.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-27 to 2012-06-27 )))))))))))))))))))))))))))))))
.
.
2012-06-26 23:37 . 2012-06-26 23:37 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0D8D5F63-D30D-4F0B-9BAC-9F57EF67BDF2}\MpKsl29b27fce.sys
2012-06-26 00:43 . 2012-05-31 03:41 6762896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0D8D5F63-D30D-4F0B-9BAC-9F57EF67BDF2}\mpengine.dll
2012-06-26 00:32 . 2012-06-26 00:32 5 ----a-w- C:\test.bat
2012-06-24 20:19 . 2012-05-31 03:41 6762896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-23 22:56 . 2012-06-23 22:56 -------- d-----w- C:\_OTL
2012-06-23 19:45 . 2012-06-23 19:45 -------- d-----w- c:\documents and settings\Rick\Application Data\MSN6
2012-06-13 00:33 . 2012-05-11 14:42 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-11 22:10 . 2012-06-11 22:10 -------- d-----w- c:\documents and settings\Matthew and Caleb\Application Data\Intuit Canada
2012-06-06 18:14 . 2012-06-06 18:14 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2012-06-04 02:16 . 2012-06-04 02:17 -------- d-----w- c:\program files\iTunes
2012-06-04 02:12 . 2012-06-04 02:12 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2012-06-04 02:11 . 2012-06-04 02:11 -------- d-----w- c:\program files\Bonjour
2012-06-04 02:02 . 2012-06-04 02:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2012-06-04 02:02 . 2012-06-04 02:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2012-06-04 02:02 . 2012-06-04 02:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2012-06-04 02:02 . 2012-06-04 02:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2012-06-04 02:02 . 2012-06-04 02:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2012-06-04 02:02 . 2012-06-04 02:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2012-06-04 02:02 . 2012-06-04 02:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2012-06-04 02:02 . 2012-06-04 02:02 -------- d-----w- c:\program files\QuickTime
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-02 21:19 . 2007-06-01 03:00 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 21:19 . 2007-06-01 03:00 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 21:19 . 2007-05-17 19:52 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 21:19 . 2007-05-17 19:52 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 21:19 . 2005-05-26 10:19 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 21:19 . 2007-06-01 03:00 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 21:19 . 2007-05-17 19:52 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 21:19 . 2007-05-17 19:52 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 21:19 . 2002-08-29 10:41 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 21:19 . 2002-08-29 10:40 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 21:19 . 2007-06-01 03:00 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 21:19 . 2007-05-17 19:52 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 21:19 . 2002-08-29 10:41 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 21:18 . 2007-06-01 03:25 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 21:18 . 2007-05-27 04:16 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 21:18 . 2007-04-17 04:43 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2002-08-29 10:40 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2006-06-23 17:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2002-08-29 09:14 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42 . 2002-08-29 10:41 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 14:42 . 2002-08-29 10:41 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 11:38 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec
2012-05-04 13:12 . 2002-08-29 09:03 2192640 ------w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2003-03-31 09:00 2069120 ------w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2002-08-29 10:46 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-19 02:56 . 2012-04-19 02:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 02:56 . 2012-04-19 02:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\documents and settings\Michelle\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2011-9-19 993280]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 23:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gStart]
2008-08-13 20:34 1891416 ----a-w- c:\garmin\gStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 16:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 11:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
2005-06-08 20:44 196608 ----a-w- c:\program files\Logitech\Video\ManifestEngine.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
2005-06-08 21:24 458752 ----a-w- c:\program files\Logitech\Video\ISStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
2005-06-08 21:14 217088 ----a-w- c:\program files\Logitech\Video\LogiTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2005-07-19 23:32 221184 ----a-w- c:\windows\system32\LVCOMSX.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2012-03-26 23:08 931200 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2007-10-18 17:34 5724184 ----a-w- c:\progra~1\WI1F86~1\MESSEN~1\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpenDNS Updater]
2009-11-16 19:58 839168 ----a-w- c:\program files\OpenDNS Updater\OpenDNSUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 02:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray]
2012-05-15 16:06 325448 ----a-w- c:\documents and settings\Michelle\Application Data\Smilebox\SmileboxTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\srmclean]
2001-07-24 21:34 36864 ----a-w- c:\cpqs\scom\srmclean.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 18:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LiveUpdate"=3 (0x3)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"WLSetupSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"ose"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gupdate1c95c931cacec94"=2 (0x2)
"MsMpSvc"=2 (0x2)
"MDM"=2 (0x2)
"LeapFrog Connect Device Service"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"HaltMonitor"=2 (0x2)
"Halt"=2 (0x2)
"gusvc"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"getPlus® Helper"=3 (0x3)
"gupdatem"=3 (0x3)
"CCALib8"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 MpKsl29b27fce;MpKsl29b27fce;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0D8D5F63-D30D-4F0B-9BAC-9F57EF67BDF2}\MpKsl29b27fce.sys [6/26/2012 5:37 PM 29904]
S2 gupdate1c95c931cacec94;Google Update Service (gupdate1c95c931cacec94);c:\program files\Google\Update\GoogleUpdate.exe [12/12/2008 1:52 PM 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/12/2008 1:52 PM 133104]
S4 Halt;Halt;c:\program files\Soccerwinners\Halt\Halt.exe [10/1/2007 3:39 PM 45056]
S4 HaltMonitor;HaltMonitor;c:\program files\Soccerwinners\Halt\HaltMonitor.exe [10/1/2007 3:39 PM 20480]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*NewlyCreated* - DMADMIN
*NewlyCreated* - MPKSL29B27FCE
*Deregistered* - aswMBR
*Deregistered* - TrueSight
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 23:57]
.
2012-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-12 08:22]
.
2012-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-12 08:22]
.
2012-06-24 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 23:03]
.
2012-06-26 c:\windows\Tasks\User_Feed_Synchronization-{8194FAB8-47E9-45C7-824B-B5F660D581C0}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 10:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.theglobeandmail.com/
mSearch Bar = hxxp://go.compaq.com/1Q00CDT/0409/bl8.asp
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220 65.87.230.4
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} -
Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - c:\program files\TurboTax 2011\ic2011pp.dll
DPF: {C42B23DF-334C-4AD0-9AB4-91FF53D04239} - file:///C:/Documents%20and%20Settings/Michelle/Application%20Data/Smilebox/OzDesktopImporter.cab
DPF: {F8FC1530-0608-11DF-2008-0800200C9A66} - hxxps://access.rcsd.ca/CACHE/sdesktop/install/binaries/instweb.cab
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Monitor - c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-26 19:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-06-26 19:58:21
ComboFix-quarantined-files.txt 2012-06-27 01:58
.
Pre-Run: 9,216,065,536 bytes free
Post-Run: 11,622,690,816 bytes free
.
- - End Of File - - 9D9F522FD26FCA326E4518236D331A72
  • 0

#18
Essexboy
Posted 27 June 2012 - 07:28 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
We will look at the third user in a bit but I have one final tool to run as I am not overly happy about the hook in atapi

You had an unusual combination of infections here which is why it has been such a pain to get this far... But I feel we are on the final stretch :)

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application
    Posted Image
  • Then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.


THEN

For the third user could you log into that account and run RogueKiller shortcut fix, followed by an OTL quick scan with all users selected
We will then concentrate the work in that account
  • 0

#19
Rick1974
Posted 27 June 2012 - 08:54 PM

Rick1974

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Here's the results...
The problem user account is called Michelle.

20:27:20.0828 2864 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
20:27:21.0312 2864 ============================================================
20:27:21.0312 2864 Current date / time: 2012/06/27 20:27:21.0312
20:27:21.0312 2864 SystemInfo:
20:27:21.0312 2864
20:27:21.0312 2864 OS Version: 5.1.2600 ServicePack: 3.0
20:27:21.0312 2864 Product type: Workstation
20:27:21.0312 2864 ComputerName: HOMEPC3
20:27:21.0312 2864 UserName: Rick
20:27:21.0312 2864 Windows directory: C:\WINDOWS
20:27:21.0312 2864 System windows directory: C:\WINDOWS
20:27:21.0312 2864 Processor architecture: Intel x86
20:27:21.0312 2864 Number of processors: 1
20:27:21.0312 2864 Page size: 0x1000
20:27:21.0312 2864 Boot type: Normal boot
20:27:21.0312 2864 ============================================================
20:27:23.0359 2864 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:27:23.0390 2864 Drive \Device\Harddisk1\DR1 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:27:23.0421 2864 ============================================================
20:27:23.0421 2864 \Device\Harddisk0\DR0:
20:27:23.0421 2864 MBR partitions:
20:27:23.0421 2864 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
20:27:23.0421 2864 \Device\Harddisk1\DR1:
20:27:23.0421 2864 MBR partitions:
20:27:23.0421 2864 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x4A89182
20:27:23.0421 2864 ============================================================
20:27:23.0453 2864 C: <-> \Device\Harddisk0\DR0\Partition0
20:27:23.0453 2864 E: <-> \Device\Harddisk1\DR1\Partition0
20:27:23.0453 2864 ============================================================
20:27:23.0453 2864 Initialize success
20:27:23.0453 2864 ============================================================
20:28:16.0015 3848 ============================================================
20:28:16.0015 3848 Scan started
20:28:16.0015 3848 Mode: Manual; SigCheck; TDLFS;
20:28:16.0015 3848 ============================================================
20:28:16.0515 3848 Abiosdsk - ok
20:28:16.0531 3848 abp480n5 - ok
20:28:16.0546 3848 ac97intc - ok
20:28:16.0640 3848 ACPI (ea38c961260f29295c6d03070fa9d0b5) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:28:16.0656 3848 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: ea38c961260f29295c6d03070fa9d0b5, Fake md5: 8fd99680a539792a30e97944fdaecf17
20:28:16.0656 3848 ACPI ( Virus.Win32.Rloader.a ) - infected
20:28:16.0656 3848 ACPI - detected Virus.Win32.Rloader.a (0)
20:28:16.0718 3848 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:28:18.0500 3848 ACPIEC - ok
20:28:18.0531 3848 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
20:28:18.0828 3848 adpu160m - ok
20:28:18.0859 3848 adpu320 (0ea9b1f0c6c90a509c8603775366adb7) C:\WINDOWS\System32\DRIVERS\adpu320.sys
20:28:18.0890 3848 adpu320 ( UnsignedFile.Multi.Generic ) - warning
20:28:18.0890 3848 adpu320 - detected UnsignedFile.Multi.Generic (1)
20:28:18.0953 3848 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
20:28:19.0015 3848 aeaudio - ok
20:28:19.0062 3848 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:28:19.0265 3848 aec - ok
20:28:19.0312 3848 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:28:19.0421 3848 AFD - ok
20:28:19.0437 3848 Aha154x - ok
20:28:19.0484 3848 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
20:28:19.0703 3848 aic78u2 - ok
20:28:19.0734 3848 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
20:28:19.0968 3848 aic78xx - ok
20:28:20.0015 3848 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
20:28:20.0203 3848 Alerter - ok
20:28:20.0218 3848 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
20:28:20.0421 3848 ALG - ok
20:28:20.0421 3848 AliIde - ok
20:28:20.0437 3848 amsint - ok
20:28:20.0578 3848 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:28:20.0609 3848 Apple Mobile Device - ok
20:28:20.0671 3848 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
20:28:20.0890 3848 AppMgmt - ok
20:28:20.0906 3848 asc - ok
20:28:20.0921 3848 asc3350p - ok
20:28:20.0937 3848 asc3550 - ok
20:28:21.0078 3848 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:28:21.0156 3848 aspnet_state - ok
20:28:21.0187 3848 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:28:21.0390 3848 AsyncMac - ok
20:28:21.0421 3848 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:28:21.0640 3848 atapi - ok
20:28:21.0656 3848 Atdisk - ok
20:28:21.0718 3848 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:28:21.0921 3848 Atmarpc - ok
20:28:21.0984 3848 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
20:28:22.0187 3848 AudioSrv - ok
20:28:22.0250 3848 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:28:22.0437 3848 audstub - ok
20:28:22.0468 3848 bcm4sbxp (068523d2cd260069b19ad68adea0d739) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
20:28:22.0531 3848 bcm4sbxp - ok
20:28:22.0562 3848 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:28:22.0796 3848 Beep - ok
20:28:22.0859 3848 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
20:28:23.0140 3848 BITS - ok
20:28:23.0234 3848 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
20:28:23.0265 3848 Bonjour Service - ok
20:28:23.0312 3848 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
20:28:23.0515 3848 Browser - ok
20:28:23.0671 3848 catchme - ok
20:28:23.0703 3848 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:28:23.0921 3848 cbidf2k - ok
20:28:24.0000 3848 CCALib8 (20f89e232173985a455bc9a5f70d1166) C:\Program Files\Canon\CAL\CALMAIN.exe
20:28:24.0046 3848 CCALib8 ( UnsignedFile.Multi.Generic ) - warning
20:28:24.0046 3848 CCALib8 - detected UnsignedFile.Multi.Generic (1)
20:28:24.0093 3848 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:28:24.0265 3848 CCDECODE - ok
20:28:24.0281 3848 cd20xrnt - ok
20:28:24.0343 3848 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:28:24.0562 3848 Cdaudio - ok
20:28:24.0593 3848 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:28:24.0796 3848 Cdfs - ok
20:28:24.0843 3848 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:28:25.0046 3848 Cdrom - ok
20:28:25.0046 3848 Changer - ok
20:28:25.0093 3848 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
20:28:25.0265 3848 CiSvc - ok
20:28:25.0296 3848 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
20:28:25.0484 3848 ClipSrv - ok
20:28:25.0640 3848 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:28:25.0765 3848 clr_optimization_v2.0.50727_32 - ok
20:28:25.0781 3848 CmdIde - ok
20:28:25.0796 3848 COMSysApp - ok
20:28:25.0843 3848 Cpqarray - ok
20:28:25.0890 3848 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
20:28:26.0078 3848 CryptSvc - ok
20:28:26.0093 3848 dac2w2k - ok
20:28:26.0109 3848 dac960nt - ok
20:28:26.0171 3848 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
20:28:26.0296 3848 DcomLaunch - ok
20:28:26.0343 3848 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
20:28:26.0531 3848 Dhcp - ok
20:28:26.0562 3848 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:28:26.0734 3848 Disk - ok
20:28:26.0750 3848 dmadmin - ok
20:28:26.0859 3848 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:28:27.0078 3848 dmboot - ok
20:28:27.0125 3848 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:28:27.0312 3848 dmio - ok
20:28:27.0328 3848 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:28:27.0531 3848 dmload - ok
20:28:27.0578 3848 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
20:28:27.0750 3848 dmserver - ok
20:28:27.0796 3848 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:28:28.0000 3848 DMusic - ok
20:28:28.0046 3848 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
20:28:28.0156 3848 Dnscache - ok
20:28:28.0203 3848 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
20:28:28.0390 3848 Dot3svc - ok
20:28:28.0437 3848 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
20:28:28.0640 3848 dpti2o - ok
20:28:28.0687 3848 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:28:28.0843 3848 drmkaud - ok
20:28:28.0890 3848 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
20:28:29.0093 3848 E100B - ok
20:28:29.0156 3848 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
20:28:29.0328 3848 EapHost - ok
20:28:29.0359 3848 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
20:28:29.0546 3848 ERSvc - ok
20:28:29.0593 3848 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:28:29.0625 3848 Eventlog - ok
20:28:29.0671 3848 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
20:28:29.0734 3848 EventSystem - ok
20:28:29.0796 3848 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:28:30.0015 3848 Fastfat - ok
20:28:30.0062 3848 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:28:30.0171 3848 FastUserSwitchingCompatibility - ok
20:28:30.0218 3848 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
20:28:30.0390 3848 Fdc - ok
20:28:30.0421 3848 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:28:30.0593 3848 Fips - ok
20:28:30.0625 3848 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:28:30.0828 3848 Flpydisk - ok
20:28:30.0875 3848 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:28:31.0062 3848 FltMgr - ok
20:28:31.0203 3848 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:28:31.0218 3848 FontCache3.0.0.0 - ok
20:28:31.0281 3848 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:28:31.0484 3848 Fs_Rec - ok
20:28:31.0531 3848 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:28:31.0750 3848 Ftdisk - ok
20:28:31.0828 3848 GearAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:28:31.0843 3848 GearAspiWDM - ok
20:28:31.0937 3848 getPlus® Helper (35a1f815962f3552066c6be4c969d297) C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
20:28:32.0000 3848 getPlus® Helper - ok
20:28:32.0046 3848 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:28:32.0218 3848 Gpc - ok
20:28:32.0281 3848 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys
20:28:32.0343 3848 grmnusb - ok
20:28:32.0421 3848 gupdate1c95c931cacec94 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
20:28:32.0437 3848 gupdate1c95c931cacec94 - ok
20:28:32.0453 3848 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
20:28:32.0468 3848 gupdatem - ok
20:28:32.0515 3848 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:28:32.0546 3848 gusvc - ok
20:28:32.0609 3848 Halt (b636fb5126d7851789a681fb738a2a15) c:\program files\soccerwinners\halt\halt.exe
20:28:32.0640 3848 Halt ( UnsignedFile.Multi.Generic ) - warning
20:28:32.0640 3848 Halt - detected UnsignedFile.Multi.Generic (1)
20:28:32.0671 3848 HaltMonitor (8d287028886cfb7fb6770a9ff39b2c2e) c:\program files\soccerwinners\halt\haltmonitor.exe
20:28:32.0687 3848 HaltMonitor ( UnsignedFile.Multi.Generic ) - warning
20:28:32.0687 3848 HaltMonitor - detected UnsignedFile.Multi.Generic (1)
20:28:32.0796 3848 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:28:33.0000 3848 helpsvc - ok
20:28:33.0000 3848 HidServ - ok
20:28:33.0046 3848 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:28:33.0234 3848 HidUsb - ok
20:28:33.0281 3848 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
20:28:33.0468 3848 hkmsvc - ok
20:28:33.0468 3848 hpn - ok
20:28:33.0531 3848 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:28:33.0578 3848 HTTP - ok
20:28:33.0625 3848 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
20:28:33.0812 3848 HTTPFilter - ok
20:28:33.0828 3848 i2omgmt - ok
20:28:33.0843 3848 i2omp - ok
20:28:33.0890 3848 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:28:34.0078 3848 i8042prt - ok
20:28:34.0125 3848 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
20:28:34.0296 3848 i81x - ok
20:28:34.0343 3848 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
20:28:34.0500 3848 iAimFP0 - ok
20:28:34.0531 3848 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
20:28:34.0687 3848 iAimFP1 - ok
20:28:34.0718 3848 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
20:28:34.0875 3848 iAimFP2 - ok
20:28:34.0921 3848 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
20:28:35.0062 3848 iAimFP3 - ok
20:28:35.0093 3848 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
20:28:35.0250 3848 iAimFP4 - ok
20:28:35.0265 3848 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
20:28:35.0421 3848 iAimTV0 - ok
20:28:35.0453 3848 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
20:28:35.0609 3848 iAimTV1 - ok
20:28:35.0625 3848 iAimTV2 - ok
20:28:35.0703 3848 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
20:28:35.0859 3848 iAimTV3 - ok
20:28:35.0875 3848 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
20:28:36.0015 3848 iAimTV4 - ok
20:28:36.0078 3848 ialm (a79029861cb69cd3cf4eab9ebfee32dd) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
20:28:36.0296 3848 ialm - ok
20:28:36.0421 3848 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:28:36.0515 3848 IDriverT ( UnsignedFile.Multi.Generic ) - warning
20:28:36.0515 3848 IDriverT - detected UnsignedFile.Multi.Generic (1)
20:28:36.0718 3848 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:28:36.0781 3848 idsvc - ok
20:28:36.0859 3848 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\IMAPI.SYS
20:28:37.0062 3848 Imapi - ok
20:28:37.0109 3848 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
20:28:37.0281 3848 ImapiService - ok
20:28:37.0296 3848 ini910u - ok
20:28:37.0343 3848 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
20:28:37.0515 3848 IntelIde - ok
20:28:37.0562 3848 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:28:37.0718 3848 intelppm - ok
20:28:37.0781 3848 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:28:37.0953 3848 ip6fw - ok
20:28:38.0000 3848 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:28:38.0250 3848 IpFilterDriver - ok
20:28:38.0265 3848 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:28:38.0437 3848 IpInIp - ok
20:28:38.0484 3848 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:28:38.0671 3848 IpNat - ok
20:28:38.0796 3848 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
20:28:38.0890 3848 iPod Service - ok
20:28:38.0921 3848 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:28:39.0125 3848 IPSec - ok
20:28:39.0171 3848 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:28:39.0343 3848 IRENUM - ok
20:28:39.0406 3848 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:28:39.0578 3848 isapnp - ok
20:28:39.0734 3848 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Program Files\Java\jre6\bin\jqs.exe
20:28:39.0765 3848 JavaQuickStarterService - ok
20:28:39.0796 3848 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:28:39.0984 3848 Kbdclass - ok
20:28:40.0031 3848 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:28:40.0218 3848 kmixer - ok
20:28:40.0265 3848 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:28:40.0359 3848 KSecDD - ok
20:28:40.0406 3848 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
20:28:40.0484 3848 lanmanserver - ok
20:28:40.0531 3848 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
20:28:40.0593 3848 lanmanworkstation - ok
20:28:40.0609 3848 lbrtfdc - ok
20:28:40.0687 3848 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
20:28:40.0875 3848 LmHosts - ok
20:28:40.0921 3848 LVUSBSta (c5efbd05a5195402121711a6ebbb271f) C:\WINDOWS\system32\drivers\lvusbsta.sys
20:28:41.0046 3848 LVUSBSta - ok
20:28:41.0171 3848 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
20:28:41.0218 3848 MDM - ok
20:28:41.0281 3848 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
20:28:41.0453 3848 Messenger - ok
20:28:41.0484 3848 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:28:41.0687 3848 mnmdd - ok
20:28:41.0750 3848 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
20:28:41.0921 3848 mnmsrvc - ok
20:28:41.0968 3848 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:28:42.0156 3848 Modem - ok
20:28:42.0187 3848 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:28:42.0375 3848 Mouclass - ok
20:28:42.0421 3848 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:28:42.0640 3848 mouhid - ok
20:28:42.0671 3848 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:28:42.0859 3848 MountMgr - ok
20:28:42.0906 3848 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
20:28:42.0937 3848 MpFilter - ok
20:28:43.0125 3848 MpKsl17952e93 (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{36CC7A94-E15E-4165-BAFD-49F4FA4D2380}\MpKsl17952e93.sys
20:28:43.0140 3848 MpKsl17952e93 - ok
20:28:43.0140 3848 mraid35x - ok
20:28:43.0187 3848 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:28:43.0375 3848 MRxDAV - ok
20:28:43.0437 3848 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:28:43.0562 3848 MRxSmb - ok
20:28:43.0609 3848 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
20:28:43.0781 3848 MSDTC - ok
20:28:43.0859 3848 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:28:44.0046 3848 Msfs - ok
20:28:44.0062 3848 MSIServer - ok
20:28:44.0093 3848 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:28:44.0312 3848 MSKSSRV - ok
20:28:44.0437 3848 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
20:28:44.0453 3848 MsMpSvc - ok
20:28:44.0484 3848 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:28:44.0656 3848 MSPCLOCK - ok
20:28:44.0703 3848 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:28:44.0890 3848 MSPQM - ok
20:28:44.0921 3848 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:28:45.0093 3848 mssmbios - ok
20:28:45.0125 3848 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
20:28:45.0296 3848 MSTEE - ok
20:28:45.0343 3848 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:28:45.0406 3848 Mup - ok
20:28:45.0453 3848 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:28:45.0640 3848 NABTSFEC - ok
20:28:45.0718 3848 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
20:28:45.0906 3848 napagent - ok
20:28:45.0968 3848 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:28:46.0156 3848 NDIS - ok
20:28:46.0218 3848 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:28:46.0437 3848 NdisIP - ok
20:28:46.0703 3848 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:28:46.0781 3848 NdisTapi - ok
20:28:46.0843 3848 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:28:47.0015 3848 Ndisuio - ok
20:28:47.0062 3848 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:28:47.0250 3848 NdisWan - ok
20:28:47.0296 3848 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:28:47.0375 3848 NDProxy - ok
20:28:47.0421 3848 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:28:47.0593 3848 NetBIOS - ok
20:28:47.0640 3848 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:28:47.0828 3848 NetBT - ok
20:28:47.0875 3848 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:28:48.0046 3848 NetDDE - ok
20:28:48.0062 3848 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:28:48.0218 3848 NetDDEdsdm - ok
20:28:48.0265 3848 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:28:48.0437 3848 Netlogon - ok
20:28:48.0484 3848 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
20:28:48.0687 3848 Netman - ok
20:28:48.0796 3848 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:28:48.0828 3848 NetTcpPortSharing - ok
20:28:48.0890 3848 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
20:28:48.0937 3848 Nla - ok
20:28:48.0968 3848 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:28:49.0156 3848 Npfs - ok
20:28:49.0218 3848 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:28:49.0437 3848 Ntfs - ok
20:28:49.0484 3848 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
20:28:49.0640 3848 NtLmSsp - ok
20:28:49.0703 3848 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
20:28:49.0937 3848 NtmsSvc - ok
20:28:49.0968 3848 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:28:50.0187 3848 Null - ok
20:28:50.0234 3848 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:28:50.0453 3848 NwlnkFlt - ok
20:28:50.0484 3848 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:28:50.0671 3848 NwlnkFwd - ok
20:28:50.0781 3848 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:28:50.0812 3848 ose - ok
20:28:50.0859 3848 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
20:28:51.0046 3848 P3 - ok
20:28:51.0265 3848 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:28:51.0687 3848 Parport - ok
20:28:52.0015 3848 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:28:52.0562 3848 PartMgr - ok
20:28:52.0609 3848 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:28:52.0921 3848 ParVdm - ok
20:28:52.0968 3848 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:28:53.0187 3848 PCI - ok
20:28:53.0203 3848 PCIDump - ok
20:28:53.0250 3848 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:28:53.0812 3848 PCIIde - ok
20:28:53.0937 3848 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:28:54.0187 3848 Pcmcia - ok
20:28:54.0187 3848 PDCOMP - ok
20:28:54.0203 3848 PDFRAME - ok
20:28:54.0218 3848 PDRELI - ok
20:28:54.0250 3848 PDRFRAME - ok
20:28:54.0312 3848 pepifilter (2a3efd6c3f116675d149da5e36a010a4) C:\WINDOWS\system32\DRIVERS\lv302af.sys
20:28:54.0375 3848 pepifilter - ok
20:28:54.0390 3848 perc2 - ok
20:28:54.0421 3848 perc2hib - ok
20:28:54.0578 3848 PID_08A0 (cebefeae6156f4fee41f56be89ea9c96) C:\WINDOWS\system32\DRIVERS\LV302AV.SYS
20:28:54.0781 3848 PID_08A0 - ok
20:28:55.0140 3848 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:28:55.0218 3848 PlugPlay - ok
20:28:55.0265 3848 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:28:55.0453 3848 PolicyAgent - ok
20:28:55.0515 3848 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:28:55.0734 3848 PptpMiniport - ok
20:28:55.0796 3848 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
20:28:55.0984 3848 Processor - ok
20:28:56.0000 3848 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:28:56.0171 3848 ProtectedStorage - ok
20:28:56.0234 3848 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:28:56.0421 3848 PSched - ok
20:28:56.0500 3848 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:28:56.0703 3848 Ptilink - ok
20:28:56.0718 3848 ql1080 - ok
20:28:56.0734 3848 Ql10wnt - ok
20:28:56.0750 3848 ql12160 - ok
20:28:56.0765 3848 ql1240 - ok
20:28:56.0781 3848 ql1280 - ok
20:28:56.0875 3848 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:28:57.0046 3848 RasAcd - ok
20:28:57.0125 3848 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
20:28:57.0328 3848 RasAuto - ok
20:28:57.0406 3848 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:28:57.0609 3848 Rasl2tp - ok
20:28:57.0656 3848 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
20:28:57.0859 3848 RasMan - ok
20:28:57.0937 3848 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:28:58.0125 3848 RasPppoe - ok
20:28:58.0171 3848 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:28:58.0390 3848 Raspti - ok
20:28:58.0421 3848 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:28:58.0640 3848 Rdbss - ok
20:28:58.0671 3848 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:28:58.0906 3848 RDPCDD - ok
20:28:58.0953 3848 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:28:59.0140 3848 rdpdr - ok
20:28:59.0218 3848 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
20:28:59.0312 3848 RDPWD - ok
20:28:59.0437 3848 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
20:28:59.0703 3848 RDSessMgr - ok
20:28:59.0750 3848 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:28:59.0968 3848 redbook - ok
20:29:00.0000 3848 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
20:29:00.0187 3848 RemoteAccess - ok
20:29:00.0234 3848 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
20:29:00.0437 3848 RemoteRegistry - ok
20:29:00.0484 3848 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
20:29:00.0656 3848 RpcLocator - ok
20:29:00.0734 3848 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
20:29:00.0796 3848 RpcSs - ok
20:29:00.0843 3848 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
20:29:01.0062 3848 RSVP - ok
20:29:01.0109 3848 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:29:01.0265 3848 SamSs - ok
20:29:01.0312 3848 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
20:29:01.0531 3848 SCardSvr - ok
20:29:01.0625 3848 SCDEmu (91f8ecfe09ae8ad46a3ef012d32b14bc) C:\WINDOWS\system32\drivers\SCDEmu.sys
20:29:01.0656 3848 SCDEmu ( UnsignedFile.Multi.Generic ) - warning
20:29:01.0656 3848 SCDEmu - detected UnsignedFile.Multi.Generic (1)
20:29:01.0765 3848 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
20:29:01.0953 3848 Schedule - ok
20:29:02.0031 3848 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:29:02.0234 3848 Secdrv - ok
20:29:02.0390 3848 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
20:29:02.0578 3848 seclogon - ok
20:29:02.0843 3848 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
20:29:03.0015 3848 SENS - ok
20:29:03.0187 3848 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:29:03.0375 3848 serenum - ok
20:29:03.0500 3848 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:29:03.0718 3848 Serial - ok
20:29:03.0812 3848 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:29:04.0000 3848 Sfloppy - ok
20:29:04.0078 3848 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
20:29:04.0312 3848 SharedAccess - ok
20:29:04.0359 3848 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:29:04.0406 3848 ShellHWDetection - ok
20:29:04.0421 3848 Simbad - ok
20:29:04.0515 3848 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:29:04.0703 3848 SLIP - ok
20:29:04.0781 3848 smwdm (70b8dd8707dbf6142530c106365df67d) C:\WINDOWS\system32\drivers\smwdm.sys
20:29:04.0843 3848 smwdm - ok
20:29:04.0859 3848 Sparrow - ok
20:29:04.0890 3848 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:29:05.0078 3848 splitter - ok
20:29:05.0171 3848 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
20:29:05.0296 3848 Spooler - ok
20:29:05.0453 3848 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:29:05.0687 3848 sr - ok
20:29:06.0265 3848 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
20:29:06.0515 3848 srservice - ok
20:29:07.0421 3848 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:29:07.0546 3848 Srv - ok
20:29:08.0218 3848 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
20:29:08.0421 3848 SSDPSRV - ok
20:29:09.0359 3848 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
20:29:09.0593 3848 stisvc - ok
20:29:11.0140 3848 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:29:11.0359 3848 streamip - ok
20:29:11.0390 3848 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:29:11.0625 3848 swenum - ok
20:29:11.0703 3848 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:29:12.0140 3848 swmidi - ok
20:29:12.0140 3848 SwPrv - ok
20:29:12.0250 3848 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
20:29:12.0500 3848 symc810 - ok
20:29:12.0531 3848 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
20:29:12.0734 3848 symc8xx - ok
20:29:12.0781 3848 Symmpi (f2b7e8416f508368ac6730e2ae1c614f) C:\WINDOWS\System32\DRIVERS\symmpi.sys
20:29:12.0843 3848 Symmpi ( UnsignedFile.Multi.Generic ) - warning
20:29:12.0843 3848 Symmpi - detected UnsignedFile.Multi.Generic (1)
20:29:12.0890 3848 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
20:29:13.0203 3848 sym_hi - ok
20:29:13.0250 3848 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
20:29:13.0593 3848 sym_u3 - ok
20:29:13.0671 3848 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:29:13.0859 3848 sysaudio - ok
20:29:13.0906 3848 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
20:29:14.0093 3848 SysmonLog - ok
20:29:14.0156 3848 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
20:29:14.0375 3848 TapiSrv - ok
20:29:14.0437 3848 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:29:14.0515 3848 Tcpip - ok
20:29:14.0562 3848 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:29:14.0734 3848 TDPIPE - ok
20:29:14.0750 3848 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:29:14.0937 3848 TDTCP - ok
20:29:14.0984 3848 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:29:15.0171 3848 TermDD - ok
20:29:15.0218 3848 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
20:29:15.0421 3848 TermService - ok
20:29:15.0500 3848 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:29:15.0515 3848 Themes - ok
20:29:15.0562 3848 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\System32\tlntsvr.exe
20:29:15.0750 3848 TlntSvr - ok
20:29:15.0765 3848 TosIde - ok
20:29:15.0828 3848 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
20:29:16.0000 3848 TrkWks - ok
20:29:16.0062 3848 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:29:16.0250 3848 Udfs - ok
20:29:16.0265 3848 ultra - ok
20:29:16.0328 3848 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:29:16.0562 3848 Update - ok
20:29:16.0609 3848 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
20:29:16.0796 3848 upnphost - ok
20:29:16.0828 3848 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
20:29:17.0000 3848 UPS - ok
20:29:17.0062 3848 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
20:29:17.0125 3848 USBAAPL - ok
20:29:17.0171 3848 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
20:29:17.0375 3848 usbaudio - ok
20:29:17.0406 3848 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:29:17.0578 3848 usbccgp - ok
20:29:17.0609 3848 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:29:17.0796 3848 usbehci - ok
20:29:17.0828 3848 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:29:18.0015 3848 usbhub - ok
20:29:18.0062 3848 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:29:18.0390 3848 usbprint - ok
20:29:18.0421 3848 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:29:18.0593 3848 usbscan - ok
20:29:18.0640 3848 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:29:18.0828 3848 USBSTOR - ok
20:29:18.0859 3848 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:29:19.0046 3848 usbuhci - ok
20:29:19.0078 3848 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:29:19.0234 3848 VgaSave - ok
20:29:19.0281 3848 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
20:29:19.0437 3848 ViaIde - ok
20:29:19.0484 3848 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:29:19.0656 3848 VolSnap - ok
20:29:19.0718 3848 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
20:29:19.0906 3848 VSS - ok
20:29:19.0953 3848 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
20:29:20.0140 3848 W32Time - ok
20:29:20.0187 3848 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:29:20.0359 3848 Wanarp - ok
20:29:20.0375 3848 WDICA - ok
20:29:20.0406 3848 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:29:20.0593 3848 wdmaud - ok
20:29:20.0640 3848 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
20:29:20.0828 3848 WebClient - ok
20:29:20.0921 3848 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
20:29:21.0109 3848 winmgmt - ok
20:29:21.0281 3848 WLSetupSvc (94a85e956a065e23e0010a6a7826243b) C:\Program Files\Windows Live\installer\WLSetupSvc.exe
20:29:21.0375 3848 WLSetupSvc - ok
20:29:21.0421 3848 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
20:29:21.0484 3848 WmdmPmSN - ok
20:29:21.0546 3848 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
20:29:21.0640 3848 Wmi - ok
20:29:21.0703 3848 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
20:29:21.0875 3848 WmiApSrv - ok
20:29:21.0984 3848 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
20:29:22.0093 3848 WMPNetworkSvc - ok
20:29:22.0187 3848 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:29:22.0406 3848 WS2IFSL - ok
20:29:22.0453 3848 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
20:29:22.0640 3848 wscsvc - ok
20:29:22.0687 3848 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:29:22.0875 3848 WSTCODEC - ok
20:29:22.0921 3848 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
20:29:23.0093 3848 wuauserv - ok
20:29:23.0140 3848 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:29:23.0187 3848 WudfPf - ok
20:29:23.0218 3848 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
20:29:23.0265 3848 WudfSvc - ok
20:29:23.0328 3848 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
20:29:23.0562 3848 WZCSVC - ok
20:29:23.0625 3848 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
20:29:23.0781 3848 xmlprov - ok
20:29:23.0843 3848 {6080A529-897E-4629-A488-ABA0C29B635E} (3ee36328e860fbf102b54608a055c6be) C:\WINDOWS\system32\drivers\ialmsbw.sys
20:29:23.0890 3848 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
20:29:23.0937 3848 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (17f39a1916733ed228eb46ad67c35426) C:\WINDOWS\system32\drivers\ialmkchw.sys
20:29:23.0984 3848 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
20:29:24.0000 3848 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:29:24.0546 3848 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:29:24.0546 3848 \Device\Harddisk0\DR0 - detected TDSS File System (1)
20:29:24.0562 3848 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
20:29:25.0093 3848 \Device\Harddisk1\DR1 - ok
20:29:25.0093 3848 Boot (0x1200) (94470a9ba795b89879bcc4d6b282b276) \Device\Harddisk0\DR0\Partition0
20:29:25.0093 3848 \Device\Harddisk0\DR0\Partition0 - ok
20:29:25.0109 3848 Boot (0x1200) (4cadfca791ca63a414e0790bf27b2f15) \Device\Harddisk1\DR1\Partition0
20:29:25.0109 3848 \Device\Harddisk1\DR1\Partition0 - ok
20:29:25.0125 3848 ============================================================
20:29:25.0125 3848 Scan finished
20:29:25.0125 3848 ============================================================
20:29:25.0250 3696 Detected object count: 9
20:29:25.0250 3696 Actual detected object count: 9
20:30:05.0734 3696 C:\WINDOWS\system32\DRIVERS\ACPI.sys - copied to quarantine
20:30:06.0000 3696 Backup copy found, using it..
20:30:06.0109 3696 C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot
20:30:06.0109 3696 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure
20:30:06.0109 3696 adpu320 ( UnsignedFile.Multi.Generic ) - skipped by user
20:30:06.0109 3696 adpu320 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:30:06.0125 3696 CCALib8 ( UnsignedFile.Multi.Generic ) - skipped by user
20:30:06.0125 3696 CCALib8 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:30:06.0125 3696 Halt ( UnsignedFile.Multi.Generic ) - skipped by user
20:30:06.0125 3696 Halt ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:30:06.0125 3696 HaltMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
20:30:06.0125 3696 HaltMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:30:06.0140 3696 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
20:30:06.0140 3696 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:30:06.0140 3696 SCDEmu ( UnsignedFile.Multi.Generic ) - skipped by user
20:30:06.0140 3696 SCDEmu ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:30:06.0140 3696 Symmpi ( UnsignedFile.Multi.Generic ) - skipped by user
20:30:06.0156 3696 Symmpi ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:30:06.0156 3696 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
20:30:06.0156 3696 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip


RogueKiller V7.6.0 [06/26/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Michelle [Admin rights]
Mode: Shortcuts HJfix -- Date: 06/27/2012 20:48:30

¤¤¤ Bad processes: 2 ¤¤¤
[SUSP PATH] SFlyStudio.exe -- C:\Documents and Settings\Michelle\Desktop\Studio\BIN\SFlyStudio.exe -> KILLED [TermProc]
[SUSP PATH] SmileboxTray.exe -- C:\Documents and Settings\Michelle\Application Data\Smilebox\SmileboxTray.exe -> KILLED [TermProc]

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 0 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 27 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 58 / Fail 0
Backup: [NOT FOUND]

Drives:
[A:] \Device\Floppy0 -- 0x2 --> Skipped
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[E:] \Device\HarddiskVolume2 -- 0x3 --> Restored

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[1].txt >>
RKreport[1].txt



OTL logfile created on: 6/27/2012 8:52:14 PM - Run 4
OTL by OldTimer - Version 3.2.50.0 Folder = C:\Documents and Settings\Michelle\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 71.80% Memory free
2.09 Gb Paging File | 1.73 Gb Available in Paging File | 82.77% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 10.81 Gb Free Space | 14.51% Space Free | Partition Type: NTFS
Drive E: | 37.26 Gb Total Space | 3.58 Gb Free Space | 9.60% Space Free | Partition Type: FAT32

Computer Name: HOMEPC3 | User Name: Michelle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/20 19:25:28 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michelle\Desktop\OTL.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/09/19 14:50:22 | 000,993,280 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/07/19 17:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE


========== Modules (No Company Name) ==========

MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/11/03 09:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/08/31 16:44:40 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll
MOD - [2011/08/31 16:44:38 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll
MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/09/16 19:07:27 | 000,051,716 | ---- | M] () -- C:\WINDOWS\system32\pdf995mon.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/03/03 14:53:08 | 000,033,176 | ---- | M] (NOS Microsystems Ltd.) [Disabled | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2007/10/01 15:39:06 | 000,045,056 | ---- | M] ( ) [Disabled | Stopped] -- c:\Program Files\Soccerwinners\Halt\Halt.exe -- (Halt)
SRV - [2007/10/01 15:39:06 | 000,020,480 | ---- | M] ( ) [Disabled | Stopped] -- c:\Program Files\Soccerwinners\Halt\HaltMonitor.exe -- (HaltMonitor)
SRV - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Disabled | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\wATV03nt.sys -- (iAimTV2)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Rick\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)
DRV - [2012/06/27 20:37:03 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{19B62B28-0556-4437-A4FA-3BB0D682AE47}\MpKsl3e251709.sys -- (MpKsl3e251709)
DRV - [2006/05/20 04:15:25 | 000,030,588 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2005/05/27 03:46:22 | 000,913,280 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0) QuickCam IM(PID_08A0)
DRV - [2005/05/27 03:38:00 | 000,007,136 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2005/05/27 03:31:28 | 000,022,016 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2004/08/03 23:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/03 23:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/03 23:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/03 23:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/03 23:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/03 23:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/03 23:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/03 23:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/03 23:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/03 23:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2003/05/15 18:09:32 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2002/04/04 00:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\symmpi.sys -- (Symmpi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com...DT/0409/bl8.asp
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2527309032-1139936588-3641913080-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2527309032-1139936588-3641913080-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-2527309032-1139936588-3641913080-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2527309032-1139936588-3641913080-1007\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2527309032-1139936588-3641913080-1007\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2527309032-1139936588-3641913080-1007\..\SearchScopes,DefaultScope = {993686DF-984A-47D9-83CF-F544570F72F3}
IE - HKU\S-1-5-21-2527309032-1139936588-3641913080-1007\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2527309032-1139936588-3641913080-1007\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-2527309032-1139936588-3641913080-1007\..\SearchScopes\{993686DF-984A-47D9-83CF-F544570F72F3}: "URL" = http://www.google.ca...1I7GPEA_enCA304
IE - HKU\S-1-5-21-2527309032-1139936588-3641913080-1007\..\SearchScopes\{A586AAFC-3D30-49C0-B007-B18586008F31}: "URL" = http://search.yahoo....ei=utf-8&fr=ie8
IE - HKU\S-1-5-21-2527309032-1139936588-3641913080-1007\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...4&ctid=CT340574
IE - HKU\S-1-5-21-2527309032-1139936588-3641913080-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2527309032-1139936588-3641913080-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Documents and Settings\Michelle\Application Data\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\Michelle\Application Data\nprhapengine.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Michelle\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)



O1 HOSTS File: ([2012/06/26 19:55:01 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKU\S-1-5-21-2527309032-1139936588-3641913080-1007\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2527309032-1139936588-3641913080-1007\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2527309032-1139936588-3641913080-1007..\Run: [ShutterflyStudio] C:\Documents and Settings\Michelle\Desktop\Studio\BIN\SFlyStudio.exe ()
O4 - HKU\S-1-5-21-2527309032-1139936588-3641913080-1007..\Run: [SmileboxTray] C:\Documents and Settings\Michelle\Application Data\Smilebox\SmileboxTray.exe (Smilebox, Inc.)
O4 - HKU\S-1-5-21-2527309032-1139936588-3641913080-1007..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found
O4 - Startup: C:\Documents and Settings\Michelle\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2527309032-1139936588-3641913080-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2527309032-1139936588-3641913080-1007\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2527309032-1139936588-3641913080-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2527309032-1139936588-3641913080-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2527309032-1139936588-3641913080-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2527309032-1139936588-3641913080-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} https://securedoc.sa...wer.com/qp2.cab (QuickPlace Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} http://download.micr...20/pmupd806.exe (MSN Money Charting)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1179431535093 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1180668558656 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterf...ds/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.walmartph...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {C42B23DF-334C-4AD0-9AB4-91FF53D04239} file:///C:/Documents%20and%20Settings/Michelle/Application%20Data/Smilebox/OzDesktopImporter.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} http://www.walmartph...pv2.0.0.12.cab? (Photo Upload Plugin Class)
O16 - DPF: {F8FC1530-0608-11DF-2008-0800200C9A66} https://access.rcsd....ies/instweb.cab (CSD ActiveX Installer)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220 65.87.230.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1DEE6D3E-36FF-49A0-A898-A6C153E5FD93}: DhcpNameServer = 208.67.222.222 208.67.220.220 65.87.230.4
O18 - Protocol\Handler\intu-qt2007 {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll File not found
O18 - Protocol\Handler\intu-qt2008 {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-qt2009 {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files\QuickTax 2009\ic2009pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-tt2010 {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files\TurboTax 2010\ic2010pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-tt2011 {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files\TurboTax 2011\ic2011pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/12/21 06:18:12 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/27 20:36:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Desktop\RK_Quarantine
[2012/06/27 20:36:46 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Michelle\Desktop\OTL.exe
[2012/06/27 20:30:05 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/06/26 19:58:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/06/26 17:53:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/06/26 17:53:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/06/26 17:53:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/06/26 17:53:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/06/26 17:52:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/23 16:56:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/23 16:56:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/18 21:19:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\My Documents\Copy of K4J Get Moving Games
[2012/06/18 20:29:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Start Menu\Programs\Data Recovery
[2012/06/18 20:26:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Michelle\Recent
[2012/06/06 12:14:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2012/06/03 20:17:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/06/03 20:16:23 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/06/03 20:12:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2012/06/03 20:11:43 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/06/03 20:02:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2012/06/03 20:02:17 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/27 20:42:56 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/06/27 20:37:06 | 000,468,718 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/27 20:37:06 | 000,079,142 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/27 20:36:00 | 000,000,308 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\google.url
[2012/06/27 20:35:46 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8194FAB8-47E9-45C7-824B-B5F660D581C0}.job
[2012/06/27 20:34:50 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/27 20:34:49 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/27 20:32:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/27 20:32:46 | 1601,753,088 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/26 20:07:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/26 19:55:01 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/06/26 17:36:37 | 001,535,488 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\RogueKiller.exe
[2012/06/25 18:32:23 | 000,000,005 | ---- | M] () -- C:\test.bat
[2012/06/23 13:45:26 | 000,000,244 | ---- | M] () -- C:\sqmnoopt18.sqm
[2012/06/23 13:45:26 | 000,000,232 | ---- | M] () -- C:\sqmdata17.sqm
[2012/06/20 19:25:28 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michelle\Desktop\OTL.exe
[2012/06/18 20:30:00 | 000,000,855 | ---- | M] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
[2012/06/18 20:30:00 | 000,000,837 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\Data_Recovery.lnk
[2012/06/13 05:17:05 | 000,356,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/12 21:06:23 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/06 12:14:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/06/03 20:17:24 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/05/31 13:28:02 | 000,149,361 | ---- | M] () -- C:\Documents and Settings\Michelle\My Documents\shiki
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/27 20:36:46 | 001,535,488 | ---- | C] () -- C:\Documents and Settings\Michelle\Desktop\RogueKiller.exe
[2012/06/27 20:35:39 | 000,000,308 | ---- | C] () -- C:\Documents and Settings\Michelle\Desktop\google.url
[2012/06/26 17:53:27 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/06/26 17:53:27 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/06/26 17:53:27 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/06/26 17:53:27 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/06/26 17:53:27 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/06/25 18:32:05 | 000,000,005 | ---- | C] () -- C:\test.bat
[2012/06/23 13:45:26 | 000,000,244 | ---- | C] () -- C:\sqmnoopt18.sqm
[2012/06/23 13:45:26 | 000,000,232 | ---- | C] () -- C:\sqmdata17.sqm
[2012/06/22 20:50:01 | 000,001,846 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN Explorer.lnk
[2012/06/22 20:50:01 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/06/22 20:50:01 | 000,001,605 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2012/06/22 20:50:00 | 000,002,387 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Money 2003.lnk
[2012/06/22 20:49:58 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2012/06/22 20:49:58 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/06/21 21:54:35 | 1601,753,088 | -HS- | C] () -- C:\hiberfil.sys
[2012/06/18 20:30:00 | 000,000,855 | ---- | C] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
[2012/06/18 20:30:00 | 000,000,837 | ---- | C] () -- C:\Documents and Settings\Michelle\Desktop\Data_Recovery.lnk
[2012/06/03 20:17:24 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/06/03 19:51:04 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/05/31 13:28:00 | 000,149,361 | ---- | C] () -- C:\Documents and Settings\Michelle\My Documents\shiki
[2011/09/15 22:04:01 | 000,000,129 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/04/02 17:25:14 | 000,080,808 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/09/04 14:50:41 | 000,001,664 | -H-- | C] () -- C:\WINDOWS\lsrslt.ini

========== LOP Check ==========

[2007/06/24 18:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/05/21 20:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2010/04/07 16:48:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2009/02/08 23:23:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2012/05/27 16:20:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2007/07/09 18:40:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
[2010/12/28 23:05:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/19 21:56:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew and Caleb\Application Data\iScreensaver
[2010/04/26 13:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew and Caleb\Application Data\pdf995
[2008/09/10 21:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Aim
[2007/11/06 21:35:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Canon
[2011/04/12 15:47:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Cisco
[2009/08/31 19:38:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/02/21 12:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Facebook
[2010/05/21 20:56:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\GARMIN
[2010/04/19 10:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\LEGO Company
[2007/07/02 20:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Shutterfly
[2012/06/23 21:50:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Smilebox
[2009/07/11 22:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Template
[2009/11/19 16:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Unity
[2007/06/07 22:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\.BitTornado
[2011/08/27 20:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\calibre
[2011/10/10 12:04:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\Canon
[2007/06/08 21:31:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\IsolatedStorage
[2009/02/25 21:12:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\muvee Technologies
[2010/07/14 22:28:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\OpenDNS Updater
[2007/09/16 19:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\pdf995
[2008/08/23 21:21:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\Regen
[2009/01/25 16:17:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\Sparx Systems
[2012/06/10 17:51:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\uTorrent
[2012/06/27 20:35:46 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{8194FAB8-47E9-45C7-824B-B5F660D581C0}.job

========== Purity Check ==========



< End of report >
  • 0

#20
Essexboy
Posted 28 June 2012 - 07:38 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK the atapi file is now fixed... Michelle should have the icons and menus back now.. And you were right that is the user that got the original infection

First could you re-run TDSSKiller with the same parameters as before, and when you see this element select delete :

\Device\Harddisk0\DR0 ( TDSS File System )

Now to remove the bits from this user. Once done could you let me know if all users are behaving themselves with no problems/errors

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :OTL
    O3 - HKU\S-1-5-21-2527309032-1139936588-3641913080-1007\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-2527309032-1139936588-3641913080-1007\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O7 - HKU\S-1-5-21-2527309032-1139936588-3641913080-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
    [2012/06/18 20:30:00 | 000,000,855 | ---- | M] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
    [2012/06/18 20:30:00 | 000,000,837 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\Data_Recovery.lnk

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#21
Rick1974
Posted 28 June 2012 - 06:58 PM

Rick1974

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Re-ran TDDSKiller. Log is below.
Ran the OTL fix. Log is below. After reboot Michelle's desktop shortcuts re-appeared. The desktop background was none... used to be Bliss so I changed that back manually.

Ran the OTL quick scan. Log is below.

Michelle's Start Menu still appears unusual.
- The pinned Internet Explorer shortcut is now Internet Explorer (No Add-ons)
- There are several shortcuts/folders missing. i.e. My Documents, My Recent Documents, My Pictures, My Music, My Computer, My Network Places, Control Panel, Set Program Access and Defaults, Printers and Faxes, Help and Support, Search, Run


17:22:32.0328 3632 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
17:22:32.0750 3632 ============================================================
17:22:32.0750 3632 Current date / time: 2012/06/28 17:22:32.0750
17:22:32.0750 3632 SystemInfo:
17:22:32.0750 3632
17:22:32.0750 3632 OS Version: 5.1.2600 ServicePack: 3.0
17:22:32.0750 3632 Product type: Workstation
17:22:32.0750 3632 ComputerName: HOMEPC3
17:22:32.0750 3632 UserName: Michelle
17:22:32.0750 3632 Windows directory: C:\WINDOWS
17:22:32.0750 3632 System windows directory: C:\WINDOWS
17:22:32.0750 3632 Processor architecture: Intel x86
17:22:32.0750 3632 Number of processors: 1
17:22:32.0750 3632 Page size: 0x1000
17:22:32.0750 3632 Boot type: Normal boot
17:22:32.0750 3632 ============================================================
17:22:34.0765 3632 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:22:34.0828 3632 Drive \Device\Harddisk1\DR1 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:22:34.0828 3632 ============================================================
17:22:34.0828 3632 \Device\Harddisk0\DR0:
17:22:34.0828 3632 MBR partitions:
17:22:34.0828 3632 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
17:22:34.0828 3632 \Device\Harddisk1\DR1:
17:22:34.0828 3632 MBR partitions:
17:22:34.0828 3632 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x4A89182
17:22:34.0828 3632 ============================================================
17:22:34.0859 3632 C: <-> \Device\Harddisk0\DR0\Partition0
17:22:34.0859 3632 E: <-> \Device\Harddisk1\DR1\Partition0
17:22:34.0859 3632 ============================================================
17:22:34.0859 3632 Initialize success
17:22:34.0859 3632 ============================================================
17:22:48.0843 0576 ============================================================
17:22:48.0843 0576 Scan started
17:22:48.0843 0576 Mode: Manual; SigCheck; TDLFS;
17:22:48.0843 0576 ============================================================
17:22:49.0281 0576 Abiosdsk - ok
17:22:49.0312 0576 abp480n5 - ok
17:22:49.0312 0576 ac97intc - ok
17:22:49.0390 0576 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:22:50.0656 0576 ACPI - ok
17:22:50.0687 0576 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:22:50.0906 0576 ACPIEC - ok
17:22:50.0937 0576 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
17:22:51.0171 0576 adpu160m - ok
17:22:51.0203 0576 adpu320 (0ea9b1f0c6c90a509c8603775366adb7) C:\WINDOWS\System32\DRIVERS\adpu320.sys
17:22:51.0234 0576 adpu320 ( UnsignedFile.Multi.Generic ) - warning
17:22:51.0234 0576 adpu320 - detected UnsignedFile.Multi.Generic (1)
17:22:51.0281 0576 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
17:22:51.0343 0576 aeaudio - ok
17:22:51.0406 0576 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:22:51.0593 0576 aec - ok
17:22:51.0640 0576 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:22:51.0718 0576 AFD - ok
17:22:51.0718 0576 Aha154x - ok
17:22:51.0781 0576 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
17:22:51.0984 0576 aic78u2 - ok
17:22:52.0015 0576 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
17:22:52.0234 0576 aic78xx - ok
17:22:52.0281 0576 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
17:22:52.0468 0576 Alerter - ok
17:22:52.0500 0576 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
17:22:52.0687 0576 ALG - ok
17:22:52.0703 0576 AliIde - ok
17:22:52.0718 0576 amsint - ok
17:22:52.0843 0576 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:22:52.0875 0576 Apple Mobile Device - ok
17:22:52.0937 0576 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
17:22:53.0125 0576 AppMgmt - ok
17:22:53.0140 0576 asc - ok
17:22:53.0156 0576 asc3350p - ok
17:22:53.0171 0576 asc3550 - ok
17:22:53.0312 0576 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:22:53.0328 0576 aspnet_state - ok
17:22:53.0359 0576 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:22:53.0578 0576 AsyncMac - ok
17:22:53.0625 0576 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:22:53.0828 0576 atapi - ok
17:22:53.0843 0576 Atdisk - ok
17:22:53.0875 0576 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:22:54.0078 0576 Atmarpc - ok
17:22:54.0125 0576 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
17:22:54.0312 0576 AudioSrv - ok
17:22:54.0359 0576 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:22:54.0546 0576 audstub - ok
17:22:54.0609 0576 bcm4sbxp (068523d2cd260069b19ad68adea0d739) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
17:22:54.0640 0576 bcm4sbxp - ok
17:22:54.0671 0576 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:22:54.0875 0576 Beep - ok
17:22:54.0937 0576 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
17:22:55.0203 0576 BITS - ok
17:22:55.0296 0576 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
17:22:55.0328 0576 Bonjour Service - ok
17:22:55.0375 0576 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
17:22:55.0562 0576 Browser - ok
17:22:55.0703 0576 catchme - ok
17:22:55.0750 0576 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:22:55.0953 0576 cbidf2k - ok
17:22:56.0031 0576 CCALib8 (20f89e232173985a455bc9a5f70d1166) C:\Program Files\Canon\CAL\CALMAIN.exe
17:22:56.0062 0576 CCALib8 ( UnsignedFile.Multi.Generic ) - warning
17:22:56.0062 0576 CCALib8 - detected UnsignedFile.Multi.Generic (1)
17:22:56.0125 0576 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:22:56.0296 0576 CCDECODE - ok
17:22:56.0312 0576 cd20xrnt - ok
17:22:56.0359 0576 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:22:56.0578 0576 Cdaudio - ok
17:22:56.0625 0576 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:22:56.0812 0576 Cdfs - ok
17:22:56.0859 0576 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:22:57.0046 0576 Cdrom - ok
17:22:57.0062 0576 Changer - ok
17:22:57.0109 0576 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
17:22:57.0296 0576 CiSvc - ok
17:22:57.0328 0576 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
17:22:57.0515 0576 ClipSrv - ok
17:22:57.0656 0576 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:22:57.0687 0576 clr_optimization_v2.0.50727_32 - ok
17:22:57.0703 0576 CmdIde - ok
17:22:57.0718 0576 COMSysApp - ok
17:22:57.0734 0576 Cpqarray - ok
17:22:57.0796 0576 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
17:22:57.0984 0576 CryptSvc - ok
17:22:58.0000 0576 dac2w2k - ok
17:22:58.0015 0576 dac960nt - ok
17:22:58.0078 0576 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
17:22:58.0187 0576 DcomLaunch - ok
17:22:58.0234 0576 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
17:22:58.0421 0576 Dhcp - ok
17:22:58.0453 0576 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:22:58.0625 0576 Disk - ok
17:22:58.0625 0576 dmadmin - ok
17:22:58.0703 0576 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:22:58.0937 0576 dmboot - ok
17:22:59.0000 0576 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:22:59.0203 0576 dmio - ok
17:22:59.0218 0576 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:22:59.0406 0576 dmload - ok
17:22:59.0500 0576 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
17:22:59.0671 0576 dmserver - ok
17:22:59.0718 0576 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:22:59.0890 0576 DMusic - ok
17:22:59.0984 0576 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
17:23:00.0062 0576 Dnscache - ok
17:23:00.0109 0576 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
17:23:00.0281 0576 Dot3svc - ok
17:23:00.0312 0576 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
17:23:00.0531 0576 dpti2o - ok
17:23:00.0562 0576 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:23:00.0734 0576 drmkaud - ok
17:23:00.0781 0576 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
17:23:00.0984 0576 E100B - ok
17:23:01.0031 0576 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
17:23:01.0218 0576 EapHost - ok
17:23:01.0250 0576 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
17:23:01.0437 0576 ERSvc - ok
17:23:01.0484 0576 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:23:01.0531 0576 Eventlog - ok
17:23:01.0578 0576 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
17:23:01.0625 0576 EventSystem - ok
17:23:01.0687 0576 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:23:01.0859 0576 Fastfat - ok
17:23:01.0906 0576 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:23:02.0000 0576 FastUserSwitchingCompatibility - ok
17:23:02.0046 0576 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:23:02.0234 0576 Fdc - ok
17:23:02.0265 0576 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:23:02.0437 0576 Fips - ok
17:23:02.0468 0576 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:23:02.0640 0576 Flpydisk - ok
17:23:02.0687 0576 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:23:02.0890 0576 FltMgr - ok
17:23:03.0062 0576 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:23:03.0078 0576 FontCache3.0.0.0 - ok
17:23:03.0125 0576 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:23:03.0343 0576 Fs_Rec - ok
17:23:03.0375 0576 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:23:03.0609 0576 Ftdisk - ok
17:23:03.0656 0576 GearAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:23:03.0656 0576 GearAspiWDM - ok
17:23:03.0750 0576 getPlus® Helper (35a1f815962f3552066c6be4c969d297) C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
17:23:03.0750 0576 getPlus® Helper - ok
17:23:03.0796 0576 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:23:03.0968 0576 Gpc - ok
17:23:04.0015 0576 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys
17:23:04.0062 0576 grmnusb - ok
17:23:04.0140 0576 gupdate1c95c931cacec94 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
17:23:04.0156 0576 gupdate1c95c931cacec94 - ok
17:23:04.0171 0576 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
17:23:04.0187 0576 gupdatem - ok
17:23:04.0234 0576 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
17:23:04.0265 0576 gusvc - ok
17:23:04.0328 0576 Halt (b636fb5126d7851789a681fb738a2a15) c:\program files\soccerwinners\halt\halt.exe
17:23:04.0343 0576 Halt ( UnsignedFile.Multi.Generic ) - warning
17:23:04.0343 0576 Halt - detected UnsignedFile.Multi.Generic (1)
17:23:04.0359 0576 HaltMonitor (8d287028886cfb7fb6770a9ff39b2c2e) c:\program files\soccerwinners\halt\haltmonitor.exe
17:23:04.0390 0576 HaltMonitor ( UnsignedFile.Multi.Generic ) - warning
17:23:04.0390 0576 HaltMonitor - detected UnsignedFile.Multi.Generic (1)
17:23:04.0468 0576 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:23:04.0656 0576 helpsvc - ok
17:23:04.0671 0576 HidServ - ok
17:23:04.0718 0576 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:23:04.0890 0576 HidUsb - ok
17:23:04.0937 0576 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
17:23:05.0109 0576 hkmsvc - ok
17:23:05.0125 0576 hpn - ok
17:23:05.0187 0576 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:23:05.0250 0576 HTTP - ok
17:23:05.0281 0576 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
17:23:05.0453 0576 HTTPFilter - ok
17:23:05.0468 0576 i2omgmt - ok
17:23:05.0484 0576 i2omp - ok
17:23:05.0515 0576 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:23:05.0718 0576 i8042prt - ok
17:23:05.0750 0576 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
17:23:05.0906 0576 i81x - ok
17:23:05.0953 0576 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
17:23:06.0109 0576 iAimFP0 - ok
17:23:06.0140 0576 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
17:23:06.0296 0576 iAimFP1 - ok
17:23:06.0328 0576 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
17:23:06.0468 0576 iAimFP2 - ok
17:23:06.0500 0576 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
17:23:06.0640 0576 iAimFP3 - ok
17:23:06.0671 0576 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
17:23:06.0828 0576 iAimFP4 - ok
17:23:06.0859 0576 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
17:23:07.0015 0576 iAimTV0 - ok
17:23:07.0046 0576 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
17:23:07.0187 0576 iAimTV1 - ok
17:23:07.0203 0576 iAimTV2 - ok
17:23:07.0250 0576 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
17:23:07.0390 0576 iAimTV3 - ok
17:23:07.0437 0576 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
17:23:07.0562 0576 iAimTV4 - ok
17:23:07.0609 0576 ialm (a79029861cb69cd3cf4eab9ebfee32dd) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
17:23:07.0812 0576 ialm - ok
17:23:07.0937 0576 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:23:07.0968 0576 IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:23:07.0968 0576 IDriverT - detected UnsignedFile.Multi.Generic (1)
17:23:08.0140 0576 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:23:08.0218 0576 idsvc - ok
17:23:08.0250 0576 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\IMAPI.SYS
17:23:08.0437 0576 Imapi - ok
17:23:08.0500 0576 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
17:23:08.0656 0576 ImapiService - ok
17:23:08.0687 0576 ini910u - ok
17:23:08.0734 0576 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
17:23:08.0906 0576 IntelIde - ok
17:23:08.0937 0576 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:23:09.0093 0576 intelppm - ok
17:23:09.0156 0576 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:23:09.0312 0576 ip6fw - ok
17:23:09.0375 0576 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:23:09.0578 0576 IpFilterDriver - ok
17:23:09.0625 0576 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:23:09.0781 0576 IpInIp - ok
17:23:09.0828 0576 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:23:10.0015 0576 IpNat - ok
17:23:10.0140 0576 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
17:23:10.0218 0576 iPod Service - ok
17:23:10.0250 0576 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:23:10.0437 0576 IPSec - ok
17:23:10.0500 0576 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:23:10.0671 0576 IRENUM - ok
17:23:10.0718 0576 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:23:10.0906 0576 isapnp - ok
17:23:11.0093 0576 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Program Files\Java\jre6\bin\jqs.exe
17:23:11.0140 0576 JavaQuickStarterService - ok
17:23:11.0187 0576 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:23:11.0359 0576 Kbdclass - ok
17:23:11.0406 0576 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:23:11.0578 0576 kmixer - ok
17:23:11.0625 0576 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:23:11.0703 0576 KSecDD - ok
17:23:11.0750 0576 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
17:23:11.0812 0576 lanmanserver - ok
17:23:11.0859 0576 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
17:23:11.0921 0576 lanmanworkstation - ok
17:23:11.0937 0576 lbrtfdc - ok
17:23:12.0015 0576 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
17:23:12.0187 0576 LmHosts - ok
17:23:12.0218 0576 LVUSBSta (c5efbd05a5195402121711a6ebbb271f) C:\WINDOWS\system32\drivers\lvusbsta.sys
17:23:12.0296 0576 LVUSBSta - ok
17:23:12.0437 0576 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
17:23:12.0484 0576 MDM - ok
17:23:12.0562 0576 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
17:23:12.0734 0576 Messenger - ok
17:23:12.0765 0576 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:23:13.0000 0576 mnmdd - ok
17:23:13.0031 0576 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
17:23:13.0203 0576 mnmsrvc - ok
17:23:13.0250 0576 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:23:13.0437 0576 Modem - ok
17:23:13.0468 0576 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:23:13.0640 0576 Mouclass - ok
17:23:13.0687 0576 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:23:13.0890 0576 mouhid - ok
17:23:13.0937 0576 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:23:14.0093 0576 MountMgr - ok
17:23:14.0140 0576 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
17:23:14.0171 0576 MpFilter - ok
17:23:14.0359 0576 MpKsl3e251709 (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{19B62B28-0556-4437-A4FA-3BB0D682AE47}\MpKsl3e251709.sys
17:23:14.0375 0576 MpKsl3e251709 - ok
17:23:14.0390 0576 mraid35x - ok
17:23:14.0453 0576 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:23:14.0640 0576 MRxDAV - ok
17:23:14.0703 0576 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:23:14.0796 0576 MRxSmb - ok
17:23:14.0828 0576 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
17:23:15.0015 0576 MSDTC - ok
17:23:15.0078 0576 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:23:15.0250 0576 Msfs - ok
17:23:15.0265 0576 MSIServer - ok
17:23:15.0312 0576 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:23:15.0484 0576 MSKSSRV - ok
17:23:15.0578 0576 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
17:23:15.0609 0576 MsMpSvc - ok
17:23:15.0640 0576 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:23:15.0796 0576 MSPCLOCK - ok
17:23:15.0843 0576 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:23:16.0015 0576 MSPQM - ok
17:23:16.0062 0576 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:23:16.0218 0576 mssmbios - ok
17:23:16.0250 0576 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:23:16.0421 0576 MSTEE - ok
17:23:16.0468 0576 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:23:16.0500 0576 Mup - ok
17:23:16.0546 0576 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:23:16.0734 0576 NABTSFEC - ok
17:23:16.0796 0576 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
17:23:16.0984 0576 napagent - ok
17:23:17.0046 0576 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:23:17.0234 0576 NDIS - ok
17:23:17.0281 0576 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:23:17.0453 0576 NdisIP - ok
17:23:17.0500 0576 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:23:17.0546 0576 NdisTapi - ok
17:23:17.0609 0576 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:23:17.0781 0576 Ndisuio - ok
17:23:17.0812 0576 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:23:18.0015 0576 NdisWan - ok
17:23:18.0062 0576 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:23:18.0109 0576 NDProxy - ok
17:23:18.0156 0576 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:23:18.0328 0576 NetBIOS - ok
17:23:18.0375 0576 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:23:18.0546 0576 NetBT - ok
17:23:18.0593 0576 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:23:18.0765 0576 NetDDE - ok
17:23:18.0781 0576 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:23:18.0937 0576 NetDDEdsdm - ok
17:23:18.0984 0576 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:23:19.0187 0576 Netlogon - ok
17:23:19.0234 0576 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
17:23:19.0406 0576 Netman - ok
17:23:19.0546 0576 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:23:19.0562 0576 NetTcpPortSharing - ok
17:23:19.0609 0576 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
17:23:19.0656 0576 Nla - ok
17:23:19.0687 0576 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:23:19.0859 0576 Npfs - ok
17:23:19.0921 0576 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:23:20.0140 0576 Ntfs - ok
17:23:20.0187 0576 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
17:23:20.0343 0576 NtLmSsp - ok
17:23:20.0406 0576 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
17:23:20.0609 0576 NtmsSvc - ok
17:23:20.0640 0576 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:23:20.0843 0576 Null - ok
17:23:20.0890 0576 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:23:21.0078 0576 NwlnkFlt - ok
17:23:21.0109 0576 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:23:21.0296 0576 NwlnkFwd - ok
17:23:21.0406 0576 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:23:21.0437 0576 ose - ok
17:23:21.0531 0576 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
17:23:21.0703 0576 P3 - ok
17:23:21.0750 0576 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
17:23:21.0937 0576 Parport - ok
17:23:21.0984 0576 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:23:22.0171 0576 PartMgr - ok
17:23:22.0218 0576 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:23:22.0437 0576 ParVdm - ok
17:23:22.0484 0576 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:23:22.0671 0576 PCI - ok
17:23:22.0687 0576 PCIDump - ok
17:23:22.0734 0576 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:23:22.0921 0576 PCIIde - ok
17:23:22.0968 0576 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:23:23.0156 0576 Pcmcia - ok
17:23:23.0171 0576 PDCOMP - ok
17:23:23.0187 0576 PDFRAME - ok
17:23:23.0203 0576 PDRELI - ok
17:23:23.0218 0576 PDRFRAME - ok
17:23:23.0265 0576 pepifilter (2a3efd6c3f116675d149da5e36a010a4) C:\WINDOWS\system32\DRIVERS\lv302af.sys
17:23:23.0296 0576 pepifilter - ok
17:23:23.0312 0576 perc2 - ok
17:23:23.0328 0576 perc2hib - ok
17:23:23.0437 0576 PID_08A0 (cebefeae6156f4fee41f56be89ea9c96) C:\WINDOWS\system32\DRIVERS\LV302AV.SYS
17:23:23.0562 0576 PID_08A0 - ok
17:23:23.0625 0576 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:23:23.0671 0576 PlugPlay - ok
17:23:23.0718 0576 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:23:23.0859 0576 PolicyAgent - ok
17:23:23.0906 0576 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:23:24.0109 0576 PptpMiniport - ok
17:23:24.0140 0576 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
17:23:24.0312 0576 Processor - ok
17:23:24.0328 0576 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:23:24.0484 0576 ProtectedStorage - ok
17:23:24.0546 0576 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:23:24.0734 0576 PSched - ok
17:23:24.0781 0576 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:23:25.0000 0576 Ptilink - ok
17:23:25.0015 0576 ql1080 - ok
17:23:25.0031 0576 Ql10wnt - ok
17:23:25.0031 0576 ql12160 - ok
17:23:25.0046 0576 ql1240 - ok
17:23:25.0062 0576 ql1280 - ok
17:23:25.0109 0576 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:23:25.0296 0576 RasAcd - ok
17:23:25.0343 0576 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
17:23:25.0515 0576 RasAuto - ok
17:23:25.0562 0576 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:23:25.0750 0576 Rasl2tp - ok
17:23:25.0796 0576 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
17:23:25.0984 0576 RasMan - ok
17:23:26.0046 0576 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:23:26.0234 0576 RasPppoe - ok
17:23:26.0296 0576 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:23:26.0500 0576 Raspti - ok
17:23:26.0531 0576 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:23:26.0703 0576 Rdbss - ok
17:23:26.0750 0576 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:23:26.0937 0576 RDPCDD - ok
17:23:26.0984 0576 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:23:27.0171 0576 rdpdr - ok
17:23:27.0234 0576 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
17:23:27.0296 0576 RDPWD - ok
17:23:27.0343 0576 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
17:23:27.0531 0576 RDSessMgr - ok
17:23:27.0578 0576 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:23:27.0765 0576 redbook - ok
17:23:27.0812 0576 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
17:23:27.0984 0576 RemoteAccess - ok
17:23:28.0062 0576 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
17:23:28.0250 0576 RemoteRegistry - ok
17:23:28.0296 0576 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
17:23:28.0468 0576 RpcLocator - ok
17:23:28.0531 0576 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
17:23:28.0578 0576 RpcSs - ok
17:23:28.0640 0576 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
17:23:28.0859 0576 RSVP - ok
17:23:28.0906 0576 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:23:29.0062 0576 SamSs - ok
17:23:29.0109 0576 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
17:23:29.0296 0576 SCardSvr - ok
17:23:29.0328 0576 SCDEmu (91f8ecfe09ae8ad46a3ef012d32b14bc) C:\WINDOWS\system32\drivers\SCDEmu.sys
17:23:29.0328 0576 SCDEmu ( UnsignedFile.Multi.Generic ) - warning
17:23:29.0328 0576 SCDEmu - detected UnsignedFile.Multi.Generic (1)
17:23:29.0375 0576 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
17:23:29.0562 0576 Schedule - ok
17:23:29.0625 0576 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:23:29.0781 0576 Secdrv - ok
17:23:29.0828 0576 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
17:23:30.0000 0576 seclogon - ok
17:23:30.0031 0576 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
17:23:30.0203 0576 SENS - ok
17:23:30.0234 0576 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:23:30.0406 0576 serenum - ok
17:23:30.0453 0576 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
17:23:30.0640 0576 Serial - ok
17:23:30.0687 0576 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:23:30.0859 0576 Sfloppy - ok
17:23:30.0921 0576 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
17:23:31.0140 0576 SharedAccess - ok
17:23:31.0187 0576 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:23:31.0234 0576 ShellHWDetection - ok
17:23:31.0250 0576 Simbad - ok
17:23:31.0296 0576 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:23:31.0468 0576 SLIP - ok
17:23:31.0546 0576 smwdm (70b8dd8707dbf6142530c106365df67d) C:\WINDOWS\system32\drivers\smwdm.sys
17:23:31.0609 0576 smwdm - ok
17:23:31.0625 0576 Sparrow - ok
17:23:31.0671 0576 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:23:31.0843 0576 splitter - ok
17:23:31.0890 0576 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
17:23:31.0953 0576 Spooler - ok
17:23:32.0031 0576 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:23:32.0218 0576 sr - ok
17:23:32.0265 0576 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
17:23:32.0437 0576 srservice - ok
17:23:32.0500 0576 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:23:32.0609 0576 Srv - ok
17:23:32.0625 0576 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
17:23:32.0828 0576 SSDPSRV - ok
17:23:32.0859 0576 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
17:23:33.0078 0576 stisvc - ok
17:23:33.0140 0576 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:23:33.0312 0576 streamip - ok
17:23:33.0343 0576 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:23:33.0515 0576 swenum - ok
17:23:33.0546 0576 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:23:33.0718 0576 swmidi - ok
17:23:33.0718 0576 SwPrv - ok
17:23:33.0765 0576 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
17:23:33.0984 0576 symc810 - ok
17:23:34.0015 0576 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
17:23:34.0218 0576 symc8xx - ok
17:23:34.0250 0576 Symmpi (f2b7e8416f508368ac6730e2ae1c614f) C:\WINDOWS\System32\DRIVERS\symmpi.sys
17:23:34.0281 0576 Symmpi ( UnsignedFile.Multi.Generic ) - warning
17:23:34.0281 0576 Symmpi - detected UnsignedFile.Multi.Generic (1)
17:23:34.0312 0576 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
17:23:34.0500 0576 sym_hi - ok
17:23:34.0531 0576 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
17:23:34.0734 0576 sym_u3 - ok
17:23:34.0765 0576 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:23:34.0937 0576 sysaudio - ok
17:23:34.0984 0576 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
17:23:35.0187 0576 SysmonLog - ok
17:23:35.0281 0576 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
17:23:35.0468 0576 TapiSrv - ok
17:23:35.0531 0576 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:23:35.0609 0576 Tcpip - ok
17:23:35.0687 0576 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:23:35.0859 0576 TDPIPE - ok
17:23:35.0890 0576 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:23:36.0062 0576 TDTCP - ok
17:23:36.0109 0576 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:23:36.0296 0576 TermDD - ok
17:23:36.0359 0576 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
17:23:36.0546 0576 TermService - ok
17:23:36.0593 0576 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:23:36.0609 0576 Themes - ok
17:23:36.0656 0576 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\System32\tlntsvr.exe
17:23:36.0843 0576 TlntSvr - ok
17:23:36.0859 0576 TosIde - ok
17:23:36.0906 0576 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
17:23:37.0078 0576 TrkWks - ok
17:23:37.0140 0576 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:23:37.0328 0576 Udfs - ok
17:23:37.0328 0576 ultra - ok
17:23:37.0390 0576 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:23:37.0609 0576 Update - ok
17:23:37.0671 0576 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
17:23:37.0843 0576 upnphost - ok
17:23:37.0875 0576 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
17:23:38.0046 0576 UPS - ok
17:23:38.0093 0576 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
17:23:38.0156 0576 USBAAPL - ok
17:23:38.0187 0576 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
17:23:38.0390 0576 usbaudio - ok
17:23:38.0421 0576 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:23:38.0593 0576 usbccgp - ok
17:23:38.0625 0576 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:23:38.0796 0576 usbehci - ok
17:23:38.0828 0576 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:23:39.0000 0576 usbhub - ok
17:23:39.0046 0576 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:23:39.0218 0576 usbprint - ok
17:23:39.0250 0576 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:23:39.0421 0576 usbscan - ok
17:23:39.0484 0576 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:23:39.0656 0576 USBSTOR - ok
17:23:39.0687 0576 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:23:39.0859 0576 usbuhci - ok
17:23:39.0890 0576 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:23:40.0031 0576 VgaSave - ok
17:23:40.0078 0576 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
17:23:40.0234 0576 ViaIde - ok
17:23:40.0296 0576 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:23:40.0468 0576 VolSnap - ok
17:23:40.0531 0576 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
17:23:40.0781 0576 VSS - ok
17:23:40.0843 0576 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
17:23:41.0015 0576 W32Time - ok
17:23:41.0062 0576 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:23:41.0234 0576 Wanarp - ok
17:23:41.0250 0576 WDICA - ok
17:23:41.0296 0576 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:23:41.0484 0576 wdmaud - ok
17:23:41.0562 0576 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
17:23:41.0750 0576 WebClient - ok
17:23:41.0859 0576 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
17:23:42.0031 0576 winmgmt - ok
17:23:42.0187 0576 WLSetupSvc (94a85e956a065e23e0010a6a7826243b) C:\Program Files\Windows Live\installer\WLSetupSvc.exe
17:23:42.0234 0576 WLSetupSvc - ok
17:23:42.0281 0576 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
17:23:42.0343 0576 WmdmPmSN - ok
17:23:42.0437 0576 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
17:23:42.0500 0576 Wmi - ok
17:23:42.0609 0576 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
17:23:42.0781 0576 WmiApSrv - ok
17:23:42.0890 0576 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
17:23:43.0000 0576 WMPNetworkSvc - ok
17:23:43.0109 0576 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:23:43.0328 0576 WS2IFSL - ok
17:23:43.0359 0576 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
17:23:43.0546 0576 wscsvc - ok
17:23:43.0609 0576 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:23:43.0781 0576 WSTCODEC - ok
17:23:43.0812 0576 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
17:23:43.0984 0576 wuauserv - ok
17:23:44.0031 0576 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:23:44.0093 0576 WudfPf - ok
17:23:44.0125 0576 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
17:23:44.0156 0576 WudfSvc - ok
17:23:44.0234 0576 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
17:23:44.0468 0576 WZCSVC - ok
17:23:44.0531 0576 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
17:23:44.0718 0576 xmlprov - ok
17:23:44.0781 0576 {6080A529-897E-4629-A488-ABA0C29B635E} (3ee36328e860fbf102b54608a055c6be) C:\WINDOWS\system32\drivers\ialmsbw.sys
17:23:44.0828 0576 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
17:23:44.0875 0576 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (17f39a1916733ed228eb46ad67c35426) C:\WINDOWS\system32\drivers\ialmkchw.sys
17:23:44.0921 0576 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
17:23:44.0937 0576 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
17:23:45.0453 0576 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
17:23:45.0453 0576 \Device\Harddisk0\DR0 - detected TDSS File System (1)
17:23:45.0484 0576 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
17:23:46.0000 0576 \Device\Harddisk1\DR1 - ok
17:23:46.0015 0576 Boot (0x1200) (94470a9ba795b89879bcc4d6b282b276) \Device\Harddisk0\DR0\Partition0
17:23:46.0015 0576 \Device\Harddisk0\DR0\Partition0 - ok
17:23:46.0031 0576 Boot (0x1200) (4cadfca791ca63a414e0790bf27b2f15) \Device\Harddisk1\DR1\Partition0
17:23:46.0031 0576 \Device\Harddisk1\DR1\Partition0 - ok
17:23:46.0031 0576 ============================================================
17:23:46.0031 0576 Scan finished
17:23:46.0031 0576 ============================================================
17:23:46.0140 2816 Detected object count: 8
17:23:46.0140 2816 Actual detected object count: 8
17:24:24.0437 2816 adpu320 ( UnsignedFile.Multi.Generic ) - skipped by user
17:24:24.0437 2816 adpu320 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:24:24.0437 2816 CCALib8 ( UnsignedFile.Multi.Generic ) - skipped by user
17:24:24.0437 2816 CCALib8 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:24:24.0437 2816 Halt ( UnsignedFile.Multi.Generic ) - skipped by user
17:24:24.0437 2816 Halt ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:24:24.0437 2816 HaltMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
17:24:24.0437 2816 HaltMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:24:24.0453 2816 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:24:24.0453 2816 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:24:24.0453 2816 SCDEmu ( UnsignedFile.Multi.Generic ) - skipped by user
17:24:24.0453 2816 SCDEmu ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:24:24.0453 2816 Symmpi ( UnsignedFile.Multi.Generic ) - skipped by user
17:24:24.0453 2816 Symmpi ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:24:24.0468 2816 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
17:24:24.0468 2816 \Device\Harddisk0\DR0\TDLFS\rsrc.dat - copied to quarantine
17:24:24.0484 2816 \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
17:24:24.0593 2816 \Device\Harddisk0\DR0\TDLFS\tdlcmd.dll - copied to quarantine
17:24:24.0593 2816 \Device\Harddisk0\DR0\TDLFS - deleted
17:24:24.0593 2816 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete


All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2527309032-1139936588-3641913080-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-2527309032-1139936588-3641913080-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-2527309032-1139936588-3641913080-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktop deleted successfully.
C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk moved successfully.
C:\Documents and Settings\Michelle\Desktop\Data_Recovery.lnk moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Michelle\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Michelle\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Matthew and Caleb
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 406898 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 24684 bytes

User: Michelle
->Temp folder emptied: 116795 bytes
->Temporary Internet Files folder emptied: 14274841 bytes
->Java cache emptied: 616485 bytes
->Flash cache emptied: 103830 bytes

User: NetworkService
->Temp folder emptied: 8782 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes

User: Rick
->Temp folder emptied: 653 bytes
->Temporary Internet Files folder emptied: 10270580 bytes
->Java cache emptied: 274990 bytes
->Google Chrome cache emptied: 557424 bytes
->Flash cache emptied: 388781 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 129728 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 22599 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 26.00 mb

Error creating restore point.

OTL by OldTimer - Version 3.2.50.0 log created on 06282012_172510

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\~DF1A3B.tmp not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\~DF1A41.tmp not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\~DF1A88.tmp not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\~DF1A8E.tmp not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\~DF1AC4.tmp not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\~DF1ACA.tmp not found!
C:\Documents and Settings\Michelle\Local Settings\Temporary Internet Files\Content.IE5\S8RH1F5S\fastbutton[1].htm moved successfully.
C:\Documents and Settings\Michelle\Local Settings\Temporary Internet Files\Content.IE5\NMS2E5Q5\page__st__15__gopid__2172221[1].txt moved successfully.
C:\Documents and Settings\Michelle\Local Settings\Temporary Internet Files\Content.IE5\NMS2E5Q5\search[1].htm moved successfully.
C:\Documents and Settings\Michelle\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...


OTL logfile created on: 6/28/2012 5:32:15 PM - Run 5
OTL by OldTimer - Version 3.2.50.0 Folder = C:\Documents and Settings\Michelle\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 64.29% Memory free
2.09 Gb Paging File | 1.70 Gb Available in Paging File | 81.44% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 10.84 Gb Free Space | 14.55% Space Free | Partition Type: NTFS
Drive E: | 37.26 Gb Total Space | 3.58 Gb Free Space | 9.60% Space Free | Partition Type: FAT32

Computer Name: HOMEPC3 | User Name: Michelle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/20 19:25:28 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michelle\Desktop\OTL.exe
PRC - [2012/05/15 10:06:46 | 000,325,448 | ---- | M] (Smilebox, Inc.) -- C:\Documents and Settings\Michelle\Application Data\Smilebox\SmileboxTray.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/09/19 14:50:22 | 000,993,280 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
PRC - [2008/05/06 18:50:40 | 002,500,096 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\Studio\Bin\SFlyStudio.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/11/03 09:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/08/31 16:44:40 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll
MOD - [2011/08/31 16:44:38 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll
MOD - [2008/05/06 18:50:40 | 002,500,096 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\Studio\Bin\SFlyStudio.exe
MOD - [2008/05/06 18:47:32 | 000,217,600 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\Studio\Bin\mmslideshow.dll
MOD - [2008/05/06 18:46:28 | 000,069,632 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\Studio\Bin\mmopengl.dll
MOD - [2008/05/06 18:46:22 | 000,196,096 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\Studio\Bin\mmphotomgr.dll
MOD - [2008/05/06 18:46:06 | 000,896,000 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\Studio\Bin\mmwindowing.dll
MOD - [2008/05/06 18:44:44 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\Studio\Bin\mmdirectx.dll
MOD - [2008/05/06 18:44:38 | 000,124,416 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\Studio\Bin\mmimgmgr.dll
MOD - [2008/05/06 18:44:28 | 000,598,016 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\Studio\Bin\mmpersist.dll
MOD - [2008/05/06 18:44:10 | 000,060,928 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\Studio\Bin\mmbrowser.dll
MOD - [2008/05/06 18:43:54 | 000,125,952 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\Studio\Bin\mmimglib.dll
MOD - [2008/05/06 18:43:50 | 000,094,208 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\Studio\Bin\mmexiftags.dll
MOD - [2008/05/06 18:43:42 | 000,429,568 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\Studio\Bin\mmcommon.dll
MOD - [2008/05/06 18:43:06 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\Studio\Bin\mmthreading.dll
MOD - [2008/05/06 18:42:52 | 003,146,240 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\Studio\Bin\mmlangres.dll
MOD - [2008/05/05 18:58:16 | 000,383,818 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\Studio\Bin\sqlite3.dll
MOD - [2008/05/05 18:57:52 | 000,151,552 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\Studio\Bin\libexpat.dll
MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/09/16 19:07:27 | 000,051,716 | ---- | M] () -- C:\WINDOWS\system32\pdf995mon.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/03/03 14:53:08 | 000,033,176 | ---- | M] (NOS Microsystems Ltd.) [Disabled | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2007/10/01 15:39:06 | 000,045,056 | ---- | M] ( ) [Disabled | Stopped] -- c:\Program Files\Soccerwinners\Halt\Halt.exe -- (Halt)
SRV - [2007/10/01 15:39:06 | 000,020,480 | ---- | M] ( ) [Disabled | Stopped] -- c:\Program Files\Soccerwinners\Halt\HaltMonitor.exe -- (HaltMonitor)
SRV - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Disabled | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\wATV03nt.sys -- (iAimTV2)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Rick\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)
DRV - [2012/06/27 20:37:03 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{19B62B28-0556-4437-A4FA-3BB0D682AE47}\MpKsl3e251709.sys -- (MpKsl3e251709)
DRV - [2006/05/20 04:15:25 | 000,030,588 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2005/05/27 03:46:22 | 000,913,280 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0) QuickCam IM(PID_08A0)
DRV - [2005/05/27 03:38:00 | 000,007,136 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2005/05/27 03:31:28 | 000,022,016 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2004/08/03 23:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/03 23:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/03 23:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/03 23:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/03 23:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/03 23:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/03 23:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/03 23:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/03 23:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/03 23:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2003/05/15 18:09:32 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2002/04/04 00:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\symmpi.sys -- (Symmpi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com...DT/0409/bl8.asp
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {993686DF-984A-47D9-83CF-F544570F72F3}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{993686DF-984A-47D9-83CF-F544570F72F3}: "URL" = http://www.google.ca...1I7GPEA_enCA304
IE - HKCU\..\SearchScopes\{A586AAFC-3D30-49C0-B007-B18586008F31}: "URL" = http://search.yahoo....ei=utf-8&fr=ie8
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...4&ctid=CT340574
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Documents and Settings\Michelle\Application Data\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\Michelle\Application Data\nprhapengine.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Michelle\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)



O1 HOSTS File: ([2012/06/28 17:25:12 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ShutterflyStudio] C:\Documents and Settings\Michelle\Desktop\Studio\BIN\SFlyStudio.exe ()
O4 - HKCU..\Run: [SmileboxTray] C:\Documents and Settings\Michelle\Application Data\Smilebox\SmileboxTray.exe (Smilebox, Inc.)
O4 - HKCU..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found
O4 - Startup: C:\Documents and Settings\Michelle\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} https://securedoc.sa...wer.com/qp2.cab (QuickPlace Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} http://download.micr...20/pmupd806.exe (MSN Money Charting)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1179431535093 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1180668558656 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterf...ds/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.walmartph...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {C42B23DF-334C-4AD0-9AB4-91FF53D04239} file:///C:/Documents%20and%20Settings/Michelle/Application%20Data/Smilebox/OzDesktopImporter.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} http://www.walmartph...pv2.0.0.12.cab? (Photo Upload Plugin Class)
O16 - DPF: {F8FC1530-0608-11DF-2008-0800200C9A66} https://access.rcsd....ies/instweb.cab (CSD ActiveX Installer)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220 65.87.230.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1DEE6D3E-36FF-49A0-A898-A6C153E5FD93}: DhcpNameServer = 208.67.222.222 208.67.220.220 65.87.230.4
O18 - Protocol\Handler\intu-qt2007 {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll File not found
O18 - Protocol\Handler\intu-qt2008 {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-qt2009 {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files\QuickTax 2009\ic2009pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-tt2010 {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files\TurboTax 2010\ic2010pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-tt2011 {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files\TurboTax 2011\ic2011pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/12/21 06:18:12 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/28 17:25:39 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/06/28 17:22:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Desktop\tdsskiller
[2012/06/27 20:36:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Desktop\RK_Quarantine
[2012/06/27 20:36:46 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Michelle\Desktop\OTL.exe
[2012/06/27 20:30:05 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/06/26 19:58:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/06/26 17:53:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/06/26 17:53:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/06/26 17:53:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/06/26 17:53:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/06/26 17:52:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/23 16:56:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/23 16:56:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/18 21:19:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\My Documents\Copy of K4J Get Moving Games
[2012/06/18 20:29:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Start Menu\Programs\Data Recovery
[2012/06/18 20:26:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Michelle\Recent
[2012/06/06 12:14:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2012/06/03 20:17:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/06/03 20:16:23 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/06/03 20:12:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2012/06/03 20:11:43 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/06/03 20:02:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2012/06/03 20:02:17 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

========== Files - Modified Within 30 Days ==========

[2012/06/28 17:29:42 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/28 17:29:34 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/28 17:29:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/28 17:29:23 | 1601,753,088 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/28 17:25:12 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/06/28 17:07:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/27 20:42:56 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/06/27 20:37:06 | 000,468,718 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/27 20:37:06 | 000,079,142 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/27 20:36:00 | 000,000,308 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\google.url
[2012/06/27 20:35:46 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8194FAB8-47E9-45C7-824B-B5F660D581C0}.job
[2012/06/26 17:36:37 | 001,535,488 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\RogueKiller.exe
[2012/06/25 18:32:23 | 000,000,005 | ---- | M] () -- C:\test.bat
[2012/06/23 13:45:26 | 000,000,244 | ---- | M] () -- C:\sqmnoopt18.sqm
[2012/06/23 13:45:26 | 000,000,232 | ---- | M] () -- C:\sqmdata17.sqm
[2012/06/20 19:25:28 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michelle\Desktop\OTL.exe
[2012/06/13 05:17:05 | 000,356,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/12 21:06:23 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/06 12:14:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/06/03 20:17:24 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/05/31 13:28:02 | 000,149,361 | ---- | M] () -- C:\Documents and Settings\Michelle\My Documents\shiki

========== Files Created - No Company Name ==========

[2012/06/27 20:36:46 | 001,535,488 | ---- | C] () -- C:\Documents and Settings\Michelle\Desktop\RogueKiller.exe
[2012/06/27 20:35:39 | 000,000,308 | ---- | C] () -- C:\Documents and Settings\Michelle\Desktop\google.url
[2012/06/26 17:53:27 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/06/26 17:53:27 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/06/26 17:53:27 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/06/26 17:53:27 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/06/26 17:53:27 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/06/25 18:32:05 | 000,000,005 | ---- | C] () -- C:\test.bat
[2012/06/23 13:45:26 | 000,000,244 | ---- | C] () -- C:\sqmnoopt18.sqm
[2012/06/23 13:45:26 | 000,000,232 | ---- | C] () -- C:\sqmdata17.sqm
[2012/06/22 20:50:01 | 000,001,846 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN Explorer.lnk
[2012/06/22 20:50:01 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/06/22 20:50:01 | 000,001,605 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2012/06/22 20:50:00 | 000,002,387 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Money 2003.lnk
[2012/06/22 20:49:58 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2012/06/22 20:49:58 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/06/21 21:54:35 | 1601,753,088 | -HS- | C] () -- C:\hiberfil.sys
[2012/06/03 20:17:24 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/06/03 19:51:04 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/05/31 13:28:00 | 000,149,361 | ---- | C] () -- C:\Documents and Settings\Michelle\My Documents\shiki
[2011/09/15 22:04:01 | 000,000,129 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/04/02 17:25:14 | 000,080,808 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/09/04 14:50:41 | 000,001,664 | -H-- | C] () -- C:\WINDOWS\lsrslt.ini

========== LOP Check ==========

[2007/06/24 18:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/05/21 20:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2010/04/07 16:48:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2009/02/08 23:23:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2012/05/27 16:20:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2007/07/09 18:40:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
[2010/12/28 23:05:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2008/09/10 21:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Aim
[2007/11/06 21:35:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Canon
[2011/04/12 15:47:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Cisco
[2009/08/31 19:38:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/02/21 12:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Facebook
[2010/05/21 20:56:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\GARMIN
[2010/04/19 10:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\LEGO Company
[2007/07/02 20:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Shutterfly
[2012/06/23 21:50:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Smilebox
[2009/07/11 22:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Template
[2009/11/19 16:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Unity
[2012/06/27 20:35:46 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{8194FAB8-47E9-45C7-824B-B5F660D581C0}.job

========== Purity Check ==========



< End of report >
  • 0

#22
Essexboy
Posted 29 June 2012 - 06:29 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK from the Michelle account run the following and let me know what problems remain on completion

Restore Accessories Program Files Menu

Please download this tool here.

You will need to unzip the tool first.

Once you've unzipped the tool, please double-click on it to run it.

Ensure that the following check boxes are checked (as seen in this image below):

Posted Image


Once they are, click on the Restore button.



Restore Admin Tools Program Files Menu

Please download this tool here.

You will need to unzip the tool first.

Once you've unzipped the tool, please double-click on it to run it.

Click on the Restore Administrative Tools Items button.

As seen in this image below:

Posted Image
  • 0

#23
Rick1974
Posted 29 June 2012 - 09:12 AM

Rick1974

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I ran the two tools but it didn't seems to make a difference.
Attached is a screenshot of the Start Menu.

desktop_img.gif
  • 0

#24
Essexboy
Posted 29 June 2012 - 11:01 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK next trick.. Could you go to this MS Page and run the Fixit about a quarter of the way down. Just press the button, download and run

Let me know if that works
  • 0

#25
Rick1974
Posted 29 June 2012 - 12:32 PM

Rick1974

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Ok, I ran the MS Fix It. Still the same.
I guess if I had to I could create a new user account for her and transfer her stuff over?
  • 0

Advertisements

#26
Essexboy
Posted 29 June 2012 - 12:34 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That would be a quicker option.. Do you know how to do that ?

Meanwhile back at the ranch

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix
  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall
    (Notice the space between the "x" and "/")
    then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#27
Rick1974
Posted 29 June 2012 - 09:05 PM

Rick1974

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I've performed the clean up. I don't anticipate any problems in creating the new user account. Everything else seems to be working as expected.

Thank you so much for helping remove this virus! I really appreciated your timely and detailed instructions.

Rick
  • 0

#28
Essexboy
Posted 30 June 2012 - 05:06 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP