Windows Updater is not working

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages
1
2
→

You cannot start a new topic
This topic is locked

Windows Updater is not working Can't fix

#1 Alaynora

New Member

Group: Members
Posts: 6
Joined: 08-June 11

Posted 08 June 2011 - 10:08 PM

So, a couple of months ago, I started having problems with my laptop. It's running Windows 7 home premium. Lately, it's been refusing to update at all. At first, I didn't realize what was going on since my computer didn't tell me that something wasn't working right. So far, there are approximately 24 updates that won't install. Not all of them are critical updates, however. 12 of them immediately fail, and several error codes pop up. They are: Code 800703F8, Code 80080005, and Code 8007371C. The other 12 apparently succeed to install, but when I restart my computer and it begins to reconfigure the updates, it says that the configuration has failed, and it reverts back. I googled the various codes that the updater gave me, and several different websites told me that I could have hijackware on my computer, which eventually led me to this site. Hopefully you guys can help me, because I certainly have no idea what I'm doing. Computers are beyond me. Also, I'm not sure if I'm posting all of this information correctly, so please forgive me if I look like an idiot, lol.

Here's the DDS report:

.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by Sondra at 21:55:58 on 2011-06-08
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.959.153 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\ProgramData\Boxtools\Toolbox.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
uRun: [Boxoft Tools] "c:\programdata\boxtools\Boxofttoolbox.exe" -autorun
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRunOnce: [NCInstallQueue] rundll32 netman.dll,ProcessQueue
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mife82~1\office12\REFIEBAR.DLL
TCP: DhcpNameServer = 68.87.74.166 68.87.68.166
TCP: Interfaces\{C507AF33-8953-4A44-88DB-F6D4A10E45C0} : DhcpNameServer = 68.87.74.166 68.87.68.166
TCP: Interfaces\{C507AF33-8953-4A44-88DB-F6D4A10E45C0}\2375942554330343 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{C507AF33-8953-4A44-88DB-F6D4A10E45C0}\2457274656E674 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C507AF33-8953-4A44-88DB-F6D4A10E45C0}\449636B6562737F6E684F6D656E45647 : DhcpNameServer = 74.128.19.102 74.128.17.114
TCP: Interfaces\{C507AF33-8953-4A44-88DB-F6D4A10E45C0}\77F6F646075636B65627 : DhcpNameServer = 192.168.2.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\sondra\appdata\roaming\mozilla\firefox\profiles\iuvw83ox.default\
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-1-19 218176]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKslb20ca08c;MpKslb20ca08c;c:\programdata\microsoft\microsoft antimalware\definition updates\{805f5af6-b379-4d25-85ca-bde939e5fdb5}\MpKslb20ca08c.sys [2011-6-8 28752]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2010-10-14 92216]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-19 1343400]
.
=============== Created Last 30 ================
.
2011-06-09 01:32:34 -------- d-----w- C:\!KillBox
2011-06-08 16:42:44 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{805f5af6-b379-4d25-85ca-bde939e5fdb5}\MpKslb20ca08c.sys
2011-06-08 16:42:12 6962000 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{805f5af6-b379-4d25-85ca-bde939e5fdb5}\mpengine.dll
2011-06-08 16:39:07 -------- d-----w- c:\program files\Synaptics
2011-06-08 16:36:44 -------- d-----w- c:\windows\en
2011-06-08 16:32:58 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-06-08 16:29:52 94040 ----a-w- c:\program files\common files\windows live\.cache\49deac201cc25f903\DSETUP.dll
2011-06-08 16:29:52 525656 ----a-w- c:\program files\common files\windows live\.cache\49deac201cc25f903\DXSETUP.exe
2011-06-08 16:29:52 1691480 ----a-w- c:\program files\common files\windows live\.cache\49deac201cc25f903\dsetup32.dll
2011-06-08 16:29:44 94040 ----a-w- c:\program files\common files\windows live\.cache\456f1d001cc25f902\DSETUP.dll
2011-06-08 16:29:44 525656 ----a-w- c:\program files\common files\windows live\.cache\456f1d001cc25f902\DXSETUP.exe
2011-06-08 16:29:44 1691480 ----a-w- c:\program files\common files\windows live\.cache\456f1d001cc25f902\dsetup32.dll
2011-06-08 16:28:46 -------- d-----w- c:\users\sondra\appdata\local\Windows Live
2011-06-08 16:28:44 -------- d-----w- c:\program files\common files\Windows Live
2011-06-08 10:56:30 -------- d-----w- c:\windows\system32\catroot2
2011-06-07 23:58:32 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-06-07 00:41:47 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-06-07 00:33:46 114688 ----a-w- c:\windows\system32\RicohMediadriverVer.dll
2011-06-07 00:33:43 38400 ----a-w- c:\windows\system32\drivers\rixdptsk.sys
2011-06-07 00:33:40 48128 ----a-w- c:\windows\system32\drivers\rimmptsk.sys
2011-06-07 00:33:40 44544 ----a-w- c:\windows\system32\drivers\rimsptsk.sys
2011-06-07 00:33:39 90112 ----a-w- c:\windows\system32\snymsico.dll
2011-06-07 00:33:39 172032 ----a-w- c:\windows\system32\rixdicon.dll
2011-06-02 01:45:49 -------- d-----w- c:\users\sondra\appdata\local\ElevatedDiagnostics
2011-06-02 00:12:58 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2011-06-02 00:10:39 -------- d--h--w- c:\windows\msdownld.tmp
2011-06-02 00:10:32 -------- d-----w- c:\windows\system32\directx
2011-06-01 17:12:26 -------- d-----w- c:\program files\Activision
2011-06-01 01:02:24 217088 ----a-w- c:\program files\common files\installshield\iscript\IScript.dll
2011-06-01 01:02:23 217088 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2011-06-01 01:02:22 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2011-06-01 01:02:22 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2011-06-01 00:47:00 -------- d-----w- c:\program files\Vampire The Masquerade - Redemption
2011-05-21 11:26:24 -------- d-----w- c:\users\sondra\appdata\local\Hewlett-Packard
2011-05-21 11:18:21 -------- d-----w- c:\users\sondra\appdata\roaming\hpqLog
2011-05-21 11:17:30 -------- d-----w- c:\programdata\{23D58E70-3B83-4B83-A227-68770F84F5EC}
2011-05-21 11:16:30 -------- d-----w- C:\swsetup
2011-05-20 22:43:52 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{cc9dc574-e059-45a4-a6c4-214391811e39}\gapaengine.dll
2011-05-16 21:06:16 1090952 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2011-05-16 02:19:51 -------- d-----w- c:\programdata\Boxtools
2011-05-12 19:51:33 -------- d-----w- c:\program files\MSECache
2011-05-10 23:07:58 -------- d-----w- C:\Facade
.
==================== Find3M ====================
.
2011-03-12 11:31:58 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-11 05:40:24 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 05:40:24 1137664 ----a-w- c:\windows\system32\mfc42.dll
.
============= FINISH: 21:57:49.52 ===============

Attached File(s)

ark.txt (2.08K)
Number of downloads: 2
Attach.txt (20.22K)
Number of downloads: 1

#2 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 17 June 2011 - 10:08 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you.

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
Because of this, you must reply within three days failure to reply will result in the topic being closed!
Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.

Link 1 (.exe file)

Link 2 (zipped file)

Link 3 (.rar file)

In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

Double-click on RKUnhookerLE.exe to start the program.
Vista/Windows 7 users right-click and select Run As Administrator.
Click the Report tab, then click Scan.
Check Drivers, Stealth Code, and uncheck the rest.
Click OK.
Wait until it's finished and then go to File > Save Report.
Save the report to your Desktop.
Copy and paste the contents of the report into your next reply.

-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

NEXT:

Running OTL

We need to create a FULL OTL Report

Please download OTL from here:
- Main Mirror
- Mirror
Save it to your desktop.
Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
Change the "Extra Registry" option to "SafeList"
Push the button.
Two reports will open, copy and paste them in a reply here:
- OTL.txt <-- Will be opened
- Extras.txt <-- Will be minimized

NEXT:

Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here

The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#3 Alaynora

New Member

Group: Members
Posts: 6
Joined: 08-June 11

Posted 17 June 2011 - 08:33 PM

Hello, and thanks so much!
Here's the RootKit Unhooker report:

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7600
Number of processors #2
==============================================
>Drivers
==============================================
0x9343F000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 7548928 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 179.67 )
0x82A39000 C:\Windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
0x948F0000 C:\Windows\System32\win32k.sys 2404352 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8722F000 C:\Windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)
0x86E25000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x9023F000 C:\Windows\system32\DRIVERS\athr.sys 1114112 bytes (Atheros Communications, Inc., Atheros Extensible Wireless LAN device driver)
0x93E32000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x87033000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x86A7A000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0x97155000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x9702C000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x86B25000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x86F92000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x8B626000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x8E514000 C:\Windows\system32\DRIVERS\nvm62x32.sys 348160 bytes (NVIDIA Corporation, NVIDIA MCP Networking Function Driver.)
0x8E4C2000 C:\Windows\system32\DRIVERS\rixdptsk.sys 335872 bytes (REDC, RICOH XD SM Driver)
0x97E0C000 C:\Windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)
0x8E5AF000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x94BA0000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x8E42A000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x86C96000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x86BA4000 C:\Windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x8E569000 C:\Windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x90359000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x86A38000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x8B755000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x873A9000 C:\Windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x870EA000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x8B6F7000 C:\Windows\system32\DRIVERS\dtsoftbus01.sys 241664 bytes (DT Soft Ltd, DAEMON Tools Virtual Bus Driver)
0x970FF000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x93F47000 C:\Windows\system32\DRIVERS\SynTP.sys 241664 bytes (Synaptics Incorporated, Synaptics Touchpad Driver)
0x93EE9000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x82A02000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x86D41000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x93B89000 C:\Windows\system32\DRIVERS\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x87155000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x8B680000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x87378000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x87200000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x86F54000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x86C2D000 C:\Windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x86D86000 C:\Windows\system32\DRIVERS\MpFilter.sys 159744 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
0x87198000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x87128000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x86D15000 C:\Windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x970DC000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x93FD3000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x97000000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x8B600000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x86DAD000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x87000000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x8B6B9000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x94B80000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x9039D000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x9713A000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x903B8000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x970B1000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8E484000 C:\Windows\system32\DRIVERS\sdbus.sys 102400 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0x8B7BC000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x93F22000 C:\Windows\system32\DRIVERS\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
0x93FB0000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x93E00000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x93E18000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x93B72000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x86C00000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x86CF6000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x8E4AE000 C:\Windows\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)
0x86A00000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x86F7F000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x903E2000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8B732000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x93F9E000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x8B7E2000 C:\Windows\system32\DRIVERS\amdk8.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x970CA000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x87187000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x93400000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x86D75000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x93BD7000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x86C62000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x86A1F000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8E49D000 C:\Windows\system32\DRIVERS\rimmptsk.sys 69632 bytes (REDC, RICOH SD/MMC Driver)
0x8B6D8000 C:\Windows\system32\DRIVERS\vwififlt.sys 69632 bytes (Microsoft Corporation, Virtual WiFi Filter Driver)
0x93426000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x873F0000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x903D2000 C:\Windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8B745000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x86C86000 C:\Windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x8E475000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8B7D4000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x8B6E9000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x86DE9000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x86CE8000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x86FEF000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x93BBD000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x86B96000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x93F91000 C:\Windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x93BE8000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x93F3A000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x93F84000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0x90200000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x86E09000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x8B7B0000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x93BCB000 C:\Windows\system32\DRIVERS\kbdhid.sys 49152 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x97E6D000 C:\Windows\system32\DRIVERS\NisDrvWFP.sys 49152 bytes (Microsoft Corporation, Microsoft Network Inspection System Driver)
0x871EF000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x86C7B000 C:\Windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver)
0x93FF5000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x86A14000 C:\Windows\system32\mcupdate_AuthenticAMD.dll 45056 bytes (Microsoft Corporation, AMD Microcode Update Library)
0x9341B000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x86DDE000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x93FC8000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x86C17000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x86C57000 C:\Windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x93411000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x97E5D000 C:\Windows\system32\DRIVERS\MpNWMon.sys 40960 bytes (Microsoft Corporation, Network monitor driver)
0x8B7A0000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8B796000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x971EC000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8E420000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0x9034F000 C:\Windows\system32\DRIVERS\vwifibus.sys 40960 bytes (Microsoft Corporation, Virtual WiFi Bus Driver)
0x86D38000 C:\Windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0x97EE3000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0x86D0C000 C:\Windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x97EF5000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x93BF5000 C:\Windows\System32\Drivers\dump_atapi.sys 36864 bytes
0x86E00000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x94B50000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x86C22000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x86BEC000 C:\Windows\system32\DRIVERS\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x86A30000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x86C73000 C:\Windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver)
0x8714D000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80BAA000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x86BF5000 C:\Windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x86E16000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x86DCE000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x86DD6000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x873E8000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x87026000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x86E1E000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x8701F000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x86CE1000 C:\Windows\system32\DRIVERS\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8B6B2000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x8B7AA000 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D67BE469-B2ED-483D-A7BF-8097153CE4D0}\MpKsl536bd0f0.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0x97E67000 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D67BE469-B2ED-483D-A7BF-8097153CE4D0}\MpKsl687298e7.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0x8B7F4000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x8B7F8000 C:\Windows\system32\DRIVERS\cpqbttn.sys 12288 bytes (Hewlett-Packard Company, HP Tablet PC Key Button HID Driver)
0x93E2F000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x93F82000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================

And here's the first OTL report, called OTL.txt:

OTL logfile created on: 6/17/2011 9:18:58 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Sondra\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.93 Mb Total Physical Memory | 269.05 Mb Available Physical Memory | 28.06% Memory free
1.94 Gb Paging File | 1.03 Gb Available in Paging File | 52.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.52 Gb Total Space | 68.67 Gb Free Space | 49.93% Space Free | Partition Type: NTFS
Drive D: | 11.53 Gb Total Space | 1.81 Gb Free Space | 15.69% Space Free | Partition Type: NTFS

Computer Name: SONDRA-MPC | User Name: Sondra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/17 21:17:41 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Sondra\Downloads\OTL.exe
PRC - [2011/05/09 15:15:31 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/01/14 15:19:06 | 002,760,192 | ---- | M] () -- C:\ProgramData\Boxtools\Toolbox.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/10/14 17:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

========== Modules (SafeList) ==========

MOD - [2011/06/17 21:17:41 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Sondra\Downloads\OTL.exe
MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/01/16 16:56:34 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/10/14 17:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Running] -- -- (MpKsl536bd0f0)
DRV - [2011/06/17 21:16:53 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D8724978-B0BE-4029-BF0A-163CD716280A}\MpKsl3b790176.sys -- (MpKsl3b790176)
DRV - [2011/01/19 20:35:36 | 000,218,176 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/10/24 22:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/07/01 18:52:18 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/02/25 00:02:30 | 000,015,544 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2009/10/09 02:37:44 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 18:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/06/25 16:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/25 16:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 16:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/03/06 11:52:00 | 007,545,088 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\S-1-5-21-17941306-4185253609-2510887130-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-17941306-4185253609-2510887130-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-17941306-4185253609-2510887130-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 08 29 7D 7B F7 1F CC 01 [binary data]
IE - HKU\S-1-5-21-17941306-4185253609-2510887130-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/09 15:15:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/09 15:15:42 | 000,000,000 | ---D | M]

[2011/01/16 15:46:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sondra\AppData\Roaming\Mozilla\Extensions
[2011/05/10 15:14:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sondra\AppData\Roaming\Mozilla\Firefox\Profiles\iuvw83ox.default\extensions
[2011/02/17 16:55:28 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Sondra\AppData\Roaming\Mozilla\Firefox\Profiles\iuvw83ox.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2011/05/10 15:14:32 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Sondra\AppData\Roaming\Mozilla\Firefox\Profiles\iuvw83ox.default\extensions\engine@conduit.com
[2011/04/30 21:06:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/06 18:48:11 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) --
[2011/05/09 15:15:30 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/05/09 15:15:36 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKU\S-1-5-21-17941306-4185253609-2510887130-1000..\Run: [Boxoft Tools] C:\ProgramData\Boxtools\Boxofttoolbox.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Expression\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{192eaf65-2423-11e0-b095-001e68443b4a}\Shell - "" = AutoRun
O33 - MountPoints2\{192eaf65-2423-11e0-b095-001e68443b4a}\Shell\AutoRun\command - "" = F:\AUTORUNVAMPIRE.EXE
O33 - MountPoints2\{2500bb0e-45fa-11e0-badc-001e68443b4a}\Shell - "" = AutoRun
O33 - MountPoints2\{2500bb0e-45fa-11e0-badc-001e68443b4a}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{4dae4ba1-7998-11e0-aba8-001e68443b4a}\Shell - "" = AutoRun
O33 - MountPoints2\{4dae4ba1-7998-11e0-aba8-001e68443b4a}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{4ec1d302-82e6-11e0-91ed-001e68443b4a}\Shell - "" = AutoRun
O33 - MountPoints2\{4ec1d302-82e6-11e0-91ed-001e68443b4a}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/08 21:32:34 | 000,000,000 | ---D | C] -- C:\!KillBox
[2011/06/08 12:40:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/06/08 12:39:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/06/08 12:39:07 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2011/06/08 12:36:44 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/06/08 12:35:39 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2011/06/08 12:32:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/06/08 12:30:29 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/06/08 12:28:46 | 000,000,000 | ---D | C] -- C:\Users\Sondra\AppData\Local\Windows Live
[2011/06/08 12:28:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2011/06/08 07:10:13 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/06/08 06:56:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2
[2011/06/07 19:58:32 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2011/06/06 20:41:47 | 000,026,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2011/06/06 20:33:46 | 000,114,688 | ---- | C] (RICOH) -- C:\Windows\System32\RicohMediadriverVer.dll
[2011/06/06 20:33:43 | 000,038,400 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rixdptsk.sys
[2011/06/06 20:33:40 | 000,048,128 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rimmptsk.sys
[2011/06/06 20:33:40 | 000,044,544 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rimsptsk.sys
[2011/06/06 20:33:39 | 000,172,032 | ---- | C] (Ricoh Company,Ltd) -- C:\Windows\System32\rixdicon.dll
[2011/06/06 20:33:39 | 000,090,112 | ---- | C] (Sony Corporation) -- C:\Windows\System32\snymsico.dll
[2011/06/01 21:45:49 | 000,000,000 | ---D | C] -- C:\Users\Sondra\AppData\Local\ElevatedDiagnostics
[2011/06/01 20:13:59 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll
[2011/06/01 20:13:59 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll
[2011/06/01 20:13:58 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll
[2011/06/01 20:13:58 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll
[2011/06/01 20:13:57 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll
[2011/06/01 20:13:55 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll
[2011/06/01 20:13:54 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll
[2011/06/01 20:13:54 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll
[2011/06/01 20:13:51 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2011/06/01 20:13:51 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2011/06/01 20:13:50 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2011/06/01 20:13:50 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2011/06/01 20:13:48 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2011/06/01 20:13:48 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2011/06/01 20:13:48 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2011/06/01 20:13:47 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2011/06/01 20:13:46 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2011/06/01 20:13:45 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2011/06/01 20:13:45 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2011/06/01 20:13:44 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2011/06/01 20:13:44 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2011/06/01 20:13:43 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2011/06/01 20:13:42 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2011/06/01 20:13:42 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2011/06/01 20:13:41 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2011/06/01 20:13:41 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2011/06/01 20:13:40 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2011/06/01 20:13:40 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2011/06/01 20:13:39 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2011/06/01 20:13:38 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2011/06/01 20:13:38 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2011/06/01 20:13:38 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2011/06/01 20:13:37 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2011/06/01 20:13:36 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2011/06/01 20:13:36 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2011/06/01 20:13:36 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2011/06/01 20:13:35 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2011/06/01 20:13:35 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2011/06/01 20:13:34 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2011/06/01 20:13:33 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2011/06/01 20:13:33 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2011/06/01 20:13:32 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2011/06/01 20:13:32 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2011/06/01 20:13:31 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2011/06/01 20:13:31 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2011/06/01 20:13:30 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2011/06/01 20:13:29 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2011/06/01 20:13:28 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2011/06/01 20:13:28 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2011/06/01 20:13:27 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2011/06/01 20:13:27 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2011/06/01 20:13:26 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2011/06/01 20:13:25 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2011/06/01 20:13:24 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2011/06/01 20:13:24 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2011/06/01 20:13:23 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2011/06/01 20:13:22 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2011/06/01 20:13:22 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2011/06/01 20:13:22 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2011/06/01 20:13:21 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2011/06/01 20:13:20 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2011/06/01 20:13:20 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2011/06/01 20:13:20 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2011/06/01 20:13:19 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2011/06/01 20:13:19 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2011/06/01 20:13:18 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2011/06/01 20:13:17 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2011/06/01 20:13:16 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2011/06/01 20:13:16 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2011/06/01 20:13:15 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2011/06/01 20:13:14 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2011/06/01 20:13:13 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2011/06/01 20:13:13 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2011/06/01 20:13:12 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2011/06/01 20:13:12 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2011/06/01 20:13:12 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2011/06/01 20:13:11 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2011/06/01 20:13:10 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2011/06/01 20:13:10 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2011/06/01 20:13:09 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2011/06/01 20:13:08 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2011/06/01 20:13:07 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2011/06/01 20:13:02 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2011/06/01 20:13:00 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2011/06/01 20:13:00 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2011/06/01 20:13:00 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2011/06/01 20:12:58 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2011/06/01 20:12:58 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2011/06/01 20:12:58 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2011/06/01 20:12:56 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2011/06/01 20:12:55 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2011/06/01 20:10:32 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2011/06/01 20:10:24 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Users\Sondra\Desktop\dxwebsetup.exe
[2011/06/01 20:06:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vampire - The Masquerade Bloodlines
[2011/06/01 13:12:26 | 000,000,000 | ---D | C] -- C:\Program Files\Activision
[2011/05/31 21:02:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011/05/31 20:56:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vampire The Masquerade - Redemption
[2011/05/31 20:47:00 | 000,000,000 | ---D | C] -- C:\Program Files\Vampire The Masquerade - Redemption
[2011/05/29 14:42:28 | 000,000,000 | ---D | C] -- C:\Users\Sondra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Boxoft Toolbox
[2011/05/21 07:26:24 | 000,000,000 | ---D | C] -- C:\Users\Sondra\AppData\Local\Hewlett-Packard
[2011/05/21 07:20:52 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011/05/21 07:20:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011/05/21 07:19:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2011/05/21 07:18:22 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2011/05/21 07:18:21 | 000,000,000 | ---D | C] -- C:\Users\Sondra\AppData\Roaming\hpqLog
[2011/05/21 07:17:30 | 000,000,000 | ---D | C] -- C:\ProgramData\{23D58E70-3B83-4B83-A227-68770F84F5EC}
[2011/05/21 07:16:30 | 000,000,000 | ---D | C] -- C:\swsetup
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/17 21:01:04 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/17 21:01:04 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/17 20:52:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/17 20:52:38 | 754,126,848 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/10 19:09:01 | 000,661,918 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/10 19:09:01 | 000,121,714 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/08 21:54:44 | 000,000,156 | ---- | M] () -- C:\Users\Sondra\defogger_reenable
[2011/06/08 17:28:42 | 000,000,134 | ---- | M] () -- C:\Users\Sondra\Desktop\Internet Explorer Troubleshooting.url
[2011/06/08 12:39:20 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2011/06/08 12:12:10 | 000,001,265 | ---- | M] () -- C:\Users\Sondra\Desktop\WindowsUpdate.BAT
[2011/06/01 20:10:26 | 000,288,088 | ---- | M] (Microsoft Corporation) -- C:\Users\Sondra\Desktop\dxwebsetup.exe
[2011/06/01 20:06:54 | 000,001,874 | ---- | M] () -- C:\Users\Public\Desktop\Vampire - The Masquerade Bloodlines.lnk
[2011/06/01 20:06:49 | 000,000,292 | ---- | M] () -- C:\Windows\vtmb.ini
[2011/06/01 13:24:50 | 000,001,169 | ---- | M] () -- C:\Users\Sondra\Desktop\Vampire - The Masquerade Bloodlines - Window.lnk
[2011/06/01 13:24:47 | 000,002,211 | ---- | M] () -- C:\Users\Sondra\Desktop\Vampire - The Masquerade Bloodlines - Archaic.lnk
[2011/06/01 13:24:47 | 000,001,147 | ---- | M] () -- C:\Users\Sondra\Desktop\Vampire - The Masquerade Bloodlines - Fullscreen.lnk
[2011/05/31 21:14:47 | 000,001,011 | ---- | M] () -- C:\Windows\vampire.ini
[2011/05/31 20:56:26 | 000,002,073 | ---- | M] () -- C:\Users\Public\Desktop\Play Vampire The Masquerade - Redemption (CD 2 required).lnk
[2011/05/31 20:46:00 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/05/31 20:46:00 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/05/21 07:20:14 | 000,002,137 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2011/05/20 18:40:13 | 000,033,604 | ---- | M] () -- C:\Users\Sondra\Documents\evidence_crime_scene.rtf
[2011/05/20 18:39:37 | 001,182,086 | ---- | M] () -- C:\Users\Sondra\Documents\The_Reformer.rtf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/08 21:54:15 | 000,000,156 | ---- | C] () -- C:\Users\Sondra\defogger_reenable
[2011/06/08 17:28:42 | 000,000,134 | ---- | C] () -- C:\Users\Sondra\Desktop\Internet Explorer Troubleshooting.url
[2011/06/08 12:39:20 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2011/06/08 12:34:52 | 000,001,251 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/06/08 12:33:38 | 000,001,320 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/06/08 12:12:10 | 000,001,265 | ---- | C] () -- C:\Users\Sondra\Desktop\WindowsUpdate.BAT
[2011/06/01 20:06:54 | 000,001,874 | ---- | C] () -- C:\Users\Public\Desktop\Vampire - The Masquerade Bloodlines.lnk
[2011/06/01 20:06:49 | 000,000,292 | ---- | C] () -- C:\Windows\vtmb.ini
[2011/06/01 13:24:50 | 000,001,169 | ---- | C] () -- C:\Users\Sondra\Desktop\Vampire - The Masquerade Bloodlines - Window.lnk
[2011/06/01 13:24:47 | 000,002,211 | ---- | C] () -- C:\Users\Sondra\Desktop\Vampire - The Masquerade Bloodlines - Archaic.lnk
[2011/06/01 13:24:47 | 000,001,147 | ---- | C] () -- C:\Users\Sondra\Desktop\Vampire - The Masquerade Bloodlines - Fullscreen.lnk
[2011/05/31 20:56:26 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Play Vampire The Masquerade - Redemption (CD 2 required).lnk
[2011/05/31 20:46:11 | 000,001,011 | ---- | C] () -- C:\Windows\vampire.ini
[2011/05/31 20:46:00 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/05/31 20:46:00 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/05/21 07:20:14 | 000,002,137 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2011/05/20 18:40:13 | 000,033,604 | ---- | C] () -- C:\Users\Sondra\Documents\evidence_crime_scene.rtf
[2011/05/20 18:39:37 | 001,182,086 | ---- | C] () -- C:\Users\Sondra\Documents\The_Reformer.rtf
[2011/04/30 21:09:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/01/15 21:15:57 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,294,880 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,661,918 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,121,714 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 1177 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\View Baldur's Gate: Tales of The Sword Coast Readme.lnk

< End of report >

And, lastly, here is the Extras.txt:

OTL Extras logfile created on: 6/17/2011 9:18:58 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Sondra\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.93 Mb Total Physical Memory | 269.05 Mb Available Physical Memory | 28.06% Memory free
1.94 Gb Paging File | 1.03 Gb Available in Paging File | 52.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.52 Gb Total Space | 68.67 Gb Free Space | 49.93% Space Free | Partition Type: NTFS
Drive D: | 11.53 Gb Total Space | 1.81 Gb Free Space | 15.69% Space Free | Partition Type: NTFS

Computer Name: SONDRA-MPC | User Name: Sondra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-17941306-4185253609-2510887130-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F93853-D9D3-4795-A89E-84CCBA0205C9}" = Microsoft IntelliPoint 8.0
"{08DB3902-2CE0-474D-BCE3-0177766CE9F1}" = HP Support Assistant
"{08F8FD7C-44A5-4423-B87C-EBD3D94C9F87}" = Vampire - The Masquerade Bloodlines
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{339C3693-8554-4A25-A664-E0B74D2DFA04}" = Façade
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_WebDesigner_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_WebDesigner_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_WebDesigner_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0026-0000-0000-0000000FF1CE}" = Microsoft Expression Web
"{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{9037FDA8-8383-4B6F-859D-D49C3C625225}" = Microsoft Expression Web Service Pack 1 (SP1)
"{90120000-0026-0409-0000-0000000FF1CE}" = Microsoft Expression Web MUI (English)
"{90120000-0026-0409-0000-0000000FF1CE}_WebDesigner_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_WebDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_WebDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}" = WinZip 15.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F5CC2EF8-20A4-4366-A681-3FE849E65809}" = RICOH Media Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adolix Wallpaper Changer_is1" = Adolix Wallpaper Changer 2.2
"Baldur's Gate" = Baldur's Gate
"CDisplay_is1" = CDisplay 1.8
"DAEMON Tools Lite" = DAEMON Tools Lite
"InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"NVIDIA Drivers" = NVIDIA Drivers
"SBaGen_is1" = SBaGen 1.4.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.7
"WebDesigner" = Microsoft Expression Web
"WinLiveSuite" = Windows Live Essentials
"Wisdom-soft Set up ScreenHunter 5.1 Free" = Wisdom-soft Set up ScreenHunter 5.1 Free

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/15/2011 8:43:50 AM | Computer Name = Sondra-MPC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 2.0.1.4120 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 820 Start
Time: 01cc123238be3cb0 Termination Time: 1732 Application Path: C:\Program Files\Mozilla
Firefox\firefox.exe Report Id: f424ad11-7ef0-11e0-99ff-001e68443b4a

Error - 5/16/2011 12:18:37 AM | Computer Name = Sondra-MPC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 2.0.1.4120 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 810 Start
Time: 01cc132f927499cc Termination Time: 3323 Application Path: C:\Program Files\Mozilla
Firefox\firefox.exe Report Id: 888afea1-7f73-11e0-99ff-001e68443b4a

Error - 5/29/2011 3:36:14 PM | Computer Name = Sondra-MPC | Source = Application Hang | ID = 1002
Description = The program HPSF.exe version 5.1.10.7 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 8d8 Start Time:
01cc1e36bf9a1050 Termination Time: 215 Application Path: C:\Program Files\Hewlett-Packard\HP
Support Framework\HPSF.exe Report Id: e0052d11-8a2a-11e0-ab99-001e68443b4a

Error - 6/1/2011 7:00:22 AM | Computer Name = Sondra-MPC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 2.0.1.4120 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 94c Start
Time: 01cc1cc807660080 Termination Time: 7222 Application Path: C:\Program Files\Mozilla
Firefox\firefox.exe Report Id: 4af79b49-8c3e-11e0-ab99-001e68443b4a

Error - 6/1/2011 7:46:06 PM | Computer Name = Sondra-MPC | Source = VSS | ID = 8194
Description =

Error - 6/1/2011 8:58:18 PM | Computer Name = Sondra-MPC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 2.0.1.4120 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: f04 Start
Time: 01cc20b4dab55220 Termination Time: 557 Application Path: C:\Program Files\Mozilla
Firefox\firefox.exe Report Id: 632b9e75-8cb3-11e0-b291-001e68443b4a

Error - 6/6/2011 8:33:12 PM | Computer Name = Sondra-MPC | Source = VSS | ID = 8194
Description =

Error - 6/6/2011 8:50:56 PM | Computer Name = Sondra-MPC | Source = Application Hang | ID = 1002
Description = The program Skype.exe version 5.3.0.116 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: cf0 Start Time:
01cc249bc4d1db00 Termination Time: 1406 Application Path: C:\Program Files\Skype\Phone\Skype.exe

Report
Id: 2bad84d1-90a0-11e0-a7d5-001e68443b4a

Error - 6/7/2011 7:44:29 PM | Computer Name = Sondra-MPC | Source = Application Error | ID = 1000
Description = Faulting application name: Skype.exe, version: 5.3.0.116, time stamp:
0x4ddea058 Faulting module name: KERNELBASE.dll, version: 6.1.7600.16385, time stamp:
0x4a5bdaae Exception code: 0xe0fafafa Fault offset: 0x00009617 Faulting process id:
0xb58 Faulting application start time: 0x01cc256cb93cc120 Faulting application path:
C:\Program Files\Skype\Phone\Skype.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
Id: 1595b6c0-9160-11e0-9754-001e68443b4a

Error - 6/10/2011 8:27:52 AM | Computer Name = Sondra-MPC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 2.0.1.4120 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: cf4 Start
Time: 01cc2767920e30a0 Termination Time: 2137 Application Path: C:\Program Files\Mozilla
Firefox\firefox.exe Report Id: 00d3ff91-935d-11e0-9a8a-001e68443b4a

[ Hewlett-Packard Events ]
Error - 5/21/2011 7:27:16 AM | Computer Name = Sondra-MPC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051121072642.xml
File not created by asset agent

[ System Events ]
Error - 6/17/2011 8:57:28 PM | Computer Name = Sondra-MPC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 6/17/2011 8:57:33 PM | Computer Name = Sondra-MPC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 6/17/2011 8:57:36 PM | Computer Name = Sondra-MPC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 6/17/2011 8:57:40 PM | Computer Name = Sondra-MPC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 6/17/2011 8:57:45 PM | Computer Name = Sondra-MPC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 6/17/2011 8:57:49 PM | Computer Name = Sondra-MPC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 6/17/2011 8:57:54 PM | Computer Name = Sondra-MPC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 6/17/2011 8:57:59 PM | Computer Name = Sondra-MPC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 6/17/2011 8:58:03 PM | Computer Name = Sondra-MPC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 6/17/2011 8:58:08 PM | Computer Name = Sondra-MPC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

< End of report >

#4 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 18 June 2011 - 09:35 AM

Hi!

Your latest logs are showing me that your Harddrive has a bad block. This may be a sign of your Hard drive failing, and it may be wise for you to backup your data in the event that it should malfunction and stop working unexpectedly.

Follow the instructions in this link here: http://www.w7forums.com/use-chkdsk-check-disk-t448.html for running a chkdsk scan.

NEXT:

OTL Fix

We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox.

:Services
:OTL
DRV - File not found [Kernel | System | Running] -- -- (MpKsl536bd0f0)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O33 - MountPoints2\{192eaf65-2423-11e0-b095-001e68443b4a}\Shell - "" = AutoRun
O33 - MountPoints2\{192eaf65-2423-11e0-b095-001e68443b4a}\Shell\AutoRun\command - "" = F:\AUTORUNVAMPIRE.EXE
O33 - MountPoints2\{2500bb0e-45fa-11e0-badc-001e68443b4a}\Shell - "" = AutoRun
O33 - MountPoints2\{2500bb0e-45fa-11e0-badc-001e68443b4a}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{4dae4ba1-7998-11e0-aba8-001e68443b4a}\Shell - "" = AutoRun
O33 - MountPoints2\{4dae4ba1-7998-11e0-aba8-001e68443b4a}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{4ec1d302-82e6-11e0-91ed-001e68443b4a}\Shell - "" = AutoRun
O33 - MountPoints2\{4ec1d302-82e6-11e0-91ed-001e68443b4a}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
@Alternate Data Stream - 1177 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\View Baldur's Gate: Tales of The Sword Coast Readme.lnk

:Reg

:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:

Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

Please post the C:\ComboFix.txt for further review.

This post has been edited by SweetTech: 18 June 2011 - 09:35 AM

#5 Alaynora

New Member

Group: Members
Posts: 6
Joined: 08-June 11

Posted 18 June 2011 - 06:43 PM

Here's the first report after using OTL:

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Service MpKsl536bd0f0 stopped successfully!
Service MpKsl536bd0f0 deleted successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{192eaf65-2423-11e0-b095-001e68443b4a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{192eaf65-2423-11e0-b095-001e68443b4a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{192eaf65-2423-11e0-b095-001e68443b4a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{192eaf65-2423-11e0-b095-001e68443b4a}\ not found.
File F:\AUTORUNVAMPIRE.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2500bb0e-45fa-11e0-badc-001e68443b4a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2500bb0e-45fa-11e0-badc-001e68443b4a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2500bb0e-45fa-11e0-badc-001e68443b4a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2500bb0e-45fa-11e0-badc-001e68443b4a}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4dae4ba1-7998-11e0-aba8-001e68443b4a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4dae4ba1-7998-11e0-aba8-001e68443b4a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4dae4ba1-7998-11e0-aba8-001e68443b4a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4dae4ba1-7998-11e0-aba8-001e68443b4a}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4ec1d302-82e6-11e0-91ed-001e68443b4a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ec1d302-82e6-11e0-91ed-001e68443b4a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4ec1d302-82e6-11e0-91ed-001e68443b4a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ec1d302-82e6-11e0-91ed-001e68443b4a}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\LaunchU3.exe -a not found.
ADS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\View Baldur's Gate: Tales of The Sword Coast Readme.lnk deleted successfully.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Sondra\Downloads\cmd.bat deleted successfully.
C:\Users\Sondra\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Sondra
->Temp folder emptied: 47384 bytes
->Temporary Internet Files folder emptied: 32246906 bytes
->FireFox cache emptied: 103648369 bytes
->Flash cache emptied: 32681 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11937625 bytes
RecycleBin emptied: 3177263 bytes

Total Files Cleaned = 144.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: Public

User: Sondra
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.24.1 log created on 06182011_190623

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

And here's the second report from ComboFix:

ComboFix 11-06-17.04 - Sondra 06/18/2011 19:15:58.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.959.310 [GMT -4:00]
Running from: c:\users\Sondra\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-05-18 to 2011-06-18 )))))))))))))))))))))))))))))))
.
.
2011-06-18 23:38 . 2011-06-18 23:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-18 23:06 . 2011-06-18 23:06 -------- d-----w- C:\_OTL
2011-06-18 11:58 . 2011-06-18 11:58 -------- d-----w- c:\users\Sondra\AppData\Roaming\Process Hacker 2
2011-06-18 11:37 . 2011-06-18 11:37 -------- d-----w- c:\program files\Process Hacker 2
2011-06-18 01:15 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D8724978-B0BE-4029-BF0A-163CD716280A}\mpengine.dll
2011-06-18 01:14 . 2011-04-27 02:33 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-18 01:14 . 2011-04-29 02:57 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-18 01:14 . 2011-04-29 02:57 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-18 01:14 . 2011-04-29 02:57 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-18 01:14 . 2011-04-25 04:56 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-18 01:14 . 2011-04-25 02:35 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-18 01:14 . 2011-05-03 04:50 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-18 01:14 . 2010-12-18 05:31 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-18 01:13 . 2011-01-17 05:38 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-06-09 01:32 . 2011-06-09 01:32 -------- d-----w- C:\!KillBox
2011-06-08 16:39 . 2011-06-18 11:36 -------- d-----w- c:\program files\Microsoft Silverlight
2011-06-08 16:39 . 2011-06-08 16:39 -------- d-----w- c:\program files\Synaptics
2011-06-08 16:36 . 2011-06-08 16:36 -------- d-----w- c:\windows\en
2011-06-08 16:32 . 2011-06-08 16:32 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-06-08 16:30 . 2011-06-08 16:35 -------- d-----w- c:\program files\Windows Live
2011-06-08 16:28 . 2011-06-08 16:28 -------- d-----w- c:\users\Sondra\AppData\Local\Windows Live
2011-06-08 16:28 . 2011-06-08 16:28 -------- d-----w- c:\program files\Common Files\Windows Live
2011-06-08 10:56 . 2011-06-18 01:13 -------- d-----w- c:\windows\system32\catroot2
2011-06-07 23:58 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-06-07 00:41 . 2011-04-22 19:36 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-06-07 00:33 . 2009-09-09 12:53 114688 ----a-w- c:\windows\system32\RicohMediadriverVer.dll
2011-06-07 00:33 . 2009-06-25 20:25 38400 ----a-w- c:\windows\system32\drivers\rixdptsk.sys
2011-06-07 00:33 . 2009-06-25 20:58 48128 ----a-w- c:\windows\system32\drivers\rimmptsk.sys
2011-06-07 00:33 . 2009-06-25 20:10 44544 ----a-w- c:\windows\system32\drivers\rimsptsk.sys
2011-06-07 00:33 . 2007-07-25 16:48 172032 ----a-w- c:\windows\system32\rixdicon.dll
2011-06-07 00:33 . 2004-09-04 07:00 90112 ----a-w- c:\windows\system32\snymsico.dll
2011-06-02 01:45 . 2011-06-02 01:45 -------- d-----w- c:\users\Sondra\AppData\Local\ElevatedDiagnostics
2011-06-02 00:12 . 2005-05-26 19:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2011-06-01 17:12 . 2011-06-01 17:12 -------- d-----w- c:\program files\Activision
2011-06-01 01:02 . 2011-06-01 17:11 -------- d-----w- c:\program files\Common Files\InstallShield
2011-06-01 00:47 . 2011-06-01 01:07 -------- d-----w- c:\program files\Vampire The Masquerade - Redemption
2011-05-21 11:26 . 2011-05-21 11:26 -------- d-----w- c:\users\Sondra\AppData\Local\Hewlett-Packard
2011-05-21 11:20 . 2011-06-07 00:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2011-05-21 11:19 . 2011-05-21 11:25 -------- d-----w- c:\programdata\Hewlett-Packard
2011-05-21 11:18 . 2011-05-21 11:19 -------- d-----w- c:\program files\Hewlett-Packard
2011-05-21 11:18 . 2011-05-21 11:28 -------- d-----w- c:\users\Sondra\AppData\Roaming\hpqLog
2011-05-21 11:17 . 2011-05-21 11:17 -------- d-----w- c:\programdata\{23D58E70-3B83-4B83-A227-68770F84F5EC}
2011-05-21 11:16 . 2011-06-07 00:32 -------- d-----w- C:\swsetup
2011-05-20 22:43 . 2011-01-16 19:55 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CC9DC574-E059-45A4-A6C4-214391811E39}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-08 16:30 . 2010-06-24 15:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-05-09 20:46 . 2011-01-19 23:37 6962000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-09 19:15 . 2011-05-09 19:15 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Boxoft Tools"="c:\programdata\Boxtools\Boxofttoolbox.exe" [2010-12-15 514048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 92704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-28 1721640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCInstallQueue"="netman.dll" [2009-07-14 280576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKsl027509f4;MpKsl027509f4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9CC26A73-C8D7-4E96-9C98-8F670BD7F435}\MpKsl027509f4.sys [x]
R1 MpKsl167786e6;MpKsl167786e6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8ACD762D-9FE7-4F0E-B656-DCBD7EE35882}\MpKsl167786e6.sys [x]
R1 MpKsl1b10a2f4;MpKsl1b10a2f4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F994AF18-A7AA-48B8-A203-03D6CE9E2082}\MpKsl1b10a2f4.sys [x]
R1 MpKsl1fd267d4;MpKsl1fd267d4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A41B22D6-B7DA-4536-A134-FCA444705B8E}\MpKsl1fd267d4.sys [x]
R1 MpKsl262b9361;MpKsl262b9361;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6AD14993-5A4E-490E-BCDF-330C518B7C30}\MpKsl262b9361.sys [x]
R1 MpKsl272efdcc;MpKsl272efdcc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9CC26A73-C8D7-4E96-9C98-8F670BD7F435}\MpKsl272efdcc.sys [x]
R1 MpKsl2b148c89;MpKsl2b148c89;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4F2E662C-F8FE-44C0-AC5A-14D5B11D052B}\MpKsl2b148c89.sys [x]
R1 MpKsl33f579fe;MpKsl33f579fe;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D4E2EBAC-0022-421D-AECE-851028A11E8F}\MpKsl33f579fe.sys [x]
R1 MpKsl35093f26;MpKsl35093f26;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E40F5F55-175C-4E04-93D1-1BDFD1D77ED0}\MpKsl35093f26.sys [x]
R1 MpKsl3f9409d1;MpKsl3f9409d1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B798CD3A-B774-4ADB-BE74-33A31D360BBD}\MpKsl3f9409d1.sys [x]
R1 MpKsl4358ac55;MpKsl4358ac55;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AD9DAB74-8346-4998-90D1-F034B785428F}\MpKsl4358ac55.sys [x]
R1 MpKsl4dcef7ca;MpKsl4dcef7ca;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B798CD3A-B774-4ADB-BE74-33A31D360BBD}\MpKsl4dcef7ca.sys [x]
R1 MpKsl560ca1be;MpKsl560ca1be;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DB7AAC7F-1E0B-4AFA-9E9E-6FC5BCF53D62}\MpKsl560ca1be.sys [x]
R1 MpKsl5b94a5ed;MpKsl5b94a5ed;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6AD14993-5A4E-490E-BCDF-330C518B7C30}\MpKsl5b94a5ed.sys [x]
R1 MpKsl7349846b;MpKsl7349846b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{47D13895-B402-4254-B467-6C7657D9D80C}\MpKsl7349846b.sys [x]
R1 MpKsl77ea7a33;MpKsl77ea7a33;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4F2E662C-F8FE-44C0-AC5A-14D5B11D052B}\MpKsl77ea7a33.sys [x]
R1 MpKsl7a50cacb;MpKsl7a50cacb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9CC26A73-C8D7-4E96-9C98-8F670BD7F435}\MpKsl7a50cacb.sys [x]
R1 MpKsl805e36a1;MpKsl805e36a1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6710AD1D-8BFB-4A95-A32E-6CFEA11A61B9}\MpKsl805e36a1.sys [x]
R1 MpKsl81891aff;MpKsl81891aff;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A41B22D6-B7DA-4536-A134-FCA444705B8E}\MpKsl81891aff.sys [x]
R1 MpKsl81a6cf58;MpKsl81a6cf58;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B798CD3A-B774-4ADB-BE74-33A31D360BBD}\MpKsl81a6cf58.sys [x]
R1 MpKsl914eca71;MpKsl914eca71;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6AD14993-5A4E-490E-BCDF-330C518B7C30}\MpKsl914eca71.sys [x]
R1 MpKsl9bc61c20;MpKsl9bc61c20;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EBC6A407-43FD-4FC4-8330-B2552DEB0E1B}\MpKsl9bc61c20.sys [x]
R1 MpKsl9c153d73;MpKsl9c153d73;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0D325E46-A400-4408-9850-9E8A1A804323}\MpKsl9c153d73.sys [x]
R1 MpKsl9c23bb72;MpKsl9c23bb72;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DB7AAC7F-1E0B-4AFA-9E9E-6FC5BCF53D62}\MpKsl9c23bb72.sys [x]
R1 MpKsl9d565af5;MpKsl9d565af5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AD9DAB74-8346-4998-90D1-F034B785428F}\MpKsl9d565af5.sys [x]
R1 MpKsl9f7f2877;MpKsl9f7f2877;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{64BF837C-360E-4C9A-8660-00C497C847F3}\MpKsl9f7f2877.sys [x]
R1 MpKsla87ac2d3;MpKsla87ac2d3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E595CBF-B396-483F-A0FC-788A30923EA8}\MpKsla87ac2d3.sys [x]
R1 MpKslad002e6a;MpKslad002e6a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DB7AAC7F-1E0B-4AFA-9E9E-6FC5BCF53D62}\MpKslad002e6a.sys [x]
R1 MpKslb10bdfd8;MpKslb10bdfd8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EBC6A407-43FD-4FC4-8330-B2552DEB0E1B}\MpKslb10bdfd8.sys [x]
R1 MpKslbedd5024;MpKslbedd5024;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{595FCD80-DF71-4453-9276-D2DADA112FB2}\MpKslbedd5024.sys [x]
R1 MpKslbf04fed5;MpKslbf04fed5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{595FCD80-DF71-4453-9276-D2DADA112FB2}\MpKslbf04fed5.sys [x]
R1 MpKslc7cbaf9a;MpKslc7cbaf9a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6AD14993-5A4E-490E-BCDF-330C518B7C30}\MpKslc7cbaf9a.sys [x]
R1 MpKslddf3fae4;MpKslddf3fae4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EBC6A407-43FD-4FC4-8330-B2552DEB0E1B}\MpKslddf3fae4.sys [x]
R1 MpKsle85b587e;MpKsle85b587e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BEB1E7CA-2B1B-4B71-9D01-40143C2D0A8F}\MpKsle85b587e.sys [x]
R1 MpKslf0ccbfb2;MpKslf0ccbfb2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D658DE5C-67B7-4DA4-AB38-5192BC52D159}\MpKslf0ccbfb2.sys [x]
R1 MpKslf18edaa1;MpKslf18edaa1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{26601A48-4EFA-45C8-A01C-B11D73F47EA4}\MpKslf18edaa1.sys [x]
R1 MpKslf521a69f;MpKslf521a69f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D8724978-B0BE-4029-BF0A-163CD716280A}\MpKslf521a69f.sys [x]
R1 MpKslf73eddc7;MpKslf73eddc7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{595FCD80-DF71-4453-9276-D2DADA112FB2}\MpKslf73eddc7.sys [x]
R1 MpKslfeb9f164;MpKslfeb9f164;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EBC6A407-43FD-4FC4-8330-B2552DEB0E1B}\MpKslfeb9f164.sys [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2010-07-01 44432]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-16 1343400]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-01-20 218176]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
.
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Sondra\AppData\Roaming\Mozilla\Firefox\Profiles\iuvw83ox.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{08DB3902-2CE0-474D-BCE3-0177766CE9F1} - c:\program files\InstallShield Installation Information\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-06-18 19:40:59
ComboFix-quarantined-files.txt 2011-06-18 23:40
.
Pre-Run: 71,070,048,256 bytes free
Post-Run: 70,942,216,192 bytes free
.
- - End Of File - - 5F6C2292A1B199FE05B4F2B1F39827EE

#6 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 18 June 2011 - 06:55 PM

Scanning with MalwareBytes' Anti-Malware

Please download Malwarebytes' Anti-Malware (v1.51.0.1200) and save it to your desktop.

Download Link 1

Download Link 2

Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to this Guide.
When the installation begins, follow the prompts and do not make any changes to default settings.
Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
If an update is found, the program will automatically update itself. Press the OK button and continue.
If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
Click on the Scan button.
When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
Make sure that everything is checked and then click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
Exit Malwarebytes' when done.

Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.

NEXT:

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Make sure that the option "Remove found threats" is Unchecked
When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
- Enable Anti-Stealth technology
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

NEXT:

Security Check
Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

#7 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 18 June 2011 - 06:55 PM

Hi!

Please be sure to let me know how things are running in your next reply.

Scanning with MalwareBytes' Anti-Malware

Please download Malwarebytes' Anti-Malware (v1.51.0.1200) and save it to your desktop.

Download Link 1

Download Link 2

Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to this Guide.
When the installation begins, follow the prompts and do not make any changes to default settings.
Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
If an update is found, the program will automatically update itself. Press the OK button and continue.
If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
Click on the Scan button.
When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
Make sure that everything is checked and then click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
Exit Malwarebytes' when done.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Make sure that the option "Remove found threats" is Unchecked
When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
- Enable Anti-Stealth technology
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

NEXT:

Security Check
Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

This post has been edited by SweetTech: 18 June 2011 - 06:56 PM

#8 Alaynora

New Member

Group: Members
Posts: 6
Joined: 08-June 11

Posted 19 June 2011 - 11:50 AM

First of all, I tried updating again, and things have appeared to install without a hitch. A couple of the updates that my computer had me install, however, kept trying to get me to install them over and over again, even though they installed successfully: Security Update for Windows 7 (KB2393802) and Security Update for Windows 7 (KB977165). But now another, apparently unrelated problem has popped up; my laptop is telling me that no audio output device is installed. If it is unrelated, I'll just make a topic in a different area of the forums.
Anyway, here's the Anti-Malware Report:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6892

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

6/18/2011 9:47:16 PM
mbam-log-2011-06-18 (21-47-16).txt

Scan type: Quick scan
Objects scanned: 152627
Time elapsed: 5 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

The ESET online scanner detected no threats at all.

Lastly, the Security Check report:

Results of screen317's Security Check version 0.99.14
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET Online Scanner v3
Microsoft Security Essentials
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Flash Player Out of Date!
Adobe Flash Player 10.2.152.32
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

Thanks for helping!

#9 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 19 June 2011 - 12:23 PM

Please try this:

Running TDSSKiller

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

#10 Alaynora

New Member

Group: Members
Posts: 6
Joined: 08-June 11

Posted 19 June 2011 - 06:05 PM

Here ya go:

2011/06/19 18:59:07.0717 1124 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/19 18:59:09.0729 1124 ================================================================================
2011/06/19 18:59:09.0729 1124 SystemInfo:
2011/06/19 18:59:09.0729 1124
2011/06/19 18:59:09.0729 1124 OS Version: 6.1.7600 ServicePack: 0.0
2011/06/19 18:59:09.0729 1124 Product type: Workstation
2011/06/19 18:59:09.0729 1124 ComputerName: SONDRA-MPC
2011/06/19 18:59:09.0729 1124 UserName: Sondra
2011/06/19 18:59:09.0729 1124 Windows directory: C:\Windows
2011/06/19 18:59:09.0729 1124 System windows directory: C:\Windows
2011/06/19 18:59:09.0729 1124 Processor architecture: Intel x86
2011/06/19 18:59:09.0729 1124 Number of processors: 2
2011/06/19 18:59:09.0729 1124 Page size: 0x1000
2011/06/19 18:59:09.0729 1124 Boot type: Normal boot
2011/06/19 18:59:09.0729 1124 ================================================================================
2011/06/19 18:59:14.0035 1124 Initialize success
2011/06/19 19:01:03.0531 3348 ================================================================================
2011/06/19 19:01:03.0531 3348 Scan started
2011/06/19 19:01:03.0531 3348 Mode: Manual;
2011/06/19 19:01:03.0531 3348 ================================================================================
2011/06/19 19:01:05.0528 3348 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/06/19 19:01:05.0684 3348 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/06/19 19:01:05.0777 3348 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/06/19 19:01:05.0887 3348 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/06/19 19:01:06.0152 3348 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/06/19 19:01:06.0277 3348 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/06/19 19:01:06.0885 3348 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
2011/06/19 19:01:07.0025 3348 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/06/19 19:01:07.0135 3348 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/06/19 19:01:07.0259 3348 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/06/19 19:01:07.0384 3348 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/06/19 19:01:07.0509 3348 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/06/19 19:01:07.0681 3348 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/06/19 19:01:07.0743 3348 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/06/19 19:01:07.0837 3348 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/06/19 19:01:07.0930 3348 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/06/19 19:01:08.0008 3348 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/06/19 19:01:08.0117 3348 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/06/19 19:01:08.0320 3348 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/06/19 19:01:08.0383 3348 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/06/19 19:01:08.0539 3348 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/19 19:01:08.0617 3348 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/06/19 19:01:08.0866 3348 athr (614a60aee03a6151fdcbac295854a9cb) C:\Windows\system32\DRIVERS\athr.sys
2011/06/19 19:01:09.0209 3348 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/06/19 19:01:09.0584 3348 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/06/19 19:01:09.0974 3348 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/06/19 19:01:10.0348 3348 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/06/19 19:01:10.0582 3348 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/19 19:01:10.0832 3348 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/06/19 19:01:11.0113 3348 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/06/19 19:01:11.0770 3348 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/06/19 19:01:12.0172 3348 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/06/19 19:01:12.0490 3348 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/06/19 19:01:13.0106 3348 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/06/19 19:01:13.0254 3348 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/06/19 19:01:13.0824 3348 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/19 19:01:14.0048 3348 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/19 19:01:14.0356 3348 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/06/19 19:01:14.0548 3348 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/06/19 19:01:14.0964 3348 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/19 19:01:15.0130 3348 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/06/19 19:01:15.0424 3348 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/06/19 19:01:15.0697 3348 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/19 19:01:15.0867 3348 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/06/19 19:01:16.0283 3348 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/06/19 19:01:16.0577 3348 dc3d (b6672f62f75fb952d7ae7cb4e80011a9) C:\Windows\system32\DRIVERS\dc3d.sys
2011/06/19 19:01:17.0142 3348 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
2011/06/19 19:01:17.0352 3348 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/06/19 19:01:17.0647 3348 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/06/19 19:01:17.0968 3348 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/06/19 19:01:18.0374 3348 dtsoftbus01 (b672b993207dd5e2f73fcda8c0427b0f) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
2011/06/19 19:01:18.0725 3348 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/19 19:01:19.0783 3348 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/06/19 19:01:20.0646 3348 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/06/19 19:01:21.0269 3348 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/06/19 19:01:21.0657 3348 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/06/19 19:01:21.0894 3348 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/06/19 19:01:22.0350 3348 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/19 19:01:22.0629 3348 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/06/19 19:01:22.0866 3348 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/06/19 19:01:23.0205 3348 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/19 19:01:23.0461 3348 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/06/19 19:01:23.0848 3348 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/06/19 19:01:24.0226 3348 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/19 19:01:24.0639 3348 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/06/19 19:01:25.0039 3348 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/06/19 19:01:25.0409 3348 HBtnKey (c172f0d0329e46513b09e1fc60a27b9d) C:\Windows\system32\DRIVERS\cpqbttn.sys
2011/06/19 19:01:25.0673 3348 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/06/19 19:01:26.0279 3348 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/06/19 19:01:27.0339 3348 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/19 19:01:27.0958 3348 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/06/19 19:01:28.0703 3348 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/06/19 19:01:29.0022 3348 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/06/19 19:01:29.0423 3348 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/19 19:01:29.0911 3348 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/06/19 19:01:30.0477 3348 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/06/19 19:01:30.0780 3348 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/06/19 19:01:30.0969 3348 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/19 19:01:31.0198 3348 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/06/19 19:01:31.0566 3348 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/06/19 19:01:31.0923 3348 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/06/19 19:01:32.0512 3348 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/19 19:01:32.0700 3348 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/19 19:01:32.0990 3348 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/06/19 19:01:33.0230 3348 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/06/19 19:01:33.0585 3348 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/06/19 19:01:34.0430 3348 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/06/19 19:01:35.0129 3348 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/19 19:01:35.0710 3348 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/19 19:01:36.0253 3348 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/19 19:01:36.0661 3348 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/19 19:01:37.0000 3348 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/06/19 19:01:37.0406 3348 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/19 19:01:37.0733 3348 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/06/19 19:01:38.0125 3348 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/06/19 19:01:38.0875 3348 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/06/19 19:01:39.0037 3348 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/06/19 19:01:39.0582 3348 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/06/19 19:01:40.0396 3348 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\Windows\system32\drivers\mbam.sys
2011/06/19 19:01:40.0872 3348 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/06/19 19:01:41.0533 3348 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/06/19 19:01:42.0366 3348 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/06/19 19:01:43.0033 3348 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/19 19:01:43.0223 3348 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/19 19:01:43.0482 3348 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/19 19:01:43.0567 3348 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/06/19 19:01:43.0672 3348 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/06/19 19:01:43.0753 3348 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/06/19 19:01:51.0196 3348 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/06/19 19:01:51.0313 3348 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/19 19:01:51.0477 3348 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/06/19 19:01:51.0579 3348 mrxsmb (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/19 19:01:51.0669 3348 mrxsmb10 (e593d45024a3fdd11e93cc4a6ca91101) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/19 19:01:51.0812 3348 mrxsmb20 (a9f86c82c9cc3b679cc3957e1183a30f) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/19 19:01:52.0131 3348 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/06/19 19:01:52.0228 3348 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/06/19 19:01:52.0332 3348 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/06/19 19:01:52.0371 3348 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/06/19 19:01:52.0453 3348 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/06/19 19:01:52.0601 3348 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/19 19:01:53.0078 3348 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/19 19:01:53.0359 3348 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/06/19 19:01:53.0574 3348 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/06/19 19:01:53.0725 3348 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/19 19:01:53.0803 3348 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/06/19 19:01:53.0881 3348 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/06/19 19:01:54.0216 3348 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/06/19 19:01:54.0585 3348 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/19 19:01:54.0801 3348 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/06/19 19:01:54.0996 3348 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/06/19 19:01:55.0484 3348 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/19 19:01:55.0663 3348 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/19 19:01:55.0739 3348 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/19 19:01:55.0852 3348 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/06/19 19:01:55.0963 3348 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/19 19:01:56.0345 3348 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/19 19:01:56.0701 3348 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/06/19 19:01:56.0783 3348 NisDrv (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/06/19 19:01:56.0920 3348 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/06/19 19:01:57.0103 3348 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/19 19:01:57.0386 3348 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/06/19 19:01:57.0614 3348 NuidFltr (ef2b9a14ec5dd74ade3417faf1b45e16) C:\Windows\system32\DRIVERS\NuidFltr.sys
2011/06/19 19:01:57.0703 3348 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/06/19 19:01:57.0867 3348 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
2011/06/19 19:01:58.0783 3348 nvlddmkm (05b288b25c2ebd9a4e9e5114ae790876) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/06/19 19:01:59.0211 3348 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/06/19 19:01:59.0328 3348 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/06/19 19:01:59.0446 3348 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/06/19 19:01:59.0543 3348 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/19 19:01:59.0770 3348 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/06/19 19:01:59.0849 3348 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/06/19 19:02:00.0019 3348 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/06/19 19:02:00.0139 3348 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/06/19 19:02:00.0180 3348 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/06/19 19:02:00.0245 3348 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/06/19 19:02:00.0296 3348 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/06/19 19:02:00.0358 3348 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/06/19 19:02:00.0546 3348 Point32 (60a044879c4fa76314494f5fddc43b93) C:\Windows\system32\DRIVERS\point32.sys
2011/06/19 19:02:00.0751 3348 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/19 19:02:00.0867 3348 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/06/19 19:02:01.0039 3348 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/19 19:02:01.0293 3348 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/06/19 19:02:01.0576 3348 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/06/19 19:02:01.0830 3348 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/19 19:02:01.0876 3348 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/19 19:02:01.0917 3348 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/06/19 19:02:02.0039 3348 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/19 19:02:02.0312 3348 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/19 19:02:02.0425 3348 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/19 19:02:02.0650 3348 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/19 19:02:02.0738 3348 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/06/19 19:02:02.0814 3348 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/19 19:02:02.0889 3348 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/19 19:02:02.0935 3348 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/06/19 19:02:02.0974 3348 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/06/19 19:02:03.0033 3348 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/06/19 19:02:03.0119 3348 rimmptsk (df672613fbbcd58c38bb0bc2694bcfb0) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/06/19 19:02:03.0171 3348 rimsptsk (9bfb54d3559f2ff7301271d29d383564) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/06/19 19:02:03.0223 3348 rismxdp (dcb87da83cc1010cbc9fc4dc9e395bbc) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/06/19 19:02:03.0382 3348 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/19 19:02:03.0429 3348 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/06/19 19:02:03.0474 3348 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/06/19 19:02:03.0583 3348 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys
2011/06/19 19:02:03.0657 3348 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/19 19:02:03.0753 3348 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/06/19 19:02:03.0800 3348 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/06/19 19:02:03.0856 3348 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/06/19 19:02:03.0945 3348 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/06/19 19:02:03.0978 3348 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/06/19 19:02:04.0036 3348 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/06/19 19:02:04.0378 3348 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/06/19 19:02:05.0158 3348 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/06/19 19:02:05.0506 3348 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/06/19 19:02:05.0668 3348 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/06/19 19:02:06.0300 3348 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/06/19 19:02:07.0426 3348 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/06/19 19:02:07.0623 3348 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
2011/06/19 19:02:07.0723 3348 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/19 19:02:07.0822 3348 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/06/19 19:02:07.0960 3348 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/06/19 19:02:08.0594 3348 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/06/19 19:02:08.0760 3348 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/19 19:02:08.0903 3348 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/06/19 19:02:08.0976 3348 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/19 19:02:09.0085 3348 SynTP (067cb9d745407a8c1b26e89a6a2ce152) C:\Windows\system32\DRIVERS\SynTP.sys
2011/06/19 19:02:09.0617 3348 Tcpip (0158d5e9982e9d6a90dfc802f618e130) C:\Windows\system32\drivers\tcpip.sys
2011/06/19 19:02:09.0851 3348 TCPIP6 (0158d5e9982e9d6a90dfc802f618e130) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/19 19:02:10.0004 3348 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/19 19:02:10.0371 3348 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/06/19 19:02:10.0425 3348 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/06/19 19:02:10.0465 3348 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/19 19:02:10.0498 3348 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/19 19:02:10.0705 3348 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/19 19:02:10.0766 3348 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/19 19:02:10.0816 3348 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/06/19 19:02:10.0875 3348 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/19 19:02:10.0951 3348 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/06/19 19:02:11.0007 3348 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/19 19:02:11.0055 3348 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/06/19 19:02:11.0125 3348 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/19 19:02:11.0179 3348 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/06/19 19:02:11.0213 3348 usbehci (ff32d4f3ec3c68b2ca61782c7964f54e) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/19 19:02:11.0335 3348 usbhub (b0dfc7b484e0ca0c27bda5433b82d94a) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/19 19:02:11.0414 3348 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/06/19 19:02:11.0515 3348 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/19 19:02:11.0575 3348 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/19 19:02:11.0786 3348 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/19 19:02:11.0936 3348 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/06/19 19:02:12.0182 3348 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/19 19:02:12.0289 3348 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/06/19 19:02:12.0394 3348 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/06/19 19:02:12.0835 3348 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/06/19 19:02:12.0916 3348 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/06/19 19:02:12.0985 3348 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/06/19 19:02:13.0072 3348 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/06/19 19:02:13.0176 3348 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/06/19 19:02:13.0262 3348 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/06/19 19:02:13.0405 3348 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/06/19 19:02:13.0449 3348 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/06/19 19:02:13.0518 3348 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/06/19 19:02:13.0605 3348 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/06/19 19:02:13.0675 3348 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/19 19:02:13.0720 3348 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/19 19:02:13.0938 3348 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/06/19 19:02:14.0154 3348 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/19 19:02:14.0577 3348 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/06/19 19:02:14.0636 3348 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/06/19 19:02:15.0143 3348 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/06/19 19:02:15.0408 3348 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/06/19 19:02:15.0657 3348 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/19 19:02:15.0989 3348 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/06/19 19:02:16.0486 3348 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/19 19:02:16.0648 3348 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/06/19 19:02:16.0682 3348 ================================================================================
2011/06/19 19:02:16.0682 3348 Scan finished
2011/06/19 19:02:16.0682 3348 ================================================================================
2011/06/19 19:02:16.0743 1284 Detected object count: 0
2011/06/19 19:02:16.0743 1284 Actual detected object count: 0

#11 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 19 June 2011 - 06:24 PM

Hi!

When did you start noticing this window about Audio devices being missing?

Your SecurityCheck log indicates that your version of Flash Player is outdated. This is a vulnerability that needs to be addressed. Please remove the outdated version of Flash Player and then install the latest version.

OTL Fix

We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox.

:Services
:Files
ipconfig /flushdns /c
:Commands
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:

OTL Custom Scan

We need to run an OTL Custom Scan

Please reopen on your desktop.
Copy and Paste the following code into the textbox.

netsvcs
drivers32
hklm\software\clients\startmenuinternet|command /rs
%USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Push the button.
A report will open. Copy and Paste that report in your next reply.

NEXT:

What outstanding issues (if any) are you still experiencing with your computer?

#12 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 21 June 2011 - 01:43 PM

Hi!

It's been several days since I last posted instructions for you to complete. Do you still require assistance in getting your computer cleaned up?

Please Note: Unless notified in advance, threads with no response in 3 days get closed.

If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave & if there is no contact for that amount of time I will have to assume you have abandoned your topic.

Thanks,
SweetTech.

#13 Alaynora

New Member

Group: Members
Posts: 6
Joined: 08-June 11

Posted 21 June 2011 - 06:19 PM

I'm not really sure when the audio device stopped working. I normally keep my laptop on mute anyway, I only noticed the problem recently because I was attempting to watch something and my laptop alerted me that no audio device was installed. I haven't been experiencing any really bad errors (other than the audio one), but my computer still keeps trying to install those two security updates over and over again. Sorry about not replying in a while, got distracted.

First report:

All processes killed
========== SERVICES/DRIVERS ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Sondra\Desktop\cmd.bat deleted successfully.
C:\Users\Sondra\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Sondra
->Temp folder emptied: 294912 bytes
->Temporary Internet Files folder emptied: 1122827 bytes
->FireFox cache emptied: 53848314 bytes
->Flash cache emptied: 675 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17666 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 53.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: Public

User: Sondra
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.24.1 log created on 06192011_220631

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Second report:

OTL logfile created on: 6/21/2011 7:02:02 PM - Run 2
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Sondra\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.93 Mb Total Physical Memory | 475.73 Mb Available Physical Memory | 49.61% Memory free
1.94 Gb Paging File | 1.08 Gb Available in Paging File | 55.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.52 Gb Total Space | 63.77 Gb Free Space | 46.37% Space Free | Partition Type: NTFS
Drive D: | 11.53 Gb Total Space | 1.81 Gb Free Space | 15.71% Space Free | Partition Type: NTFS
Drive G: | 3.76 Gb Total Space | 0.55 Gb Free Space | 14.63% Space Free | Partition Type: FAT32

Computer Name: SONDRA-MPC | User Name: Sondra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/17 21:17:41 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Sondra\Desktop\OTL.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/05/09 15:15:31 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/01/14 15:19:06 | 002,760,192 | ---- | M] () -- C:\ProgramData\Boxtools\Toolbox.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/10/14 17:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

========== Modules (SafeList) ==========

MOD - [2011/06/17 21:17:41 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Sondra\Desktop\OTL.exe
MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/01/16 16:56:34 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/10/14 17:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/01/19 20:35:36 | 000,218,176 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/10/24 22:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/07/01 18:52:18 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/02/25 00:02:30 | 000,015,544 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2009/10/09 02:37:44 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 18:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/06/25 16:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/25 16:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 16:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/03/06 11:52:00 | 007,545,088 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 08 29 7D 7B F7 1F CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/09 15:15:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/09 15:15:42 | 000,000,000 | ---D | M]

[2011/01/16 15:46:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sondra\AppData\Roaming\Mozilla\Extensions
[2011/05/10 15:14:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sondra\AppData\Roaming\Mozilla\Firefox\Profiles\iuvw83ox.default\extensions
[2011/02/17 16:55:28 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Sondra\AppData\Roaming\Mozilla\Firefox\Profiles\iuvw83ox.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2011/05/10 15:14:32 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Sondra\AppData\Roaming\Mozilla\Firefox\Profiles\iuvw83ox.default\extensions\engine@conduit.com
[2011/04/30 21:06:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/06 18:48:11 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) --
[2011/05/09 15:15:30 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/05/09 15:15:36 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/18 19:06:28 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [Boxoft Tools] C:\ProgramData\Boxtools\Boxofttoolbox.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Expression\Office12\REFIEBAR.DLL (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2011/06/19 21:57:28 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Sondra\Desktop\OTL.exe
[2011/06/18 22:02:31 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/06/18 22:02:11 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Sondra\Desktop\esetsmartinstaller_enu.exe
[2011/06/18 21:40:12 | 000,000,000 | ---D | C] -- C:\Users\Sondra\AppData\Roaming\Malwarebytes
[2011/06/18 21:39:58 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/06/18 21:39:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/18 21:39:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/06/18 21:39:53 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/06/18 21:39:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/18 21:39:07 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Sondra\Desktop\mbam-setup-1.51.0.1200.exe
[2011/06/18 19:41:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/06/18 19:40:23 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/06/18 19:13:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/06/18 19:13:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/06/18 19:13:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/06/18 19:13:48 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/06/18 19:13:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/18 19:12:52 | 004,130,419 | R--- | C] (Swearware) -- C:\Users\Sondra\Desktop\ComboFix.exe
[2011/06/18 19:06:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/18 07:58:06 | 000,000,000 | ---D | C] -- C:\Users\Sondra\AppData\Roaming\Process Hacker 2
[2011/06/18 07:37:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
[2011/06/18 07:37:29 | 000,000,000 | ---D | C] -- C:\Program Files\Process Hacker 2
[2011/06/16 15:28:52 | 001,441,584 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Sondra\Desktop\TDSSKiller.exe
[2011/06/08 21:32:34 | 000,000,000 | ---D | C] -- C:\!KillBox
[2011/06/08 12:40:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/06/08 12:39:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/06/08 12:39:07 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2011/06/08 12:36:44 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/06/08 12:35:39 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2011/06/08 12:32:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/06/08 12:30:29 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/06/08 12:28:46 | 000,000,000 | ---D | C] -- C:\Users\Sondra\AppData\Local\Windows Live
[2011/06/08 12:28:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2011/06/08 07:10:13 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/06/08 06:56:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2
[2011/06/06 20:33:46 | 000,114,688 | ---- | C] (RICOH) -- C:\Windows\System32\RicohMediadriverVer.dll
[2011/06/06 20:33:43 | 000,038,400 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rixdptsk.sys
[2011/06/06 20:33:40 | 000,048,128 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rimmptsk.sys
[2011/06/06 20:33:40 | 000,044,544 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rimsptsk.sys
[2011/06/06 20:33:39 | 000,172,032 | ---- | C] (Ricoh Company,Ltd) -- C:\Windows\System32\rixdicon.dll
[2011/06/01 21:45:49 | 000,000,000 | ---D | C] -- C:\Users\Sondra\AppData\Local\ElevatedDiagnostics
[2011/06/01 20:10:32 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2011/06/01 20:06:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vampire - The Masquerade Bloodlines
[2011/06/01 13:12:26 | 000,000,000 | ---D | C] -- C:\Program Files\Activision
[2011/05/31 21:02:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011/05/31 20:56:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vampire The Masquerade - Redemption
[2011/05/31 20:47:00 | 000,000,000 | ---D | C] -- C:\Program Files\Vampire The Masquerade - Redemption
[2011/05/29 14:42:28 | 000,000,000 | ---D | C] -- C:\Users\Sondra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Boxoft Toolbox

========== Files - Modified Within 30 Days ==========

[2011/06/21 18:08:07 | 000,661,918 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/21 18:08:07 | 000,121,714 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/21 17:25:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/21 15:06:53 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/21 15:06:53 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/21 14:59:26 | 754,126,848 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/19 18:57:06 | 001,309,375 | ---- | M] () -- C:\Users\Sondra\Desktop\tdsskiller.zip
[2011/06/19 12:16:31 | 000,879,123 | ---- | M] () -- C:\Users\Sondra\Desktop\SecurityCheck.exe
[2011/06/18 22:01:38 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Sondra\Desktop\esetsmartinstaller_enu.exe
[2011/06/18 21:39:58 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/18 21:38:15 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Sondra\Desktop\mbam-setup-1.51.0.1200.exe
[2011/06/18 19:11:54 | 004,130,419 | R--- | M] (Swearware) -- C:\Users\Sondra\Desktop\ComboFix.exe
[2011/06/18 19:06:28 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/06/18 12:24:58 | 000,294,880 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/06/18 07:37:31 | 000,001,978 | ---- | M] () -- C:\Users\Sondra\Desktop\Process Hacker 2.lnk
[2011/06/17 21:17:41 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Sondra\Desktop\OTL.exe
[2011/06/16 15:28:52 | 001,441,584 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Sondra\Desktop\TDSSKiller.exe
[2011/06/08 21:54:44 | 000,000,156 | ---- | M] () -- C:\Users\Sondra\defogger_reenable
[2011/06/08 17:28:42 | 000,000,134 | ---- | M] () -- C:\Users\Sondra\Desktop\Internet Explorer Troubleshooting.url
[2011/06/08 12:39:20 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2011/06/08 12:12:10 | 000,001,265 | ---- | M] () -- C:\Users\Sondra\Desktop\WindowsUpdate.BAT
[2011/06/01 20:06:54 | 000,001,874 | ---- | M] () -- C:\Users\Public\Desktop\Vampire - The Masquerade Bloodlines.lnk
[2011/06/01 20:06:49 | 000,000,292 | ---- | M] () -- C:\Windows\vtmb.ini
[2011/06/01 13:24:50 | 000,001,169 | ---- | M] () -- C:\Users\Sondra\Desktop\Vampire - The Masquerade Bloodlines - Window.lnk
[2011/06/01 13:24:47 | 000,002,211 | ---- | M] () -- C:\Users\Sondra\Desktop\Vampire - The Masquerade Bloodlines - Archaic.lnk
[2011/06/01 13:24:47 | 000,001,147 | ---- | M] () -- C:\Users\Sondra\Desktop\Vampire - The Masquerade Bloodlines - Fullscreen.lnk
[2011/05/31 21:14:47 | 000,001,011 | ---- | M] () -- C:\Windows\vampire.ini
[2011/05/31 20:56:26 | 000,002,073 | ---- | M] () -- C:\Users\Public\Desktop\Play Vampire The Masquerade - Redemption (CD 2 required).lnk
[2011/05/31 20:46:00 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/05/31 20:46:00 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/06/19 18:57:55 | 001,309,375 | ---- | C] () -- C:\Users\Sondra\Desktop\tdsskiller.zip
[2011/06/19 12:17:01 | 000,879,123 | ---- | C] () -- C:\Users\Sondra\Desktop\SecurityCheck.exe
[2011/06/18 21:39:58 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/18 19:13:59 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/06/18 19:13:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/06/18 19:13:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/06/18 19:13:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/06/18 19:13:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/06/18 07:37:31 | 000,001,978 | ---- | C] () -- C:\Users\Sondra\Desktop\Process Hacker 2.lnk
[2011/06/08 21:54:15 | 000,000,156 | ---- | C] () -- C:\Users\Sondra\defogger_reenable
[2011/06/08 17:28:42 | 000,000,134 | ---- | C] () -- C:\Users\Sondra\Desktop\Internet Explorer Troubleshooting.url
[2011/06/08 12:39:20 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2011/06/08 12:34:52 | 000,001,251 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/06/08 12:33:38 | 000,001,320 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/06/08 12:12:10 | 000,001,265 | ---- | C] () -- C:\Users\Sondra\Desktop\WindowsUpdate.BAT
[2011/06/01 20:06:54 | 000,001,874 | ---- | C] () -- C:\Users\Public\Desktop\Vampire - The Masquerade Bloodlines.lnk
[2011/06/01 20:06:49 | 000,000,292 | ---- | C] () -- C:\Windows\vtmb.ini
[2011/06/01 13:24:50 | 000,001,169 | ---- | C] () -- C:\Users\Sondra\Desktop\Vampire - The Masquerade Bloodlines - Window.lnk
[2011/06/01 13:24:47 | 000,002,211 | ---- | C] () -- C:\Users\Sondra\Desktop\Vampire - The Masquerade Bloodlines - Archaic.lnk
[2011/06/01 13:24:47 | 000,001,147 | ---- | C] () -- C:\Users\Sondra\Desktop\Vampire - The Masquerade Bloodlines - Fullscreen.lnk
[2011/05/31 20:56:26 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Play Vampire The Masquerade - Redemption (CD 2 required).lnk
[2011/05/31 20:46:11 | 000,001,011 | ---- | C] () -- C:\Windows\vampire.ini
[2011/05/31 20:46:00 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/05/31 20:46:00 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/04/30 21:09:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/01/15 21:15:57 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,294,880 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,661,918 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,121,714 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/01/25 18:31:56 | 000,000,000 | ---D | M] -- C:\Users\Sondra\AppData\Roaming\DAEMON Tools Lite
[2011/06/18 07:58:06 | 000,000,000 | ---D | M] -- C:\Users\Sondra\AppData\Roaming\Process Hacker 2
[2011/06/18 10:53:59 | 000,000,000 | ---D | M] -- C:\Users\Sondra\AppData\Roaming\uTorrent
[2011/06/02 19:27:27 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/05/09 15:15:37 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/05/09 15:15:37 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/05/09 15:15:37 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/05/09 15:15:31 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/05/09 15:15:31 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/05/09 15:15:31 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2010/12/18 01:33:54 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2010/12/18 01:33:54 | 000,673,040 | ---- | M] (Microsoft Corporation)

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-06-21 16:39:52

< End of report >