Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Check, PAwhgclyHsr and System Errors


  • This topic is locked This topic is locked
16 replies to this topic

#1 andrewsaputo

andrewsaputo

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Eugene Oregon
  • Local time:06:05 AM

Posted 30 January 2012 - 02:18 PM

Forgot the detailed message of the problem. I was looking at a site that rates credit cards and my browser shut down and my virus protection software said there was a trojan and removed it. Then my desktop icons disappeared, errors popped up called PAwhgcLyHsr and said that various system files were not working. Microsoft windows wanted to scan the computer. I closed that box and my computer restarted. I tried to use the restore point and it worked for a while but then the virus popped up and put a system check icon on the desktop and ran that program. I did all the steps but GMER didn't allow me to check the top most boxes and said that another script was doing the same operation. Here is my stuff. When I open in safe mode, the start menu at the bottom is gone. Please help. I can barely do anything on the computer. I'm using my Macbook for this.
.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22
Run by Andrew Saputo at 11:00:20 on 2012-01-30
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2013.1090 [GMT -8:00]
.
AV: GFI Software VIPRE *Enabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
SP: GFI Software VIPRE *Enabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: GFI Software VIPRE *Enabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\GFI Software\VIPRE\SBPIMSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\GFI Software\VIPRE\SBAMSvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer provided by Dell
uInternet Settings,ProxyOverride = *.local
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [SBAMTray] "c:\program files\gfi software\vipre\SBAMTray.exe"
mRun: [PAwhgCLyHSr.exe] c:\programdata\PAwhgCLyHSr.exe
mRunOnce: [GrpConv] grpconv -o
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: DisableTaskMgr = 1 (0x1)
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 68.87.69.150 68.87.85.102
TCP: Interfaces\{5F6E6535-4CF7-484F-884D-44FFA3CB735A} : DhcpNameServer = 68.87.69.146 68.87.85.98
TCP: Interfaces\{E27B521A-A228-42E5-9F71-9DF439C9A51E} : DhcpNameServer = 68.87.69.150 68.87.85.102
TCP: Interfaces\{E27B521A-A228-42E5-9F71-9DF439C9A51E}\E4F4 : DhcpNameServer = 10.0.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
IFEO: googleupdater.exe - "c:\program files\tuneup utilities 2011\TUAutoReactivator32.exe"
IFEO: rtnicdiag.exe - "c:\program files\tuneup utilities 2011\TUAutoReactivator32.exe"
IFEO: setup.exe - "c:\program files\tuneup utilities 2011\TUAutoReactivator32.exe"
IFEO: shell.exe - "c:\program files\tuneup utilities 2011\TUAutoReactivator32.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\andrew saputo\appdata\roaming\mozilla\firefox\profiles\6gi2yah6.default\
FF - component: c:\users\andrew saputo\appdata\roaming\idm\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\musicnotes\npmusicn.dll
FF - plugin: c:\program files\musicnotes\NPSibelius.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\andrew saputo\appdata\local\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\users\andrew saputo\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\andrew saputo\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\andrew saputo\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2010-10-18 223864]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-10-26 101112]
R2 SBAMSvc;VIPRE Internet Security;c:\program files\gfi software\vipre\SBAMSvc.exe [2011-11-1 3287472]
R2 SBPIMSvc;SB Recovery Service;c:\program files\gfi software\vipre\SBPIMSvc.exe [2011-11-1 173424]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3ABv.sys [2009-12-10 738304]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2010-10-18 94584]
R3 uwtdipod;uwtdipod;c:\users\andrew~1\appdata\local\temp\uwtdipod.sys [2012-1-30 100864]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-5-31 352656]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9cdf59eebed1d;Google Update Service (gupdate1c9cdf59eebed1d);c:\program files\google\update\GoogleUpdate.exe [2009-5-5 133104]
S2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2011-10-25 89376]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2009-4-25 27648]
S2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-9-9 77816]
S2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2009-5-24 14976]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2011\TuneUpUtilitiesService32.exe [2010-11-23 1483072]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-5-5 133104]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-4-26 112128]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-6-8 15872]
S3 rt70x86;Linksys Home Wireless-G USB Adaptor Driver;c:\windows\system32\drivers\netr70.sys [2009-2-26 299520]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [2010-10-18 94584]
S3 SbHips;SbHips;c:\windows\system32\drivers\sbhips.sys [2010-10-18 93816]
S3 sbwtis;sbwtis;c:\windows\system32\drivers\sbwtis.sys [2011-11-1 72312]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-8 52224]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-7 10064]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-6-13 1343400]
.
=============== Created Last 30 ================
.
2012-01-30 18:20:16 100864 ----a-w- C:\uwtdipod.sys
2012-01-30 18:14:17 347904 ----a-w- c:\programdata\tVUjyVOvjyBegl.exe
2012-01-29 22:43:07 440064 ---ha-w- c:\programdata\PAwhgCLyHSr.exe
2012-01-19 04:03:22 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-19 04:03:22 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-19 04:03:22 314880 ----a-w- c:\windows\system32\webio.dll
2012-01-19 04:03:22 22528 ----a-w- c:\windows\system32\lsass.exe
2012-01-19 04:03:22 224768 ----a-w- c:\windows\system32\schannel.dll
2012-01-19 04:03:22 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-19 04:03:22 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-19 04:03:21 22016 ----a-w- c:\windows\system32\secur32.dll
2012-01-19 04:03:21 15872 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-19 04:03:21 100352 ----a-w- c:\windows\system32\sspicli.dll
2012-01-13 21:12:03 -------- d--h--w- c:\programdata\PDF Writer
2012-01-13 21:12:02 -------- d--h--w- c:\users\andrew saputo\appdata\roaming\PDF Writer
2012-01-13 21:12:02 -------- d--h--w- c:\users\andrew saputo\appdata\local\PDF Writer
2012-01-13 21:10:33 90624 ---ha-w- c:\windows\system32\spool\prtprocs\w32x86\HPZPPWN7.DLL
2012-01-13 21:09:19 227840 ---ha-w- c:\windows\system32\bzFlRdr.dll
2012-01-13 21:09:19 103424 ---ha-w- c:\windows\system32\bzDCT.dll
2012-01-13 21:09:19 -------- d--h--w- c:\program files\common files\Bullzip
2012-01-13 21:09:18 135168 ---ha-w- c:\windows\system32\bzpdfc.dll
2012-01-13 21:09:16 196608 ---ha-w- c:\windows\system32\bzpdf.dll
2012-01-13 21:09:11 -------- d--h--w- c:\program files\Bullzip
2012-01-11 11:09:12 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 11:09:11 67072 ----a-w- c:\windows\system32\packager.dll
2012-01-11 11:09:08 1328128 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 11:09:07 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-01-03 13:10:44 182672 ---ha-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2012-01-03 13:10:44 182672 ---ha-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-11-24 04:25:27 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-11-19 23:38:55 414368 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-05 04:26:03 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 11:06:18.24 ===============

Attached Files


Edited by andrewsaputo, 30 January 2012 - 03:00 PM.


BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:05 AM

Posted 31 January 2012 - 02:45 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. :)

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

It appears you're infected with an infection known as ZeroAccess.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:


NEXT:



Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Please download UnHide.exe by Grinler.

It will unhide folders/files that were set to be hidden by the infection you had.


NEXT:



Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:



Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. TDSSKiller log.
3. Farbar Service Scanner log.
4. OTL.txt & Extras.txt logs.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.


Please let me know how the above scans go.

Kindest Regards,
Agent ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 andrewsaputo

andrewsaputo
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Eugene Oregon
  • Local time:06:05 AM

Posted 02 February 2012 - 01:40 PM

Hello and thanks for your help. Note: I ran a few programs the other day suggested on the "How to remove system check" forum. I ran TDSSKiller, Malwarebytes and one other.

Here is the TDSSKiller Log.

10:30:21.0502 3160 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
10:30:22.0008 3160 ============================================================
10:30:22.0008 3160 Current date / time: 2012/02/02 10:30:22.0008
10:30:22.0008 3160 SystemInfo:
10:30:22.0008 3160
10:30:22.0009 3160 OS Version: 6.1.7601 ServicePack: 1.0
10:30:22.0009 3160 Product type: Workstation
10:30:22.0009 3160 ComputerName: HURLEY
10:30:22.0009 3160 UserName: Andrew Saputo
10:30:22.0009 3160 Windows directory: C:\Windows
10:30:22.0009 3160 System windows directory: C:\Windows
10:30:22.0009 3160 Processor architecture: Intel x86
10:30:22.0009 3160 Number of processors: 2
10:30:22.0009 3160 Page size: 0x1000
10:30:22.0009 3160 Boot type: Normal boot
10:30:22.0009 3160 ============================================================
10:30:23.0301 3160 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:30:23.0306 3160 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:30:23.0388 3160 Drive \Device\Harddisk2\DR2 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:30:23.0401 3160 Drive \Device\Harddisk4\DR4 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:30:23.0449 3160 Drive \Device\Harddisk6\DR6 - Size: 0xE8E0B00000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:30:23.0935 3160 \Device\Harddisk0\DR0:
10:30:23.0935 3160 MBR used
10:30:23.0935 3160 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x1400000
10:30:23.0935 3160 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x141B800, BlocksNum 0x1BD8D000
10:30:23.0935 3160 \Device\Harddisk1\DR1:
10:30:23.0936 3160 MBR used
10:30:23.0936 3160 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
10:30:23.0936 3160 \Device\Harddisk2\DR2:
10:30:23.0936 3160 MBR used
10:30:23.0937 3160 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x575452C2
10:30:23.0937 3160 \Device\Harddisk4\DR4:
10:30:23.0937 3160 MBR used
10:30:23.0937 3160 \Device\Harddisk4\DR4\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E482
10:30:23.0937 3160 \Device\Harddisk6\DR6:
10:30:23.0938 3160 MBR used
10:30:23.0938 3160 \Device\Harddisk6\DR6\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705000
10:30:24.0206 3160 Initialize success
10:30:24.0206 3160 ============================================================
10:30:45.0866 0808 ============================================================
10:30:45.0866 0808 Scan started
10:30:45.0866 0808 Mode: Manual; SigCheck; TDLFS;
10:30:45.0866 0808 ============================================================
10:30:57.0934 0808 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
10:30:58.0798 0808 1394ohci - ok
10:30:58.0955 0808 A3AB (ee5c0ec358b2ce7b73fb154f8b1dbebe) C:\Windows\system32\DRIVERS\A3ABv.sys
10:30:59.0099 0808 A3AB - ok
10:30:59.0186 0808 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
10:30:59.0244 0808 ACPI - ok
10:30:59.0303 0808 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
10:30:59.0451 0808 AcpiPmi - ok
10:30:59.0543 0808 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
10:30:59.0573 0808 adp94xx - ok
10:30:59.0632 0808 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
10:30:59.0659 0808 adpahci - ok
10:30:59.0751 0808 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
10:30:59.0773 0808 adpu320 - ok
10:30:59.0861 0808 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
10:30:59.0982 0808 AFD - ok
10:31:00.0062 0808 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
10:31:00.0080 0808 agp440 - ok
10:31:00.0126 0808 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
10:31:00.0145 0808 aic78xx - ok
10:31:00.0217 0808 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
10:31:00.0253 0808 aliide - ok
10:31:00.0311 0808 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
10:31:00.0329 0808 amdagp - ok
10:31:00.0377 0808 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
10:31:00.0412 0808 amdide - ok
10:31:00.0479 0808 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
10:31:00.0600 0808 AmdK8 - ok
10:31:00.0669 0808 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
10:31:00.0747 0808 AmdPPM - ok
10:31:00.0850 0808 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
10:31:00.0869 0808 amdsata - ok
10:31:00.0909 0808 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
10:31:00.0930 0808 amdsbs - ok
10:31:00.0983 0808 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
10:31:01.0016 0808 amdxata - ok
10:31:01.0077 0808 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
10:31:01.0236 0808 AppID - ok
10:31:01.0343 0808 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
10:31:01.0362 0808 arc - ok
10:31:01.0371 0808 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
10:31:01.0412 0808 arcsas - ok
10:31:01.0436 0808 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
10:31:01.0607 0808 AsyncMac - ok
10:31:01.0677 0808 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
10:31:01.0712 0808 atapi - ok
10:31:01.0783 0808 athr (76bab0c824e2d05b940c4dd40a9b08bf) C:\Windows\system32\DRIVERS\athr.sys
10:31:01.0914 0808 athr - ok
10:31:02.0014 0808 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
10:31:02.0130 0808 b06bdrv - ok
10:31:02.0215 0808 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
10:31:02.0282 0808 b57nd60x - ok
10:31:02.0340 0808 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
10:31:02.0433 0808 Beep - ok
10:31:02.0535 0808 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
10:31:02.0586 0808 blbdrive - ok
10:31:02.0648 0808 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
10:31:02.0762 0808 bowser - ok
10:31:02.0858 0808 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:31:02.0935 0808 BrFiltLo - ok
10:31:02.0982 0808 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:31:03.0068 0808 BrFiltUp - ok
10:31:03.0170 0808 Bridge (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
10:31:03.0250 0808 Bridge - ok
10:31:03.0254 0808 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
10:31:03.0288 0808 BridgeMP - ok
10:31:03.0332 0808 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
10:31:03.0430 0808 Brserid - ok
10:31:03.0515 0808 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
10:31:03.0582 0808 BrSerWdm - ok
10:31:03.0610 0808 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:31:03.0678 0808 BrUsbMdm - ok
10:31:03.0789 0808 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
10:31:03.0852 0808 BrUsbSer - ok
10:31:03.0882 0808 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
10:31:03.0961 0808 BTHMODEM - ok
10:31:04.0097 0808 catchme - ok
10:31:04.0182 0808 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
10:31:04.0256 0808 cdfs - ok
10:31:04.0301 0808 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
10:31:04.0357 0808 cdrom - ok
10:31:04.0454 0808 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
10:31:04.0507 0808 circlass - ok
10:31:04.0562 0808 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
10:31:04.0581 0808 CLFS - ok
10:31:04.0671 0808 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
10:31:04.0744 0808 CmBatt - ok
10:31:04.0776 0808 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
10:31:04.0793 0808 cmdide - ok
10:31:04.0866 0808 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
10:31:04.0954 0808 CNG - ok
10:31:05.0034 0808 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
10:31:05.0052 0808 Compbatt - ok
10:31:05.0112 0808 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
10:31:05.0168 0808 CompositeBus - ok
10:31:05.0179 0808 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
10:31:05.0197 0808 crcdisk - ok
10:31:05.0248 0808 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
10:31:05.0348 0808 CSC - ok
10:31:05.0435 0808 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
10:31:05.0509 0808 DfsC - ok
10:31:05.0596 0808 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
10:31:05.0667 0808 discache - ok
10:31:05.0734 0808 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
10:31:05.0753 0808 Disk - ok
10:31:05.0808 0808 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
10:31:05.0878 0808 Dot4 - ok
10:31:05.0954 0808 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\drivers\Dot4Prt.sys
10:31:06.0006 0808 Dot4Print - ok
10:31:06.0069 0808 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
10:31:06.0122 0808 dot4usb - ok
10:31:06.0206 0808 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
10:31:06.0261 0808 drmkaud - ok
10:31:06.0343 0808 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
10:31:06.0380 0808 DXGKrnl - ok
10:31:06.0540 0808 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
10:31:06.0642 0808 ebdrv - ok
10:31:06.0792 0808 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
10:31:06.0845 0808 elxstor - ok
10:31:06.0879 0808 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
10:31:06.0940 0808 ErrDev - ok
10:31:07.0057 0808 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
10:31:07.0117 0808 exfat - ok
10:31:07.0139 0808 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
10:31:07.0220 0808 fastfat - ok
10:31:07.0342 0808 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
10:31:07.0384 0808 fdc - ok
10:31:07.0437 0808 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
10:31:07.0457 0808 FileInfo - ok
10:31:07.0497 0808 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
10:31:07.0571 0808 Filetrace - ok
10:31:07.0650 0808 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
10:31:07.0692 0808 flpydisk - ok
10:31:07.0751 0808 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
10:31:07.0775 0808 FltMgr - ok
10:31:07.0838 0808 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
10:31:07.0873 0808 FsDepends - ok
10:31:07.0898 0808 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
10:31:07.0915 0808 Fs_Rec - ok
10:31:07.0944 0808 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
10:31:07.0957 0808 fvevol - ok
10:31:08.0043 0808 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:31:08.0079 0808 gagp30kx - ok
10:31:08.0103 0808 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:31:08.0127 0808 GEARAspiWDM - ok
10:31:08.0146 0808 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
10:31:08.0244 0808 hcw85cir - ok
10:31:08.0322 0808 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
10:31:08.0380 0808 HdAudAddService - ok
10:31:08.0424 0808 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
10:31:08.0482 0808 HDAudBus - ok
10:31:08.0590 0808 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
10:31:08.0638 0808 HidBatt - ok
10:31:08.0649 0808 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
10:31:08.0683 0808 HidBth - ok
10:31:08.0692 0808 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
10:31:08.0805 0808 HidIr - ok
10:31:08.0901 0808 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
10:31:08.0924 0808 HidUsb - ok
10:31:08.0975 0808 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
10:31:09.0017 0808 HpSAMD - ok
10:31:09.0104 0808 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
10:31:09.0180 0808 HTTP - ok
10:31:09.0228 0808 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
10:31:09.0243 0808 hwpolicy - ok
10:31:09.0324 0808 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
10:31:09.0396 0808 i8042prt - ok
10:31:09.0455 0808 iaStor (707c1692214b1c290271067197f075f6) C:\Windows\system32\DRIVERS\iaStor.sys
10:31:09.0595 0808 iaStor - ok
10:31:09.0690 0808 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
10:31:09.0716 0808 iaStorV - ok
10:31:09.0798 0808 IDMWFP (499fc110088cc0baf13f57cfa001f49c) C:\Windows\system32\DRIVERS\idmwfp.sys
10:31:09.0824 0808 IDMWFP - ok
10:31:10.0042 0808 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
10:31:10.0797 0808 igfx - ok
10:31:10.0884 0808 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
10:31:10.0921 0808 iirsp - ok
10:31:11.0004 0808 IntcAzAudAddService (9b89f2e3d705651dec1f01033b9d6b24) C:\Windows\system32\drivers\RTKVHDA.sys
10:31:11.0064 0808 IntcAzAudAddService - ok
10:31:11.0151 0808 IntcHdmiAddService (8dab99684cfe8b4ddd5d6d0c5d55fdac) C:\Windows\system32\drivers\IntcHdmi.sys
10:31:11.0242 0808 IntcHdmiAddService - ok
10:31:11.0293 0808 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
10:31:11.0310 0808 intelide - ok
10:31:11.0373 0808 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
10:31:11.0443 0808 intelppm - ok
10:31:11.0511 0808 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:31:11.0581 0808 IpFilterDriver - ok
10:31:11.0670 0808 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
10:31:11.0747 0808 IPMIDRV - ok
10:31:11.0818 0808 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
10:31:11.0893 0808 IPNAT - ok
10:31:11.0966 0808 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
10:31:12.0079 0808 IRENUM - ok
10:31:12.0150 0808 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
10:31:12.0168 0808 isapnp - ok
10:31:12.0207 0808 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
10:31:12.0243 0808 iScsiPrt - ok
10:31:12.0341 0808 JRAID (b07084095f8c03aadb9811c9df14b5e4) C:\Windows\system32\drivers\jraid.sys
10:31:12.0429 0808 JRAID - ok
10:31:12.0481 0808 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
10:31:12.0499 0808 kbdclass - ok
10:31:12.0560 0808 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
10:31:12.0616 0808 kbdhid - ok
10:31:12.0697 0808 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
10:31:12.0716 0808 KSecDD - ok
10:31:12.0766 0808 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
10:31:12.0793 0808 KSecPkg - ok
10:31:12.0852 0808 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
10:31:12.0924 0808 lltdio - ok
10:31:13.0030 0808 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:31:13.0050 0808 LSI_FC - ok
10:31:13.0091 0808 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:31:13.0111 0808 LSI_SAS - ok
10:31:13.0142 0808 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:31:13.0154 0808 LSI_SAS2 - ok
10:31:13.0162 0808 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:31:13.0175 0808 LSI_SCSI - ok
10:31:13.0220 0808 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
10:31:13.0308 0808 luafv - ok
10:31:13.0415 0808 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
10:31:13.0433 0808 megasas - ok
10:31:13.0478 0808 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
10:31:13.0502 0808 MegaSR - ok
10:31:13.0534 0808 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
10:31:13.0604 0808 Modem - ok
10:31:13.0687 0808 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
10:31:13.0705 0808 monitor - ok
10:31:13.0759 0808 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
10:31:13.0777 0808 mouclass - ok
10:31:13.0847 0808 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
10:31:13.0898 0808 mouhid - ok
10:31:13.0958 0808 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
10:31:13.0975 0808 mountmgr - ok
10:31:14.0007 0808 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
10:31:14.0041 0808 mpio - ok
10:31:14.0074 0808 MpKsl0aba5425 - ok
10:31:14.0109 0808 MpKsl10db6195 - ok
10:31:14.0114 0808 MpKsl75ca995a - ok
10:31:14.0120 0808 MpKsl806e0269 - ok
10:31:14.0125 0808 MpKsl8e3e9a10 - ok
10:31:14.0130 0808 MpKsl9337ccf0 - ok
10:31:14.0208 0808 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
10:31:14.0278 0808 mpsdrv - ok
10:31:14.0340 0808 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
10:31:14.0451 0808 MRxDAV - ok
10:31:14.0521 0808 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:31:14.0629 0808 mrxsmb - ok
10:31:14.0678 0808 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:31:14.0739 0808 mrxsmb10 - ok
10:31:14.0808 0808 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:31:14.0833 0808 mrxsmb20 - ok
10:31:14.0877 0808 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
10:31:14.0896 0808 msahci - ok
10:31:14.0964 0808 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
10:31:14.0985 0808 msdsm - ok
10:31:15.0053 0808 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
10:31:15.0136 0808 Msfs - ok
10:31:15.0201 0808 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
10:31:15.0275 0808 mshidkmdf - ok
10:31:15.0353 0808 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
10:31:15.0383 0808 msisadrv - ok
10:31:15.0425 0808 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
10:31:15.0492 0808 MSKSSRV - ok
10:31:15.0556 0808 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
10:31:15.0623 0808 MSPCLOCK - ok
10:31:15.0696 0808 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
10:31:15.0767 0808 MSPQM - ok
10:31:15.0834 0808 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
10:31:15.0854 0808 MsRPC - ok
10:31:15.0903 0808 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
10:31:15.0933 0808 mssmbios - ok
10:31:15.0968 0808 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
10:31:16.0043 0808 MSTEE - ok
10:31:16.0134 0808 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
10:31:16.0205 0808 MTConfig - ok
10:31:16.0273 0808 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
10:31:16.0291 0808 Mup - ok
10:31:16.0352 0808 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
10:31:16.0433 0808 NativeWifiP - ok
10:31:16.0504 0808 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
10:31:16.0533 0808 NDIS - ok
10:31:16.0598 0808 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
10:31:16.0670 0808 NdisCap - ok
10:31:16.0720 0808 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
10:31:16.0792 0808 NdisTapi - ok
10:31:16.0882 0808 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
10:31:16.0957 0808 Ndisuio - ok
10:31:17.0012 0808 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
10:31:17.0068 0808 NdisWan - ok
10:31:17.0128 0808 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
10:31:17.0214 0808 NDProxy - ok
10:31:17.0280 0808 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
10:31:17.0354 0808 NetBIOS - ok
10:31:17.0440 0808 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
10:31:17.0506 0808 NetBT - ok
10:31:17.0581 0808 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
10:31:17.0599 0808 nfrd960 - ok
10:31:17.0686 0808 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
10:31:17.0761 0808 Npfs - ok
10:31:17.0812 0808 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
10:31:17.0879 0808 nsiproxy - ok
10:31:17.0986 0808 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
10:31:18.0026 0808 Ntfs - ok
10:31:18.0120 0808 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
10:31:18.0180 0808 Null - ok
10:31:18.0264 0808 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
10:31:18.0284 0808 nvraid - ok
10:31:18.0334 0808 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
10:31:18.0355 0808 nvstor - ok
10:31:18.0396 0808 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
10:31:18.0435 0808 nv_agp - ok
10:31:18.0477 0808 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
10:31:18.0536 0808 ohci1394 - ok
10:31:18.0625 0808 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
10:31:18.0652 0808 Parport - ok
10:31:18.0699 0808 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
10:31:18.0718 0808 partmgr - ok
10:31:18.0761 0808 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
10:31:18.0827 0808 Parvdm - ok
10:31:18.0894 0808 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
10:31:18.0913 0808 pci - ok
10:31:18.0944 0808 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
10:31:18.0971 0808 pciide - ok
10:31:19.0061 0808 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
10:31:19.0083 0808 pcmcia - ok
10:31:19.0147 0808 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
10:31:19.0166 0808 pcw - ok
10:31:19.0224 0808 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
10:31:19.0312 0808 PEAUTH - ok
10:31:19.0404 0808 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
10:31:19.0479 0808 PptpMiniport - ok
10:31:19.0578 0808 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
10:31:19.0619 0808 Processor - ok
10:31:19.0685 0808 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
10:31:19.0757 0808 Psched - ok
10:31:19.0845 0808 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
10:31:19.0861 0808 PxHelp20 - ok
10:31:19.0931 0808 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
10:31:20.0000 0808 ql2300 - ok
10:31:20.0076 0808 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
10:31:20.0115 0808 ql40xx - ok
10:31:20.0168 0808 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
10:31:20.0222 0808 QWAVEdrv - ok
10:31:20.0293 0808 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
10:31:20.0384 0808 RasAcd - ok
10:31:20.0467 0808 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:31:20.0528 0808 RasAgileVpn - ok
10:31:20.0582 0808 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:31:20.0678 0808 Rasl2tp - ok
10:31:20.0788 0808 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
10:31:20.0876 0808 RasPppoe - ok
10:31:20.0982 0808 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
10:31:21.0050 0808 RasSstp - ok
10:31:21.0107 0808 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
10:31:21.0193 0808 rdbss - ok
10:31:21.0294 0808 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
10:31:21.0320 0808 rdpbus - ok
10:31:21.0349 0808 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:31:21.0415 0808 RDPCDD - ok
10:31:21.0518 0808 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
10:31:21.0616 0808 RDPDR - ok
10:31:21.0640 0808 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
10:31:21.0706 0808 RDPENCDD - ok
10:31:21.0799 0808 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
10:31:21.0836 0808 RDPREFMP - ok
10:31:21.0864 0808 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
10:31:21.0971 0808 RdpVideoMiniport - ok
10:31:22.0053 0808 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
10:31:22.0138 0808 RDPWD - ok
10:31:22.0191 0808 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
10:31:22.0227 0808 rdyboost - ok
10:31:22.0333 0808 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
10:31:22.0387 0808 rspndr - ok
10:31:22.0436 0808 rt70x86 (1117f000f652723b8bece4b8dde29a8c) C:\Windows\system32\DRIVERS\netr70.sys
10:31:22.0812 0808 rt70x86 - ok
10:31:22.0906 0808 RTL8169 (2fc33077f85d7dc0d03678c06d43898c) C:\Windows\system32\DRIVERS\Rtlh86.sys
10:31:23.0003 0808 RTL8169 - ok
10:31:23.0075 0808 RtNdPt60 (7f8d15ee000577be703537849d4f9397) C:\Windows\system32\DRIVERS\RtNdPt60.sys
10:31:23.0175 0808 RtNdPt60 - ok
10:31:23.0220 0808 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
10:31:23.0331 0808 s3cap - ok
10:31:23.0390 0808 sbapifs (a0bb2fb6749e357d4342e1eabaaea79e) C:\Windows\system32\DRIVERS\sbapifs.sys
10:31:23.0440 0808 sbapifs - ok
10:31:23.0560 0808 SbFw (86611af933b69798b580576adad2cea5) C:\Windows\system32\drivers\SbFw.sys
10:31:23.0580 0808 SbFw - ok
10:31:23.0609 0808 SBFWIMCL (1dcad90cc9c0ddc7d060fd97854f8518) C:\Windows\system32\DRIVERS\sbfwim.sys
10:31:23.0637 0808 SBFWIMCL - ok
10:31:23.0647 0808 SBFWIMCLMP (1dcad90cc9c0ddc7d060fd97854f8518) C:\Windows\system32\DRIVERS\SBFWIM.sys
10:31:23.0656 0808 SBFWIMCLMP - ok
10:31:23.0682 0808 SbHips (2b5798dcb705eed80231d37688788e09) C:\Windows\system32\drivers\sbhips.sys
10:31:23.0720 0808 SbHips - ok
10:31:23.0799 0808 SBKUPNT (729248b54aff21e740054acebfdbcb1c) C:\Windows\system32\Drivers\SBKUPNT.SYS
10:31:23.0838 0808 SBKUPNT ( UnsignedFile.Multi.Generic ) - warning
10:31:23.0838 0808 SBKUPNT - detected UnsignedFile.Multi.Generic (1)
10:31:23.0875 0808 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
10:31:23.0895 0808 sbp2port - ok
10:31:23.0991 0808 SBRE (1fd538c4feb36b793d2121f20bbdc16f) C:\Windows\system32\drivers\SBREdrv.sys
10:31:24.0007 0808 SBRE - ok
10:31:24.0024 0808 sbwtis (e94334aad501bb93275c0bcd92ddd3a6) C:\Windows\system32\DRIVERS\sbwtis.sys
10:31:24.0040 0808 sbwtis - ok
10:31:24.0064 0808 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
10:31:24.0102 0808 scfilter - ok
10:31:24.0124 0808 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
10:31:24.0192 0808 secdrv - ok
10:31:24.0292 0808 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
10:31:24.0316 0808 Serenum - ok
10:31:24.0354 0808 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
10:31:24.0419 0808 Serial - ok
10:31:24.0509 0808 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
10:31:24.0563 0808 sermouse - ok
10:31:24.0636 0808 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
10:31:24.0695 0808 sffdisk - ok
10:31:24.0780 0808 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
10:31:24.0816 0808 sffp_mmc - ok
10:31:24.0825 0808 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
10:31:24.0869 0808 sffp_sd - ok
10:31:24.0916 0808 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
10:31:24.0961 0808 sfloppy - ok
10:31:25.0083 0808 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
10:31:25.0100 0808 sisagp - ok
10:31:25.0113 0808 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:31:25.0138 0808 SiSRaid2 - ok
10:31:25.0159 0808 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
10:31:25.0171 0808 SiSRaid4 - ok
10:31:25.0220 0808 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
10:31:25.0264 0808 Smb - ok
10:31:25.0317 0808 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
10:31:25.0328 0808 spldr - ok
10:31:25.0382 0808 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
10:31:25.0494 0808 srv - ok
10:31:25.0539 0808 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
10:31:25.0611 0808 srv2 - ok
10:31:25.0683 0808 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
10:31:25.0736 0808 srvnet - ok
10:31:25.0815 0808 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
10:31:25.0833 0808 stexstor - ok
10:31:25.0856 0808 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
10:31:25.0872 0808 storflt - ok
10:31:25.0918 0808 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
10:31:25.0929 0808 storvsc - ok
10:31:25.0980 0808 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
10:31:25.0995 0808 swenum - ok
10:31:26.0038 0808 Synth3dVsc - ok
10:31:26.0093 0808 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
10:31:26.0157 0808 Tcpip - ok
10:31:26.0213 0808 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
10:31:26.0265 0808 TCPIP6 - ok
10:31:26.0332 0808 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
10:31:26.0408 0808 tcpipreg - ok
10:31:26.0481 0808 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
10:31:26.0560 0808 TDPIPE - ok
10:31:26.0620 0808 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
10:31:26.0686 0808 TDTCP - ok
10:31:26.0755 0808 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
10:31:26.0843 0808 tdx - ok
10:31:26.0905 0808 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
10:31:26.0923 0808 TermDD - ok
10:31:26.0983 0808 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:31:27.0053 0808 tssecsrv - ok
10:31:27.0108 0808 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
10:31:27.0204 0808 TsUsbFlt - ok
10:31:27.0263 0808 tsusbhub - ok
10:31:27.0341 0808 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
10:31:27.0355 0808 TuneUpUtilitiesDrv - ok
10:31:27.0442 0808 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
10:31:27.0515 0808 tunnel - ok
10:31:27.0568 0808 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
10:31:27.0587 0808 uagp35 - ok
10:31:27.0662 0808 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
10:31:27.0744 0808 udfs - ok
10:31:27.0803 0808 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
10:31:27.0844 0808 uliagpkx - ok
10:31:27.0929 0808 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
10:31:27.0996 0808 umbus - ok
10:31:28.0043 0808 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
10:31:28.0094 0808 UmPass - ok
10:31:28.0201 0808 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
10:31:28.0277 0808 USBAAPL - ok
10:31:28.0358 0808 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
10:31:28.0413 0808 usbaudio - ok
10:31:28.0457 0808 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
10:31:28.0501 0808 usbccgp - ok
10:31:28.0573 0808 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
10:31:28.0600 0808 usbcir - ok
10:31:28.0630 0808 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
10:31:28.0681 0808 usbehci - ok
10:31:28.0772 0808 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
10:31:28.0811 0808 usbhub - ok
10:31:28.0829 0808 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
10:31:28.0870 0808 usbohci - ok
10:31:28.0970 0808 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
10:31:29.0035 0808 usbprint - ok
10:31:29.0111 0808 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:31:29.0222 0808 USBSTOR - ok
10:31:29.0288 0808 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
10:31:29.0358 0808 usbuhci - ok
10:31:29.0439 0808 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
10:31:29.0458 0808 vdrvroot - ok
10:31:29.0527 0808 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
10:31:29.0581 0808 vga - ok
10:31:29.0644 0808 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
10:31:29.0712 0808 VgaSave - ok
10:31:29.0779 0808 VGPU - ok
10:31:29.0811 0808 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
10:31:29.0833 0808 vhdmp - ok
10:31:29.0877 0808 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
10:31:29.0897 0808 viaagp - ok
10:31:29.0944 0808 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
10:31:29.0999 0808 ViaC7 - ok
10:31:30.0064 0808 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
10:31:30.0081 0808 viaide - ok
10:31:30.0137 0808 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
10:31:30.0160 0808 vmbus - ok
10:31:30.0177 0808 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
10:31:30.0233 0808 VMBusHID - ok
10:31:30.0302 0808 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
10:31:30.0321 0808 volmgr - ok
10:31:30.0397 0808 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
10:31:30.0417 0808 volmgrx - ok
10:31:30.0461 0808 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
10:31:30.0476 0808 volsnap - ok
10:31:30.0530 0808 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
10:31:30.0551 0808 vsmraid - ok
10:31:30.0596 0808 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
10:31:30.0639 0808 vwifibus - ok
10:31:30.0728 0808 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
10:31:30.0783 0808 WacomPen - ok
10:31:30.0849 0808 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
10:31:30.0918 0808 WANARP - ok
10:31:30.0922 0808 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
10:31:30.0951 0808 Wanarpv6 - ok
10:31:31.0037 0808 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
10:31:31.0063 0808 Wd - ok
10:31:31.0119 0808 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
10:31:31.0150 0808 Wdf01000 - ok
10:31:31.0200 0808 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
10:31:31.0248 0808 WfpLwf - ok
10:31:31.0288 0808 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
10:31:31.0299 0808 WIMMount - ok
10:31:31.0332 0808 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
10:31:31.0380 0808 WinUsb - ok
10:31:31.0444 0808 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
10:31:31.0514 0808 WmiAcpi - ok
10:31:31.0613 0808 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
10:31:31.0681 0808 ws2ifsl - ok
10:31:31.0776 0808 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
10:31:31.0847 0808 WudfPf - ok
10:31:31.0918 0808 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:31:31.0994 0808 WUDFRd - ok
10:31:32.0043 0808 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:31:32.0169 0808 \Device\Harddisk0\DR0 - ok
10:31:32.0173 0808 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
10:31:32.0270 0808 \Device\Harddisk1\DR1 - ok
10:31:32.0274 0808 MBR (0x1B8) (8ff255184f078c9c04e6a2ce66117c5c) \Device\Harddisk2\DR2
10:31:32.0379 0808 \Device\Harddisk2\DR2 - ok
10:31:32.0385 0808 MBR (0x1B8) (35c6b2fcde68facbefe0a4a7200bae58) \Device\Harddisk4\DR4
10:31:34.0443 0808 \Device\Harddisk4\DR4 - ok
10:31:34.0448 0808 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk6\DR6
10:31:35.0023 0808 \Device\Harddisk6\DR6 - ok
10:31:35.0044 0808 Boot (0x1200) (c39116f593ad5d5ee397814cee4c2484) \Device\Harddisk0\DR0\Partition0
10:31:35.0044 0808 \Device\Harddisk0\DR0\Partition0 - ok
10:31:35.0048 0808 Boot (0x1200) (2ab9b13eb290d9b67855647d8c8b3997) \Device\Harddisk0\DR0\Partition1
10:31:35.0049 0808 \Device\Harddisk0\DR0\Partition1 - ok
10:31:35.0054 0808 Boot (0x1200) (d42f8af7051a81cfcae71eddf91bed5d) \Device\Harddisk1\DR1\Partition0
10:31:35.0055 0808 \Device\Harddisk1\DR1\Partition0 - ok
10:31:35.0059 0808 Boot (0x1200) (d210e3d1f7a17bef8e6b692f6bc47595) \Device\Harddisk2\DR2\Partition0
10:31:35.0061 0808 \Device\Harddisk2\DR2\Partition0 - ok
10:31:35.0065 0808 Boot (0x1200) (827c3dc8236326cface2ef3c7535bd0f) \Device\Harddisk4\DR4\Partition0
10:31:35.0069 0808 \Device\Harddisk4\DR4\Partition0 - ok
10:31:35.0073 0808 Boot (0x1200) (bec5a26923a467a5a2ed44f76683b480) \Device\Harddisk6\DR6\Partition0
10:31:35.0075 0808 \Device\Harddisk6\DR6\Partition0 - ok
10:31:35.0075 0808 ============================================================
10:31:35.0076 0808 Scan finished
10:31:35.0076 0808 ============================================================
10:31:35.0088 3720 Detected object count: 1
10:31:35.0088 3720 Actual detected object count: 1
10:31:50.0332 3720 SBKUPNT ( UnsignedFile.Multi.Generic ) - skipped by user
10:31:50.0332 3720 SBKUPNT ( UnsignedFile.Multi.Generic ) - User select action: Skip


Here is the FSS log:

Farbar Service Scanner Version: 01-02-2012 03
Ran by Andrew Saputo (administrator) on 02-02-2012 at 10:34:18
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll
[2011-06-08 18:41] - [2010-11-20 04:18] - 0254464 ____A (Microsoft Corporation)

C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

I will post another reply when OTL is finished.

#4 andrewsaputo

andrewsaputo
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Eugene Oregon
  • Local time:06:05 AM

Posted 02 February 2012 - 03:57 PM

I ran the OTL twice. Both times it became stuck on "Getting Drive Info". Nothing ever happened...

#5 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:05 AM

Posted 03 February 2012 - 02:04 AM

Can you attempt to run OTL in Safe Mode and see if you have better luck running it there?

If not, please run a new scan with DDS and post the log file it produces in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#6 andrewsaputo

andrewsaputo
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Eugene Oregon
  • Local time:06:05 AM

Posted 03 February 2012 - 04:56 AM

Here is the OTL Log:

OTL logfile created on: 2/3/2012 1:45:44 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Andrew Saputo\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 66.62% Memory free
3.93 Gb Paging File | 3.30 Gb Available in Paging File | 83.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 25.68 Gb Free Space | 11.53% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.70 Gb Free Space | 46.99% Space Free | Partition Type: NTFS
Drive F: | 149.00 Gb Total Space | 12.82 Gb Free Space | 8.61% Space Free | Partition Type: FAT32
Drive H: | 465.76 Gb Total Space | 47.09 Gb Free Space | 10.11% Space Free | Partition Type: NTFS
Drive I: | 698.64 Gb Total Space | 71.68 Gb Free Space | 10.26% Space Free | Partition Type: NTFS
Drive J: | 931.51 Gb Total Space | 845.46 Gb Free Space | 90.76% Space Free | Partition Type: NTFS
Drive K: | 74.53 Gb Total Space | 11.03 Gb Free Space | 14.80% Space Free | Partition Type: NTFS

Computer Name: HURLEY | User Name: Andrew Saputo | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/02 10:34:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew Saputo\Desktop\OTL.exe
PRC - [2011/11/01 00:41:00 | 000,173,424 | ---- | M] (GFI Software) -- C:\Program Files\GFI Software\VIPRE\SBPIMSvc.exe
PRC - [2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 04:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\userinit.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/01 00:41:20 | 003,287,472 | ---- | M] (GFI Software) [Auto | Stopped] -- C:\Program Files\GFI Software\VIPRE\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/11/01 00:41:00 | 000,173,424 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files\GFI Software\VIPRE\SBPIMSvc.exe -- (SBPIMSvc)
SRV - [2011/06/13 12:33:01 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/04/21 15:54:38 | 000,352,656 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2010/11/23 08:13:50 | 001,483,072 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/11/23 08:11:36 | 000,029,504 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009/12/22 02:13:43 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 17:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 17:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/12/04 09:00:26 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV - [2012/01/26 16:48:06 | 000,091,936 | ---- | M] (Tonec Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP)
DRV - [2011/11/01 00:08:14 | 000,093,816 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sbhips.sys -- (SbHips)
DRV - [2011/11/01 00:08:14 | 000,072,312 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sbwtis.sys -- (sbwtis)
DRV - [2011/11/01 00:08:12 | 000,223,864 | ---- | M] (GFI Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\SbFw.sys -- (SbFw)
DRV - [2011/10/26 15:40:02 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/09/29 13:19:02 | 000,094,584 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV - [2011/09/29 13:19:02 | 000,094,584 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2011/09/09 10:10:40 | 000,077,816 | ---- | M] (GFI Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2010/11/20 04:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 04:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 04:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 02:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 02:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 01:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 01:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 01:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/07 13:34:32 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/07/13 14:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/02/26 10:11:02 | 000,299,520 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr70.sys -- (rt70x86)
DRV - [2008/08/26 09:55:14 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/08/18 23:03:28 | 000,079,960 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
DRV - [2008/08/18 23:02:56 | 000,027,648 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV - [2008/08/18 22:59:30 | 000,122,368 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/06/30 04:10:54 | 000,738,304 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\A3ABv.sys -- (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB)
DRV - [2001/07/13 12:56:14 | 000,014,976 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\SBKUPNT.SYS -- (SBKUPNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3898212364-3955706882-1737509186-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3898212364-3955706882-1737509186-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3898212364-3955706882-1737509186-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3898212364-3955706882-1737509186-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:6.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8
FF - prefs.js..extensions.enabledItems: {fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3}:5.1.0.26


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer,version=1.18.6: C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin,version=6.1.5.22: C:\Program Files\Musicnotes\npsibelius.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Andrew Saputo\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Andrew Saputo\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Andrew Saputo\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Andrew Saputo\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Andrew Saputo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/02 15:59:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/30 12:07:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Andrew Saputo\AppData\Roaming\IDM\idmmzcc5 [2012/01/31 12:36:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Andrew Saputo\AppData\Roaming\IDM\idmmzcc5 [2012/01/31 12:36:29 | 000,000,000 | ---D | M]

[2009/12/10 01:49:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrew Saputo\AppData\Roaming\Mozilla\Extensions
[2012/01/31 13:03:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrew Saputo\AppData\Roaming\Mozilla\Firefox\Profiles\6gi2yah6.default\extensions
[2012/01/30 12:08:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Andrew Saputo\AppData\Roaming\Mozilla\Firefox\Profiles\6gi2yah6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/30 12:08:22 | 000,000,000 | ---D | M] (Diigo Toolbar) -- C:\Users\Andrew Saputo\AppData\Roaming\Mozilla\Firefox\Profiles\6gi2yah6.default\extensions\{fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3}
[2012/01/29 10:27:20 | 000,002,533 | ---- | M] () -- C:\Users\Andrew Saputo\AppData\Roaming\Mozilla\Firefox\Profiles\6gi2yah6.default\searchplugins\diigo--google.xml
[2010/09/03 16:39:11 | 000,001,710 | ---- | M] () -- C:\Users\Andrew Saputo\AppData\Roaming\Mozilla\Firefox\Profiles\6gi2yah6.default\searchplugins\goodsearch.xml
[2011/11/09 17:51:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/31 12:36:29 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\ANDREW SAPUTO\APPDATA\ROAMING\IDM\IDMMZCC5
() (No name found) -- C:\USERS\ANDREW SAPUTO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6GI2YAH6.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/02/02 15:59:30 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/04 19:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/04 19:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/01/30 18:08:25 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O3 - HKU\S-1-5-21-3898212364-3955706882-1737509186-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [SBAMTray] C:\Program Files\GFI Software\VIPRE\SBAMTray.exe (GFI Software)
O4 - HKU\S-1-5-21-3898212364-3955706882-1737509186-1000..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3898212364-3955706882-1737509186-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3898212364-3955706882-1737509186-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3898212364-3955706882-1737509186-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3898212364-3955706882-1737509186-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.69.150 68.87.85.102
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F6E6535-4CF7-484F-884D-44FFA3CB735A}: DhcpNameServer = 68.87.69.146 68.87.85.98
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E27B521A-A228-42E5-9F71-9DF439C9A51E}: DhcpNameServer = 68.87.69.150 68.87.85.102
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O24 - Desktop WallPaper: C:\Users\Andrew Saputo\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Andrew Saputo\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/04/04 01:39:00 | 000,000,000 | RH-D | M] - J:\autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/02 17:07:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2012/02/02 17:05:54 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2012/02/02 10:34:51 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Andrew Saputo\Desktop\OTL.exe
[2012/02/02 10:29:46 | 002,059,312 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Andrew Saputo\Desktop\tdsskiller.exe
[2012/01/31 10:56:43 | 000,000,000 | ---D | C] -- C:\Windows\TEMP
[2012/01/30 18:13:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/30 18:06:08 | 000,000,000 | ---D | C] -- C:\Users\Andrew Saputo\AppData\Local\temp
[2012/01/30 17:48:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/30 17:48:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/30 17:48:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/30 17:48:16 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/30 17:48:15 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/01/30 17:48:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/30 12:36:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/30 12:36:29 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/01/30 12:36:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/30 12:29:37 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/01/26 05:42:01 | 000,091,936 | ---- | C] (Tonec Inc.) -- C:\Windows\System32\drivers\idmwfp.sys
[2012/01/18 20:03:22 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2012/01/18 20:03:21 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2012/01/13 13:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\PDF Writer
[2012/01/13 13:12:02 | 000,000,000 | ---D | C] -- C:\Users\Andrew Saputo\AppData\Roaming\PDF Writer
[2012/01/13 13:12:02 | 000,000,000 | ---D | C] -- C:\Users\Andrew Saputo\AppData\Local\PDF Writer
[2012/01/13 13:09:19 | 000,227,840 | ---- | C] (Bullzip) -- C:\Windows\System32\bzFlRdr.dll
[2012/01/13 13:09:19 | 000,103,424 | ---- | C] (Bullzip) -- C:\Windows\System32\bzDCT.dll
[2012/01/13 13:09:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bullzip
[2012/01/13 13:09:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bullzip
[2012/01/13 13:09:18 | 000,135,168 | ---- | C] (Bullzip) -- C:\Windows\System32\bzpdfc.dll
[2012/01/13 13:09:16 | 000,196,608 | ---- | C] (Bullzip) -- C:\Windows\System32\bzpdf.dll
[2012/01/13 13:09:11 | 000,000,000 | ---D | C] -- C:\Program Files\Bullzip
[2012/01/12 13:56:07 | 000,000,000 | ---D | C] -- C:\Users\Andrew Saputo\Desktop\Sublist Stuff & Transcripts
[2012/01/12 13:25:48 | 000,000,000 | ---D | C] -- C:\Users\Andrew Saputo\Desktop\Curbside & Phone Pics
[2012/01/11 03:09:11 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/01/11 03:09:08 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/01/11 03:09:07 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2010/08/25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[1 C:\Users\Andrew Saputo\Desktop\*.tmp files -> C:\Users\Andrew Saputo\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/03 01:45:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/03 01:43:52 | 000,015,280 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/03 01:43:51 | 000,015,280 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/03 01:39:50 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/03 00:36:04 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/02 16:07:13 | 000,626,844 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/02 16:07:13 | 000,107,160 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/02 10:34:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew Saputo\Desktop\OTL.exe
[2012/02/02 10:33:07 | 000,335,515 | ---- | M] () -- C:\Users\Andrew Saputo\Desktop\FSS.exe
[2012/02/02 10:29:55 | 002,059,312 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Andrew Saputo\Desktop\tdsskiller.exe
[2012/01/30 18:08:25 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/01/30 17:58:53 | 000,000,228 | ---- | M] () -- C:\Windows\tasks\TuneUpUtilities_Task_BkGndMaintenance2011.job
[2012/01/30 12:37:37 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/27 12:28:25 | 000,043,376 | ---- | M] () -- C:\Users\Andrew Saputo\Desktop\Oregon Ducks _ Online Ticket Office _ Thank You For Your Order.pdf
[2012/01/26 16:48:06 | 000,091,936 | ---- | M] (Tonec Inc.) -- C:\Windows\System32\drivers\idmwfp.sys
[2012/01/05 12:01:08 | 000,049,672 | ---- | M] () -- C:\Users\Andrew Saputo\Documents\andrew-paul-saputo_cd-game-exchange_3.pdf
[2012/01/05 12:01:00 | 000,049,679 | ---- | M] () -- C:\Users\Andrew Saputo\Documents\andrew-paul-saputo_cd-game-exchange_2.pdf
[2012/01/05 12:00:53 | 000,049,670 | ---- | M] () -- C:\Users\Andrew Saputo\Documents\andrew-paul-saputo_cd-game-exchange.pdf
[1 C:\Users\Andrew Saputo\Desktop\*.tmp files -> C:\Users\Andrew Saputo\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/02 10:33:05 | 000,335,515 | ---- | C] () -- C:\Users\Andrew Saputo\Desktop\FSS.exe
[2012/01/30 17:58:53 | 000,000,228 | ---- | C] () -- C:\Windows\tasks\TuneUpUtilities_Task_BkGndMaintenance2011.job
[2012/01/30 17:48:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/30 17:48:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/30 17:48:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/30 17:48:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/30 17:48:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/30 12:37:22 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/27 12:28:25 | 000,043,376 | ---- | C] () -- C:\Users\Andrew Saputo\Desktop\Oregon Ducks _ Online Ticket Office _ Thank You For Your Order.pdf
[2012/01/05 12:01:07 | 000,049,672 | ---- | C] () -- C:\Users\Andrew Saputo\Documents\andrew-paul-saputo_cd-game-exchange_3.pdf
[2012/01/05 12:00:59 | 000,049,679 | ---- | C] () -- C:\Users\Andrew Saputo\Documents\andrew-paul-saputo_cd-game-exchange_2.pdf
[2012/01/05 12:00:52 | 000,049,670 | ---- | C] () -- C:\Users\Andrew Saputo\Documents\andrew-paul-saputo_cd-game-exchange.pdf
[2011/09/27 20:05:33 | 000,213,240 | ---- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/06/08 18:41:41 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/06/08 18:40:14 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010/11/25 10:55:31 | 000,000,097 | ---- | C] () -- C:\Users\Andrew Saputo\AppData\Roaming\netstat.bat
[2010/08/25 19:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 19:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 19:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/02/19 22:58:35 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/02/07 08:13:14 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/02/01 19:02:59 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2009/12/13 15:51:21 | 000,007,603 | ---- | C] () -- C:\Users\Andrew Saputo\AppData\Local\Resmon.ResmonCfg
[2009/12/13 12:21:09 | 000,029,696 | ---- | C] () -- C:\Users\Andrew Saputo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/10 02:11:38 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2009/11/23 13:38:44 | 001,060,864 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2009/11/23 13:38:44 | 000,909,312 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2009/11/23 13:38:44 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2009/11/23 13:38:44 | 000,036,864 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2009/11/23 13:38:44 | 000,036,734 | ---- | C] () -- C:\Windows\System32\OggDSuninst.exe
[2009/09/16 16:34:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/13 20:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:33:53 | 002,380,856 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 18:05:48 | 000,626,844 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 18:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 18:05:48 | 000,107,160 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 18:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 18:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 18:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 15:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 14:09:19 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/05/24 15:28:10 | 000,014,976 | ---- | C] () -- C:\Windows\System32\drivers\SBKUPNT.SYS
[2009/05/24 15:28:10 | 000,013,312 | ---- | C] () -- C:\Windows\System32\DEVLOAD.EXE
[2009/05/24 15:28:05 | 000,002,799 | ---- | C] () -- C:\Windows\SKLANG.INI
[2009/05/14 18:04:36 | 000,008,273 | ---- | C] () -- C:\Users\Andrew Saputo\AppData\Roaming\Comma Separated Values (Windows).JNL
[2009/05/14 17:59:08 | 000,038,266 | ---- | C] () -- C:\Users\Andrew Saputo\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2009/05/14 17:58:25 | 000,012,958 | ---- | C] () -- C:\Users\Andrew Saputo\AppData\Roaming\Microsoft Excel 97-2003.CAL
[2009/04/26 00:16:11 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll

< End of report >

Here is the Extras Log

OTL Extras logfile created on: 2/3/2012 1:45:44 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Andrew Saputo\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 66.62% Memory free
3.93 Gb Paging File | 3.30 Gb Available in Paging File | 83.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 25.68 Gb Free Space | 11.53% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.70 Gb Free Space | 46.99% Space Free | Partition Type: NTFS
Drive F: | 149.00 Gb Total Space | 12.82 Gb Free Space | 8.61% Space Free | Partition Type: FAT32
Drive H: | 465.76 Gb Total Space | 47.09 Gb Free Space | 10.11% Space Free | Partition Type: NTFS
Drive I: | 698.64 Gb Total Space | 71.68 Gb Free Space | 10.26% Space Free | Partition Type: NTFS
Drive J: | 931.51 Gb Total Space | 845.46 Gb Free Space | 90.76% Space Free | Partition Type: NTFS
Drive K: | 74.53 Gb Total Space | 11.03 Gb Free Space | 14.80% Space Free | Partition Type: NTFS

Computer Name: HURLEY | User Name: Andrew Saputo | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3898212364-3955706882-1737509186-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}" = Realtek Ethernet Network Card Diagnostic tool for Windows Vista
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{23BE4DF2-293D-4077-82F4-1FD8C269277C}" = TuneUp Utilities Language Pack (en-US)
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 22
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{37F964E4-9C3F-4066-B933-1747D3AC6737}" = Personal Entertainment Launcher
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85CB7BCF-958D-4B9E-8373-AE4D2C9FB324}" = VIPRE Internet Security
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B128562-681D-4FFA-BEBF-A825985B2CB9}" = AirPlus G DWL-G510
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FA2E0CF-64E8-3536-BA71-618A48D9AF55}" = Google Talk Plugin
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B32C8567-FBEE-4DB6-A2C6-23A2C50617F8}" = Verizon Wireless Software Utility Application for Android - Samsung
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}" = VIPRE Internet Security
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FC274982-5AAD-4C20-848D-4424A5043010}_is1" = WinUtilities 10.01 Free Edition
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Advanced SystemCare 4_is1" = Advanced SystemCare 4
"ASIO4ALL" = ASIO4ALL
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.2.0.1338
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX Setup
"DSMT6" = MathType 6
"Exact Audio Copy" = Exact Audio Copy 0.99pb5
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.9
"Freemake Video Converter_is1" = Freemake Video Converter version 2.0.0
"Google Updater" = Google Updater
"Internet Download Manager" = Internet Download Manager
"IrfanView" = IrfanView (remove only)
"LastFM_is1" = Last.fm 1.5.4.27091
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 10.0 (x86 en-US)" = Mozilla Firefox 10.0 (x86 en-US)
"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.4.6
"Nike+ Connect" = Nike+ Connect
"PROPLUSR" = Microsoft Office Professional Plus 2007
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3898212364-3955706882-1737509186-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/28/2011 3:31:56 AM | Computer Name = Hurley | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\einstruction\device
manager\driverfiles\64bit\DPInst.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 5/28/2011 3:31:57 AM | Computer Name = Hurley | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\einstruction\device
manager\driverfiles\Windows7\64bit\DPInst.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 5/28/2011 1:47:01 PM | Computer Name = Hurley | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
0x800401F9

Error - 5/28/2011 1:47:01 PM | Computer Name = Hurley | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x00000000.

Error - 5/28/2011 2:16:57 PM | Computer Name = Hurley | Source = Application Error | ID = 1000
Description = Faulting application name: java.exe, version: 6.0.220.4, time stamp:
0x4c908d11 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00311ce7 Faulting process id: 0xf38 Faulting application
start time: 0x01cc1d5f6f07d2f6 Faulting application path: C:\Program Files\Java\jre6\bin\java.exe
Faulting
module path: unknown Report Id: ac0fb562-8956-11e0-8191-bafccad8522f

Error - 5/30/2011 4:47:51 PM | Computer Name = Hurley | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
0x800401F9

Error - 5/30/2011 4:47:52 PM | Computer Name = Hurley | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x00000000.

Error - 5/30/2011 4:48:53 PM | Computer Name = Hurley | Source = WinMgmt | ID = 10
Description =

Error - 5/31/2011 3:54:02 AM | Computer Name = Hurley | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\einstruction\device
manager\driverfiles\64bit\DPInst.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 5/31/2011 3:54:03 AM | Computer Name = Hurley | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\einstruction\device
manager\driverfiles\Windows7\64bit\DPInst.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ Media Center Events ]
Error - 5/29/2009 10:49:50 PM | Computer Name = Hurley | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 5/29/2009 10:49:51 PM | Computer Name = Hurley | Source = McrMgr | ID = 109
Description =

Error - 10/7/2009 6:48:09 PM | Computer Name = Hurley | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ ODiag Events ]
Error - 1/6/2011 1:56:41 PM | Computer Name = Hurley | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 64sh. Error code: N/A

[ OSession Events ]
Error - 7/5/2010 6:44:38 PM | Computer Name = Hurley | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 89
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/27/2010 9:16:26 PM | Computer Name = Hurley | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 194
seconds with 60 seconds of active time. This session ended with a crash.

Error - 11/1/2010 9:23:17 PM | Computer Name = Hurley | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1864
seconds with 60 seconds of active time. This session ended with a crash.

Error - 12/10/2010 10:40:03 PM | Computer Name = Hurley | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1875
seconds with 240 seconds of active time. This session ended with a crash.

Error - 12/15/2010 5:40:32 PM | Computer Name = Hurley | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1884
seconds with 60 seconds of active time. This session ended with a crash.

Error - 1/1/2011 4:33:11 PM | Computer Name = Hurley | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6548.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 438
seconds with 240 seconds of active time. This session ended with a crash.

Error - 1/6/2011 2:09:13 AM | Computer Name = Hurley | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6548.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 141
seconds with 120 seconds of active time. This session ended with a crash.

Error - 1/24/2011 6:02:03 PM | Computer Name = Hurley | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 61
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/14/2011 5:58:00 PM | Computer Name = Hurley | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 561
seconds with 240 seconds of active time. This session ended with a crash.

Error - 12/5/2011 12:45:12 AM | Computer Name = Hurley | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 28539
seconds with 6360 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2/3/2012 5:45:25 AM | Computer Name = Hurley | Source = DCOM | ID = 10005
Description =

Error - 2/3/2012 5:45:25 AM | Computer Name = Hurley | Source = DCOM | ID = 10005
Description =

Error - 2/3/2012 5:45:25 AM | Computer Name = Hurley | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 2/3/2012 5:45:25 AM | Computer Name = Hurley | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 2/3/2012 5:45:25 AM | Computer Name = Hurley | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 2/3/2012 5:45:25 AM | Computer Name = Hurley | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 2/3/2012 5:45:25 AM | Computer Name = Hurley | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 2/3/2012 5:45:25 AM | Computer Name = Hurley | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 2/3/2012 5:45:25 AM | Computer Name = Hurley | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 2/3/2012 5:45:25 AM | Computer Name = Hurley | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

[ TuneUp Events ]
Error - 6/16/2011 5:10:03 AM | Computer Name = Hurley | Source = TuneUp.UtilitiesSvc | ID = 300
Description =


< End of report >


Thanks for your help. If you think I have some programs that are bogging each other down or something, let me know. Thanks!!

#7 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:05 AM

Posted 03 February 2012 - 08:45 AM

Hi!

It looks like you ran ComboFix can you please post the log file for me to review? It can be located in your root drive. (C:\)

Can you also post any other TDSSKiller logs you have for me?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#8 andrewsaputo

andrewsaputo
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Eugene Oregon
  • Local time:06:05 AM

Posted 03 February 2012 - 02:50 PM

Combofix Log

ComboFix 12-01-30.02 - Andrew Saputo 01/30/2012 17:54:16.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2013.1246 [GMT -8:00]
Running from: c:\users\Andrew Saputo\Desktop\ComboFix.exe
AV: GFI Software VIPRE *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
FW: GFI Software VIPRE *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
SP: GFI Software VIPRE *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\~tVUjyVOvjyBegl
c:\programdata\~tVUjyVOvjyBeglr
c:\programdata\tVUjyVOvjyBegl
C:\systemsvc
c:\systemsvc\config.bin
c:\users\Andrew Saputo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\windows\$NtUninstallKB26225$
c:\windows\$NtUninstallKB26225$\3511185953
J:\autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-31 )))))))))))))))))))))))))))))))
.
.
2012-01-31 02:06 . 2012-01-31 02:08 -------- d-----w- c:\users\Andrew Saputo\AppData\Local\temp
2012-01-31 02:06 . 2012-01-31 02:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-30 20:36 . 2012-01-30 20:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-30 20:36 . 2011-12-10 23:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-30 20:29 . 2012-01-30 20:29 -------- d-----w- C:\TDSSKiller_Quarantine
2012-01-19 04:03 . 2011-11-17 05:41 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-19 04:03 . 2011-11-17 05:41 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-19 04:03 . 2011-11-17 05:39 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-19 04:03 . 2011-11-17 05:35 314880 ----a-w- c:\windows\system32\webio.dll
2012-01-19 04:03 . 2011-11-17 05:34 224768 ----a-w- c:\windows\system32\schannel.dll
2012-01-19 04:03 . 2011-11-17 05:32 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-19 04:03 . 2011-11-17 05:29 22528 ----a-w- c:\windows\system32\lsass.exe
2012-01-19 04:03 . 2011-11-17 05:34 15872 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-19 04:03 . 2011-11-17 05:34 100352 ----a-w- c:\windows\system32\sspicli.dll
2012-01-19 04:03 . 2011-11-17 05:34 22016 ----a-w- c:\windows\system32\secur32.dll
2012-01-13 21:12 . 2012-01-13 21:12 -------- d--h--w- c:\programdata\PDF Writer
2012-01-13 21:12 . 2012-01-30 20:08 -------- d-----w- c:\users\Andrew Saputo\AppData\Roaming\PDF Writer
2012-01-13 21:12 . 2012-01-13 21:12 -------- d--h--w- c:\users\Andrew Saputo\AppData\Local\PDF Writer
2012-01-13 21:10 . 2009-07-14 01:15 90624 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HPZPPWN7.DLL
2012-01-13 21:09 . 2012-01-30 20:07 -------- d-----w- c:\program files\Common Files\Bullzip
2012-01-13 21:09 . 2008-10-31 06:15 227840 ----a-w- c:\windows\system32\bzFlRdr.dll
2012-01-13 21:09 . 2008-07-10 07:19 103424 ----a-w- c:\windows\system32\bzDCT.dll
2012-01-13 21:09 . 2010-09-27 22:27 135168 ----a-w- c:\windows\system32\bzpdfc.dll
2012-01-13 21:09 . 2011-08-09 15:56 196608 ----a-w- c:\windows\system32\bzpdf.dll
2012-01-13 21:09 . 2012-01-30 19:46 -------- d-----w- c:\program files\Bullzip
2012-01-11 11:09 . 2011-11-17 05:38 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 11:09 . 2011-11-19 14:01 67072 ----a-w- c:\windows\system32\packager.dll
2012-01-11 11:09 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 11:09 . 2011-10-26 04:32 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-24 04:25 . 2011-12-15 03:49 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-11-19 23:38 . 2011-05-24 17:37 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-05 04:26 . 2011-12-15 03:49 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-03 22:47 . 2011-12-15 11:03 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40 . 2011-12-15 11:02 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39 . 2011-12-15 11:03 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31 . 2011-12-15 11:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-05 06:53 . 2011-11-10 01:51 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Andrew Saputo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Andrew Saputo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Andrew Saputo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Andrew Saputo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 16:50 21864 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2011-10-25 3437976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"SBAMTray"="c:\program files\GFI Software\VIPRE\SBAMTray.exe" [2011-11-01 3045744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^eInstruction Device Manager.lnk]
backup=c:\windows\pss\eInstruction Device Manager.lnk.CommonStartup
backupExtension=.CommonStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 15:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-02 07:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2011-10-25 06:48 3437976 ----a-w- c:\program files\Internet Download Manager\IDMan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 09:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nike+ Connect]
2010-10-01 15:26 299008 ----a-w- c:\program files\Nike\Nike+ Connect\Nike+ Connect daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 22:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 18:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"IDMan"=c:\program files\Internet Download Manager\IDMan.exe /onboot
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"Persistence"=c:\windows\system32\igfxpers.exe
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
.
R1 MpKsl0aba5425;MpKsl0aba5425;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{30D343A6-9D1D-42F1-A451-67E8FCE90CC0}\MpKsl0aba5425.sys [x]
R1 MpKsl10db6195;MpKsl10db6195;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F3C9DC3A-CF37-4358-B177-1CD643024C76}\MpKsl10db6195.sys [x]
R1 MpKsl75ca995a;MpKsl75ca995a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C56D1025-563C-4F3A-9483-AC201D52AEC1}\MpKsl75ca995a.sys [x]
R1 MpKsl806e0269;MpKsl806e0269;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{84DA74F9-020F-4101-80F7-1D3D25E337DE}\MpKsl806e0269.sys [x]
R1 MpKsl8e3e9a10;MpKsl8e3e9a10;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E9C5F6CE-803C-4666-B99E-2A8AB353567B}\MpKsl8e3e9a10.sys [x]
R1 MpKsl9337ccf0;MpKsl9337ccf0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BAD92969-0115-4B5A-85F8-BB5DAA8EE8A2}\MpKsl9337ccf0.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9cdf59eebed1d;Google Update Service (gupdate1c9cdf59eebed1d);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-06 133104]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-06 133104]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 rt70x86;Linksys Home Wireless-G USB Adaptor Driver;c:\windows\system32\DRIVERS\netr70.sys [2009-02-26 299520]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-09-29 94584]
R3 SbHips;SbHips;c:\windows\system32\drivers\sbhips.sys [2011-11-01 93816]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-13 1343400]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-11-01 223864]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-10-26 101112]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-04-21 352656]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-07-06 89376]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2008-08-19 27648]
S2 SBAMSvc;VIPRE Internet Security;c:\program files\GFI Software\VIPRE\SBAMSvc.exe [2011-11-01 3287472]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-09-09 77816]
S2 SBKUPNT;SBKUPNT;c:\windows\system32\Drivers\SBKUPNT.SYS [2001-07-13 14976]
S2 SBPIMSvc;SB Recovery Service;c:\program files\GFI Software\VIPRE\SBPIMSvc.exe [2011-11-01 173424]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2010-11-23 1483072]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\DRIVERS\A3ABv.sys [2007-06-30 738304]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-08-26 112128]
S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-09-29 94584]
S3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys [2011-11-01 72312]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-07 10064]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-06 02:51]
.
2012-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-06 02:51]
.
2012-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-06 02:51]
.
2011-04-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3898212364-3955706882-1737509186-1000Core.job
- c:\users\Andrew Saputo\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-27 03:56]
.
2011-04-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3898212364-3955706882-1737509186-1000UA.job
- c:\users\Andrew Saputo\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-27 03:56]
.
2011-02-10 c:\windows\Tasks\RtlNICDiagVistaStart.job
- c:\program files\Realtek\RTNICDiag\RTNICDiag.exe [2009-04-26 07:02]
.
2012-01-31 c:\windows\Tasks\TuneUpUtilities_Task_BkGndMaintenance2011.job
- c:\program files\TuneUp Utilities 2011\OneClick.exe [2010-11-23 16:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.87.69.150 68.87.85.102
FF - ProfilePath - c:\users\Andrew Saputo\AppData\Roaming\Mozilla\Firefox\Profiles\6gi2yah6.default\
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-SBAMTray - c:\program files\Sunbelt Software\VIPRE\SBAMTray.exe
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Andrew Saputo\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3898212364-3955706882-1737509186-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):ad,93,97,c7,2a,6a,06,f7,81,b2,95,3b,11,eb,8e,a8,89,00,f5,25,09,
95,af,70,30,7d,89,3f,a4,02,6b,2d,3e,05,6e,5c,e4,7c,a2,cc,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3898212364-3955706882-1737509186-1000_Classes\CLSID\{ec0bb897-2aa6-40b6-bfa1-b4f8584c1030}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000107
"Therad"=dword:00000010
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1524)
c:\users\Andrew Saputo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\windows\system32\conhost.exe
c:\program files\Google\Update\1.3.21.79\GoogleCrashHandler.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2012-01-30 18:15:31 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-31 02:15
.
Pre-Run: 30,515,085,312 bytes free
Post-Run: 31,302,393,856 bytes free
.
- - End Of File - - F5699C902DBC52FA3E4ED718226C7F06

TDSS Killer Log

11:48:44.0922 3224 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
11:48:45.0402 3224 ============================================================
11:48:45.0402 3224 Current date / time: 2012/02/03 11:48:45.0402
11:48:45.0402 3224 SystemInfo:
11:48:45.0402 3224
11:48:45.0402 3224 OS Version: 6.1.7601 ServicePack: 1.0
11:48:45.0402 3224 Product type: Workstation
11:48:45.0402 3224 ComputerName: HURLEY
11:48:45.0402 3224 UserName: Andrew Saputo
11:48:45.0402 3224 Windows directory: C:\Windows
11:48:45.0402 3224 System windows directory: C:\Windows
11:48:45.0402 3224 Processor architecture: Intel x86
11:48:45.0402 3224 Number of processors: 2
11:48:45.0402 3224 Page size: 0x1000
11:48:45.0403 3224 Boot type: Normal boot
11:48:45.0403 3224 ============================================================
11:48:46.0527 3224 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:48:46.0540 3224 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:48:46.0573 3224 Drive \Device\Harddisk2\DR2 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:48:46.0587 3224 Drive \Device\Harddisk3\DR3 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:48:46.0629 3224 Drive \Device\Harddisk5\DR8 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:48:46.0639 3224 Drive \Device\Harddisk6\DR6 - Size: 0xE8E0B00000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:48:47.0118 3224 \Device\Harddisk0\DR0:
11:48:47.0118 3224 MBR used
11:48:47.0118 3224 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x1400000
11:48:47.0118 3224 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x141B800, BlocksNum 0x1BD8D000
11:48:47.0118 3224 \Device\Harddisk1\DR1:
11:48:47.0131 3224 MBR used
11:48:47.0131 3224 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
11:48:47.0131 3224 \Device\Harddisk2\DR2:
11:48:47.0132 3224 MBR used
11:48:47.0132 3224 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x575452C2
11:48:47.0132 3224 \Device\Harddisk3\DR3:
11:48:47.0132 3224 MBR used
11:48:47.0132 3224 \Device\Harddisk3\DR3\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E482
11:48:47.0132 3224 \Device\Harddisk5\DR8:
11:48:47.0133 3224 MBR used
11:48:47.0133 3224 \Device\Harddisk5\DR8\Partition0: MBR, Type 0xB, StartLBA 0x800, BlocksNum 0x12A14000
11:48:47.0133 3224 \Device\Harddisk6\DR6:
11:48:47.0133 3224 MBR used
11:48:47.0133 3224 \Device\Harddisk6\DR6\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705000
11:48:47.0282 3224 Initialize success
11:48:47.0282 3224 ============================================================
11:48:53.0697 2092 ============================================================
11:48:53.0697 2092 Scan started
11:48:53.0697 2092 Mode: Manual; SigCheck; TDLFS;
11:48:53.0697 2092 ============================================================
11:48:53.0904 2092 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
11:48:54.0461 2092 1394ohci - ok
11:48:54.0572 2092 A3AB (ee5c0ec358b2ce7b73fb154f8b1dbebe) C:\Windows\system32\DRIVERS\A3ABv.sys
11:48:54.0745 2092 A3AB - ok
11:48:54.0823 2092 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
11:48:54.0864 2092 ACPI - ok
11:48:54.0906 2092 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
11:48:55.0037 2092 AcpiPmi - ok
11:48:55.0138 2092 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
11:48:55.0182 2092 adp94xx - ok
11:48:55.0235 2092 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
11:48:55.0266 2092 adpahci - ok
11:48:55.0363 2092 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
11:48:55.0397 2092 adpu320 - ok
11:48:55.0456 2092 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
11:48:55.0569 2092 AFD - ok
11:48:55.0649 2092 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
11:48:55.0677 2092 agp440 - ok
11:48:55.0738 2092 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
11:48:55.0769 2092 aic78xx - ok
11:48:55.0871 2092 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
11:48:55.0906 2092 aliide - ok
11:48:55.0940 2092 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
11:48:55.0971 2092 amdagp - ok
11:48:56.0031 2092 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
11:48:56.0048 2092 amdide - ok
11:48:56.0099 2092 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
11:48:56.0244 2092 AmdK8 - ok
11:48:56.0331 2092 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
11:48:56.0418 2092 AmdPPM - ok
11:48:56.0454 2092 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
11:48:56.0469 2092 amdsata - ok
11:48:56.0529 2092 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
11:48:56.0569 2092 amdsbs - ok
11:48:56.0618 2092 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
11:48:56.0651 2092 amdxata - ok
11:48:56.0714 2092 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
11:48:56.0881 2092 AppID - ok
11:48:56.0988 2092 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
11:48:57.0007 2092 arc - ok
11:48:57.0017 2092 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
11:48:57.0064 2092 arcsas - ok
11:48:57.0105 2092 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
11:48:57.0290 2092 AsyncMac - ok
11:48:57.0364 2092 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
11:48:57.0398 2092 atapi - ok
11:48:57.0463 2092 athr (76bab0c824e2d05b940c4dd40a9b08bf) C:\Windows\system32\DRIVERS\athr.sys
11:48:57.0596 2092 athr - ok
11:48:57.0701 2092 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
11:48:57.0825 2092 b06bdrv - ok
11:48:57.0910 2092 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
11:48:57.0978 2092 b57nd60x - ok
11:48:58.0027 2092 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
11:48:58.0124 2092 Beep - ok
11:48:58.0224 2092 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
11:48:58.0315 2092 blbdrive - ok
11:48:58.0427 2092 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
11:48:58.0499 2092 bowser - ok
11:48:58.0586 2092 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:48:58.0672 2092 BrFiltLo - ok
11:48:58.0702 2092 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:48:58.0780 2092 BrFiltUp - ok
11:48:58.0882 2092 Bridge (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
11:48:58.0987 2092 Bridge - ok
11:48:58.0991 2092 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
11:48:59.0014 2092 BridgeMP - ok
11:48:59.0128 2092 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
11:48:59.0238 2092 Brserid - ok
11:48:59.0327 2092 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
11:48:59.0396 2092 BrSerWdm - ok
11:48:59.0431 2092 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:48:59.0523 2092 BrUsbMdm - ok
11:48:59.0626 2092 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
11:48:59.0698 2092 BrUsbSer - ok
11:48:59.0736 2092 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
11:48:59.0798 2092 BTHMODEM - ok
11:48:59.0920 2092 catchme - ok
11:49:00.0002 2092 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
11:49:00.0093 2092 cdfs - ok
11:49:00.0194 2092 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
11:49:00.0261 2092 cdrom - ok
11:49:00.0291 2092 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
11:49:00.0361 2092 circlass - ok
11:49:00.0449 2092 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
11:49:00.0488 2092 CLFS - ok
11:49:00.0549 2092 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
11:49:00.0631 2092 CmBatt - ok
11:49:00.0721 2092 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
11:49:00.0758 2092 cmdide - ok
11:49:00.0811 2092 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
11:49:00.0883 2092 CNG - ok
11:49:00.0971 2092 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
11:49:01.0001 2092 Compbatt - ok
11:49:01.0033 2092 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
11:49:01.0123 2092 CompositeBus - ok
11:49:01.0238 2092 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
11:49:01.0273 2092 crcdisk - ok
11:49:01.0308 2092 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
11:49:01.0422 2092 CSC - ok
11:49:01.0508 2092 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
11:49:01.0597 2092 DfsC - ok
11:49:01.0708 2092 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
11:49:01.0779 2092 discache - ok
11:49:01.0821 2092 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
11:49:01.0831 2092 Disk - ok
11:49:01.0887 2092 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
11:49:01.0966 2092 Dot4 - ok
11:49:02.0040 2092 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\drivers\Dot4Prt.sys
11:49:02.0110 2092 Dot4Print - ok
11:49:02.0206 2092 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
11:49:02.0268 2092 dot4usb - ok
11:49:02.0310 2092 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
11:49:02.0381 2092 drmkaud - ok
11:49:02.0496 2092 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
11:49:02.0553 2092 DXGKrnl - ok
11:49:02.0857 2092 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
11:49:03.0627 2092 ebdrv - ok
11:49:03.0755 2092 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
11:49:03.0805 2092 elxstor - ok
11:49:03.0833 2092 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
11:49:03.0877 2092 ErrDev - ok
11:49:03.0995 2092 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
11:49:04.0043 2092 exfat - ok
11:49:04.0076 2092 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
11:49:04.0164 2092 fastfat - ok
11:49:04.0288 2092 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
11:49:04.0355 2092 fdc - ok
11:49:04.0408 2092 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
11:49:04.0441 2092 FileInfo - ok
11:49:04.0510 2092 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
11:49:04.0582 2092 Filetrace - ok
11:49:04.0646 2092 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
11:49:04.0763 2092 flpydisk - ok
11:49:04.0864 2092 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
11:49:04.0901 2092 FltMgr - ok
11:49:05.0051 2092 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
11:49:05.0241 2092 FsDepends - ok
11:49:05.0335 2092 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
11:49:05.0368 2092 Fs_Rec - ok
11:49:05.0407 2092 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
11:49:05.0464 2092 fvevol - ok
11:49:05.0572 2092 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:49:05.0613 2092 gagp30kx - ok
11:49:05.0635 2092 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:49:05.0663 2092 GEARAspiWDM - ok
11:49:05.0712 2092 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
11:49:05.0852 2092 hcw85cir - ok
11:49:05.0909 2092 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
11:49:06.0003 2092 HdAudAddService - ok
11:49:06.0103 2092 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
11:49:06.0203 2092 HDAudBus - ok
11:49:06.0311 2092 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
11:49:06.0428 2092 HidBatt - ok
11:49:06.0480 2092 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
11:49:06.0554 2092 HidBth - ok
11:49:06.0637 2092 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
11:49:06.0698 2092 HidIr - ok
11:49:06.0780 2092 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
11:49:06.0822 2092 HidUsb - ok
11:49:06.0905 2092 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
11:49:06.0946 2092 HpSAMD - ok
11:49:07.0016 2092 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
11:49:07.0091 2092 HTTP - ok
11:49:07.0158 2092 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
11:49:07.0195 2092 hwpolicy - ok
11:49:07.0270 2092 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
11:49:07.0340 2092 i8042prt - ok
11:49:07.0417 2092 iaStor (707c1692214b1c290271067197f075f6) C:\Windows\system32\DRIVERS\iaStor.sys
11:49:07.0535 2092 iaStor - ok
11:49:07.0637 2092 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
11:49:07.0686 2092 iaStorV - ok
11:49:07.0816 2092 IDMWFP (499fc110088cc0baf13f57cfa001f49c) C:\Windows\system32\DRIVERS\idmwfp.sys
11:49:07.0852 2092 IDMWFP - ok
11:49:08.0039 2092 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
11:49:09.0293 2092 igfx - ok
11:49:09.0389 2092 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
11:49:09.0428 2092 iirsp - ok
11:49:09.0516 2092 IntcAzAudAddService (9b89f2e3d705651dec1f01033b9d6b24) C:\Windows\system32\drivers\RTKVHDA.sys
11:49:09.0598 2092 IntcAzAudAddService - ok
11:49:09.0681 2092 IntcHdmiAddService (8dab99684cfe8b4ddd5d6d0c5d55fdac) C:\Windows\system32\drivers\IntcHdmi.sys
11:49:09.0788 2092 IntcHdmiAddService - ok
11:49:09.0880 2092 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
11:49:09.0914 2092 intelide - ok
11:49:09.0944 2092 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
11:49:10.0006 2092 intelppm - ok
11:49:10.0099 2092 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:49:10.0186 2092 IpFilterDriver - ok
11:49:10.0283 2092 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
11:49:10.0360 2092 IPMIDRV - ok
11:49:10.0431 2092 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
11:49:10.0525 2092 IPNAT - ok
11:49:10.0637 2092 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
11:49:10.0718 2092 IRENUM - ok
11:49:10.0796 2092 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
11:49:10.0835 2092 isapnp - ok
11:49:10.0886 2092 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
11:49:10.0928 2092 iScsiPrt - ok
11:49:11.0021 2092 JRAID (b07084095f8c03aadb9811c9df14b5e4) C:\Windows\system32\drivers\jraid.sys
11:49:11.0151 2092 JRAID - ok
11:49:11.0226 2092 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
11:49:11.0264 2092 kbdclass - ok
11:49:11.0306 2092 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
11:49:11.0368 2092 kbdhid - ok
11:49:11.0468 2092 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
11:49:11.0508 2092 KSecDD - ok
11:49:11.0537 2092 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
11:49:11.0573 2092 KSecPkg - ok
11:49:11.0673 2092 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
11:49:11.0759 2092 lltdio - ok
11:49:11.0875 2092 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:49:11.0887 2092 LSI_FC - ok
11:49:11.0898 2092 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:49:11.0933 2092 LSI_SAS - ok
11:49:11.0954 2092 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:49:11.0983 2092 LSI_SAS2 - ok
11:49:11.0992 2092 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:49:12.0022 2092 LSI_SCSI - ok
11:49:12.0107 2092 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
11:49:12.0188 2092 luafv - ok
11:49:12.0278 2092 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
11:49:12.0313 2092 megasas - ok
11:49:12.0373 2092 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
11:49:12.0411 2092 MegaSR - ok
11:49:12.0471 2092 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
11:49:12.0560 2092 Modem - ok
11:49:12.0633 2092 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
11:49:12.0675 2092 monitor - ok
11:49:12.0738 2092 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
11:49:12.0771 2092 mouclass - ok
11:49:12.0834 2092 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
11:49:12.0919 2092 mouhid - ok
11:49:13.0062 2092 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
11:49:13.0129 2092 mountmgr - ok
11:49:13.0286 2092 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
11:49:13.0319 2092 mpio - ok
11:49:13.0389 2092 MpKsl0aba5425 - ok
11:49:13.0424 2092 MpKsl10db6195 - ok
11:49:13.0427 2092 MpKsl75ca995a - ok
11:49:13.0432 2092 MpKsl806e0269 - ok
11:49:13.0438 2092 MpKsl8e3e9a10 - ok
11:49:13.0443 2092 MpKsl9337ccf0 - ok
11:49:13.0520 2092 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
11:49:13.0624 2092 mpsdrv - ok
11:49:13.0695 2092 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
11:49:13.0811 2092 MRxDAV - ok
11:49:13.0875 2092 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:49:13.0992 2092 mrxsmb - ok
11:49:14.0089 2092 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:49:14.0137 2092 mrxsmb10 - ok
11:49:14.0228 2092 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:49:14.0268 2092 mrxsmb20 - ok
11:49:14.0301 2092 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
11:49:14.0334 2092 msahci - ok
11:49:14.0434 2092 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
11:49:14.0470 2092 msdsm - ok
11:49:14.0531 2092 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
11:49:14.0589 2092 Msfs - ok
11:49:14.0637 2092 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
11:49:14.0715 2092 mshidkmdf - ok
11:49:14.0781 2092 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
11:49:14.0810 2092 msisadrv - ok
11:49:14.0887 2092 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
11:49:14.0968 2092 MSKSSRV - ok
11:49:15.0034 2092 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
11:49:15.0119 2092 MSPCLOCK - ok
11:49:15.0216 2092 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
11:49:15.0304 2092 MSPQM - ok
11:49:15.0387 2092 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
11:49:15.0425 2092 MsRPC - ok
11:49:15.0464 2092 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
11:49:15.0487 2092 mssmbios - ok
11:49:15.0571 2092 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
11:49:15.0670 2092 MSTEE - ok
11:49:15.0737 2092 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
11:49:15.0823 2092 MTConfig - ok
11:49:15.0901 2092 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
11:49:15.0933 2092 Mup - ok
11:49:15.0997 2092 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
11:49:16.0065 2092 NativeWifiP - ok
11:49:16.0148 2092 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
11:49:16.0179 2092 NDIS - ok
11:49:16.0226 2092 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
11:49:16.0301 2092 NdisCap - ok
11:49:16.0356 2092 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
11:49:16.0437 2092 NdisTapi - ok
11:49:16.0518 2092 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
11:49:16.0600 2092 Ndisuio - ok
11:49:16.0673 2092 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
11:49:16.0723 2092 NdisWan - ok
11:49:16.0773 2092 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
11:49:16.0811 2092 NDProxy - ok
11:49:16.0875 2092 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
11:49:16.0964 2092 NetBIOS - ok
11:49:17.0103 2092 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
11:49:17.0157 2092 NetBT - ok
11:49:17.0234 2092 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
11:49:17.0273 2092 nfrd960 - ok
11:49:17.0356 2092 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
11:49:17.0459 2092 Npfs - ok
11:49:17.0523 2092 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
11:49:17.0595 2092 nsiproxy - ok
11:49:17.0689 2092 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
11:49:17.0762 2092 Ntfs - ok
11:49:17.0848 2092 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
11:49:17.0954 2092 Null - ok
11:49:18.0025 2092 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
11:49:18.0066 2092 nvraid - ok
11:49:18.0105 2092 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
11:49:18.0139 2092 nvstor - ok
11:49:18.0174 2092 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
11:49:18.0186 2092 nv_agp - ok
11:49:18.0247 2092 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
11:49:18.0311 2092 ohci1394 - ok
11:49:18.0383 2092 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
11:49:18.0428 2092 Parport - ok
11:49:18.0486 2092 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
11:49:18.0505 2092 partmgr - ok
11:49:18.0573 2092 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
11:49:18.0645 2092 Parvdm - ok
11:49:18.0722 2092 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
11:49:18.0754 2092 pci - ok
11:49:18.0806 2092 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
11:49:18.0836 2092 pciide - ok
11:49:18.0914 2092 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
11:49:18.0954 2092 pcmcia - ok
11:49:19.0017 2092 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
11:49:19.0050 2092 pcw - ok
11:49:19.0118 2092 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
11:49:19.0211 2092 PEAUTH - ok
11:49:19.0306 2092 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
11:49:19.0394 2092 PptpMiniport - ok
11:49:19.0514 2092 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
11:49:19.0589 2092 Processor - ok
11:49:19.0646 2092 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
11:49:19.0714 2092 Psched - ok
11:49:19.0809 2092 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
11:49:19.0833 2092 PxHelp20 - ok
11:49:19.0882 2092 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
11:49:19.0934 2092 ql2300 - ok
11:49:20.0029 2092 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
11:49:20.0079 2092 ql40xx - ok
11:49:20.0112 2092 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
11:49:20.0155 2092 QWAVEdrv - ok
11:49:20.0221 2092 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
11:49:20.0298 2092 RasAcd - ok
11:49:20.0345 2092 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:49:20.0387 2092 RasAgileVpn - ok
11:49:20.0461 2092 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:49:20.0528 2092 Rasl2tp - ok
11:49:20.0583 2092 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
11:49:20.0664 2092 RasPppoe - ok
11:49:20.0769 2092 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
11:49:20.0855 2092 RasSstp - ok
11:49:20.0954 2092 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
11:49:21.0019 2092 rdbss - ok
11:49:21.0064 2092 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
11:49:21.0104 2092 rdpbus - ok
11:49:21.0186 2092 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:49:21.0251 2092 RDPCDD - ok
11:49:21.0305 2092 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
11:49:21.0414 2092 RDPDR - ok
11:49:21.0485 2092 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
11:49:21.0551 2092 RDPENCDD - ok
11:49:21.0595 2092 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
11:49:21.0617 2092 RDPREFMP - ok
11:49:21.0643 2092 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
11:49:21.0751 2092 RdpVideoMiniport - ok
11:49:21.0832 2092 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
11:49:21.0914 2092 RDPWD - ok
11:49:21.0995 2092 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
11:49:22.0035 2092 rdyboost - ok
11:49:22.0103 2092 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
11:49:22.0145 2092 rspndr - ok
11:49:22.0215 2092 rt70x86 (1117f000f652723b8bece4b8dde29a8c) C:\Windows\system32\DRIVERS\netr70.sys
11:49:22.0640 2092 rt70x86 - ok
11:49:22.0735 2092 RTL8169 (2fc33077f85d7dc0d03678c06d43898c) C:\Windows\system32\DRIVERS\Rtlh86.sys
11:49:22.0870 2092 RTL8169 - ok
11:49:22.0949 2092 RtNdPt60 (7f8d15ee000577be703537849d4f9397) C:\Windows\system32\DRIVERS\RtNdPt60.sys
11:49:23.0046 2092 RtNdPt60 - ok
11:49:23.0068 2092 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
11:49:23.0184 2092 s3cap - ok
11:49:23.0268 2092 sbapifs (a0bb2fb6749e357d4342e1eabaaea79e) C:\Windows\system32\DRIVERS\sbapifs.sys
11:49:23.0284 2092 sbapifs - ok
11:49:23.0397 2092 SbFw (86611af933b69798b580576adad2cea5) C:\Windows\system32\drivers\SbFw.sys
11:49:23.0431 2092 SbFw - ok
11:49:23.0465 2092 SBFWIMCL (1dcad90cc9c0ddc7d060fd97854f8518) C:\Windows\system32\DRIVERS\sbfwim.sys
11:49:23.0479 2092 SBFWIMCL - ok
11:49:23.0539 2092 SBFWIMCLMP (1dcad90cc9c0ddc7d060fd97854f8518) C:\Windows\system32\DRIVERS\SBFWIM.sys
11:49:23.0551 2092 SBFWIMCLMP - ok
11:49:23.0586 2092 SbHips (2b5798dcb705eed80231d37688788e09) C:\Windows\system32\drivers\sbhips.sys
11:49:23.0623 2092 SbHips - ok
11:49:23.0652 2092 SBKUPNT (729248b54aff21e740054acebfdbcb1c) C:\Windows\system32\Drivers\SBKUPNT.SYS
11:49:23.0709 2092 SBKUPNT ( UnsignedFile.Multi.Generic ) - warning
11:49:23.0709 2092 SBKUPNT - detected UnsignedFile.Multi.Generic (1)
11:49:23.0812 2092 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
11:49:23.0853 2092 sbp2port - ok
11:49:23.0903 2092 SBRE (1fd538c4feb36b793d2121f20bbdc16f) C:\Windows\system32\drivers\SBREdrv.sys
11:49:23.0942 2092 SBRE - ok
11:49:23.0999 2092 sbwtis (e94334aad501bb93275c0bcd92ddd3a6) C:\Windows\system32\DRIVERS\sbwtis.sys
11:49:24.0033 2092 sbwtis - ok
11:49:24.0068 2092 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
11:49:24.0108 2092 scfilter - ok
11:49:24.0158 2092 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
11:49:24.0242 2092 secdrv - ok
11:49:24.0321 2092 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
11:49:24.0359 2092 Serenum - ok
11:49:24.0423 2092 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
11:49:24.0533 2092 Serial - ok
11:49:24.0598 2092 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
11:49:24.0666 2092 sermouse - ok
11:49:24.0748 2092 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
11:49:24.0822 2092 sffdisk - ok
11:49:24.0888 2092 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
11:49:24.0928 2092 sffp_mmc - ok
11:49:24.0979 2092 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
11:49:25.0046 2092 sffp_sd - ok
11:49:25.0124 2092 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
11:49:25.0187 2092 sfloppy - ok
11:49:25.0291 2092 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
11:49:25.0334 2092 sisagp - ok
11:49:25.0368 2092 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:49:25.0404 2092 SiSRaid2 - ok
11:49:25.0491 2092 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
11:49:25.0526 2092 SiSRaid4 - ok
11:49:25.0553 2092 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
11:49:25.0591 2092 Smb - ok
11:49:25.0687 2092 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
11:49:25.0724 2092 spldr - ok
11:49:25.0778 2092 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
11:49:25.0897 2092 srv - ok
11:49:25.0985 2092 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
11:49:26.0065 2092 srv2 - ok
11:49:26.0136 2092 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
11:49:26.0207 2092 srvnet - ok
11:49:26.0283 2092 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
11:49:26.0312 2092 stexstor - ok
11:49:26.0357 2092 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
11:49:26.0396 2092 storflt - ok
11:49:26.0417 2092 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
11:49:26.0448 2092 storvsc - ok
11:49:26.0500 2092 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
11:49:26.0534 2092 swenum - ok
11:49:26.0584 2092 Synth3dVsc - ok
11:49:26.0640 2092 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
11:49:26.0710 2092 Tcpip - ok
11:49:26.0768 2092 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
11:49:26.0801 2092 TCPIP6 - ok
11:49:26.0853 2092 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
11:49:26.0924 2092 tcpipreg - ok
11:49:26.0967 2092 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
11:49:27.0046 2092 TDPIPE - ok
11:49:27.0123 2092 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
11:49:27.0195 2092 TDTCP - ok
11:49:27.0257 2092 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
11:49:27.0338 2092 tdx - ok
11:49:27.0423 2092 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
11:49:27.0443 2092 TermDD - ok
11:49:27.0536 2092 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:49:27.0613 2092 tssecsrv - ok
11:49:27.0691 2092 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
11:49:27.0788 2092 TsUsbFlt - ok
11:49:27.0819 2092 tsusbhub - ok
11:49:27.0895 2092 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
11:49:27.0925 2092 TuneUpUtilitiesDrv - ok
11:49:28.0004 2092 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
11:49:28.0085 2092 tunnel - ok
11:49:28.0144 2092 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
11:49:28.0177 2092 uagp35 - ok
11:49:28.0244 2092 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
11:49:28.0332 2092 udfs - ok
11:49:28.0412 2092 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
11:49:28.0441 2092 uliagpkx - ok
11:49:28.0491 2092 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
11:49:28.0559 2092 umbus - ok
11:49:28.0618 2092 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
11:49:28.0690 2092 UmPass - ok
11:49:28.0772 2092 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
11:49:28.0832 2092 USBAAPL - ok
11:49:28.0912 2092 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
11:49:28.0956 2092 usbaudio - ok
11:49:28.0986 2092 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
11:49:29.0086 2092 usbccgp - ok
11:49:29.0159 2092 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
11:49:29.0201 2092 usbcir - ok
11:49:29.0242 2092 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
11:49:29.0303 2092 usbehci - ok
11:49:29.0400 2092 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
11:49:29.0425 2092 usbhub - ok
11:49:29.0455 2092 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
11:49:29.0537 2092 usbohci - ok
11:49:29.0640 2092 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
11:49:29.0706 2092 usbprint - ok
11:49:29.0782 2092 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:49:29.0893 2092 USBSTOR - ok
11:49:29.0958 2092 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
11:49:30.0020 2092 usbuhci - ok
11:49:30.0102 2092 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
11:49:30.0131 2092 vdrvroot - ok
11:49:30.0191 2092 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
11:49:30.0258 2092 vga - ok
11:49:30.0322 2092 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
11:49:30.0377 2092 VgaSave - ok
11:49:30.0416 2092 VGPU - ok
11:49:30.0450 2092 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
11:49:30.0490 2092 vhdmp - ok
11:49:30.0547 2092 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
11:49:30.0580 2092 viaagp - ok
11:49:30.0636 2092 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
11:49:30.0703 2092 ViaC7 - ok
11:49:30.0782 2092 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
11:49:30.0806 2092 viaide - ok
11:49:30.0852 2092 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
11:49:30.0888 2092 vmbus - ok
11:49:30.0947 2092 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
11:49:31.0011 2092 VMBusHID - ok
11:49:31.0081 2092 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
11:49:31.0133 2092 volmgr - ok
11:49:31.0207 2092 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
11:49:31.0222 2092 volmgrx - ok
11:49:31.0280 2092 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
11:49:31.0295 2092 volsnap - ok
11:49:31.0342 2092 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
11:49:31.0360 2092 vsmraid - ok
11:49:31.0420 2092 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
11:49:31.0489 2092 vwifibus - ok
11:49:31.0567 2092 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
11:49:31.0623 2092 WacomPen - ok
11:49:31.0694 2092 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
11:49:31.0773 2092 WANARP - ok
11:49:31.0779 2092 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
11:49:31.0804 2092 Wanarpv6 - ok
11:49:31.0885 2092 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
11:49:31.0902 2092 Wd - ok
11:49:31.0964 2092 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
11:49:32.0008 2092 Wdf01000 - ok
11:49:32.0062 2092 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
11:49:32.0108 2092 WfpLwf - ok
11:49:32.0153 2092 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
11:49:32.0179 2092 WIMMount - ok
11:49:32.0246 2092 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
11:49:32.0359 2092 WinUsb - ok
11:49:32.0466 2092 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
11:49:32.0528 2092 WmiAcpi - ok
11:49:32.0575 2092 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
11:49:32.0663 2092 ws2ifsl - ok
11:49:32.0771 2092 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
11:49:32.0867 2092 WudfPf - ok
11:49:32.0963 2092 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:49:33.0044 2092 WUDFRd - ok
11:49:33.0088 2092 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:49:33.0214 2092 \Device\Harddisk0\DR0 - ok
11:49:33.0217 2092 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
11:49:33.0314 2092 \Device\Harddisk1\DR1 - ok
11:49:33.0319 2092 MBR (0x1B8) (8ff255184f078c9c04e6a2ce66117c5c) \Device\Harddisk2\DR2
11:49:33.0416 2092 \Device\Harddisk2\DR2 - ok
11:49:33.0421 2092 MBR (0x1B8) (35c6b2fcde68facbefe0a4a7200bae58) \Device\Harddisk3\DR3
11:49:35.0473 2092 \Device\Harddisk3\DR3 - ok
11:49:35.0479 2092 MBR (0x1B8) (35c6b2fcde68facbefe0a4a7200bae58) \Device\Harddisk5\DR8
11:49:37.0498 2092 \Device\Harddisk5\DR8 - ok
11:49:37.0503 2092 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk6\DR6
11:49:38.0072 2092 \Device\Harddisk6\DR6 - ok
11:49:38.0089 2092 Boot (0x1200) (c39116f593ad5d5ee397814cee4c2484) \Device\Harddisk0\DR0\Partition0
11:49:38.0089 2092 \Device\Harddisk0\DR0\Partition0 - ok
11:49:38.0093 2092 Boot (0x1200) (2ab9b13eb290d9b67855647d8c8b3997) \Device\Harddisk0\DR0\Partition1
11:49:38.0093 2092 \Device\Harddisk0\DR0\Partition1 - ok
11:49:38.0099 2092 Boot (0x1200) (d42f8af7051a81cfcae71eddf91bed5d) \Device\Harddisk1\DR1\Partition0
11:49:38.0100 2092 \Device\Harddisk1\DR1\Partition0 - ok
11:49:38.0104 2092 Boot (0x1200) (d210e3d1f7a17bef8e6b692f6bc47595) \Device\Harddisk2\DR2\Partition0
11:49:38.0106 2092 \Device\Harddisk2\DR2\Partition0 - ok
11:49:38.0110 2092 Boot (0x1200) (827c3dc8236326cface2ef3c7535bd0f) \Device\Harddisk3\DR3\Partition0
11:49:38.0112 2092 \Device\Harddisk3\DR3\Partition0 - ok
11:49:38.0116 2092 Boot (0x1200) (07fbd4d87266799c2b643eb78a692aec) \Device\Harddisk5\DR8\Partition0
11:49:38.0117 2092 \Device\Harddisk5\DR8\Partition0 - ok
11:49:38.0121 2092 Boot (0x1200) (bec5a26923a467a5a2ed44f76683b480) \Device\Harddisk6\DR6\Partition0
11:49:38.0124 2092 \Device\Harddisk6\DR6\Partition0 - ok
11:49:38.0124 2092 ============================================================
11:49:38.0124 2092 Scan finished
11:49:38.0124 2092 ============================================================
11:49:38.0138 1508 Detected object count: 1
11:49:38.0138 1508 Actual detected object count: 1
11:49:49.0565 1508 SBKUPNT ( UnsignedFile.Multi.Generic ) - skipped by user
11:49:49.0565 1508 SBKUPNT ( UnsignedFile.Multi.Generic ) - User select action: Skip

#9 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:05 AM

Posted 04 February 2012 - 08:42 AM

Hi!

Those logs look fine.

Please run these scans for me:


Running aswMBR.exe

Download aswMBR.exe (4.5mb) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image



NEXT:


Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#10 andrewsaputo

andrewsaputo
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Eugene Oregon
  • Local time:06:05 AM

Posted 04 February 2012 - 04:09 PM

Here is the aswMbr Log

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-04 09:39:21
-----------------------------
09:39:21.862 OS Version: Windows 6.1.7601 Service Pack 1
09:39:21.863 Number of processors: 2 586 0x170A
09:39:21.865 ComputerName: HURLEY UserName:
09:39:24.021 Initialize success
09:39:53.258 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:39:53.261 Disk 0 Vendor: Hitachi_ GM2O Size: 238418MB BusType: 3
09:39:53.264 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
09:39:53.267 Disk 1 Vendor: ST350032 SD1A Size: 476940MB BusType: 3
09:39:53.299 Disk 0 MBR read successfully
09:39:53.303 Disk 0 MBR scan
09:39:53.307 Disk 0 Windows 7 default MBR code
09:39:53.312 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
09:39:53.324 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 112640
09:39:53.343 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 228122 MB offset 21084160
09:39:53.349 Disk 0 scanning sectors +488278016
09:39:53.427 Disk 0 scanning C:\Windows\system32\drivers
09:40:01.177 Service scanning
09:40:02.995 Modules scanning
09:40:14.811 Disk 0 trace - called modules:
09:40:14.854 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
09:40:14.859 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8655a060]
09:40:14.866 3 CLASSPNP.SYS[894bf59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85738028]
09:40:14.873 Scan finished successfully
09:40:21.136 Disk 0 MBR has been saved successfully to "C:\Users\Andrew Saputo\Desktop\MBR.dat"
09:40:21.141 The log file has been saved successfully to "C:\Users\Andrew Saputo\Desktop\aswMBR.txt"

Here is the Malwarebytes Log

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.04.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Andrew Saputo :: HURLEY [administrator]

2/4/2012 9:45:28 AM
mbam-log-2012-02-04 (09-45-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214025
Time elapsed: 7 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Here is the ESETScan Log

C:\ProgramData\VistaCodecs\{AEBE7C7C-6FE6-4AFB-B38E-6919361DF949}\Vista Codec Package.msi Win32/Packed.Autoit.C.Gen application
C:\TDSSKiller_Quarantine\30.01.2012_12.28.51\mbr0000\tdlfs0000\tsk0011.dta a variant of Win32/Olmasco.Q trojan
C:\Users\All Users\VistaCodecs\{AEBE7C7C-6FE6-4AFB-B38E-6919361DF949}\Vista Codec Package.msi Win32/Packed.Autoit.C.Gen application
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\649e4dc0-4610a4f0 probably a variant of Java/TrojanDownloader.Agent.NCT trojan
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\532f4a01-25849662 Java/Agent.CK trojan
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\6b1e720a-40434ead Java/Agent.BV trojan
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\48c68542-37aeefca a variant of Java/TrojanDownloader.OpenStream.NCI trojan
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\4ec49a58-3a86fbd7 Java/Agent.BV trojan
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\77aee51b-4448574f a variant of Java/TrojanDownloader.OpenStream.NCE trojan
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\77aee51b-6bfd5344 a variant of Java/TrojanDownloader.OpenStream.NCE trojan
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\67d4379c-339f9d01 a variant of Win32/Kryptik.ZRY trojan
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\5422c5e1-16241c8e a variant of Java/TrojanDownloader.OpenStream.NBE trojan
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\5422c5e1-3f6b2a26 a variant of Java/TrojanDownloader.OpenStream.NBE trojan
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\5422c5e1-5e14d5cb a variant of Java/TrojanDownloader.OpenStream.NBE trojan
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\5422c5e1-644af5cc a variant of Java/TrojanDownloader.OpenStream.NBE trojan
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\5422c5e1-7694f277 a variant of Java/TrojanDownloader.OpenStream.NBE trojan
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\5422c5e1-7f083df1 a variant of Java/TrojanDownloader.OpenStream.NBE trojan
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\323c05a3-3de6d0ae Java/TrojanDownloader.OpenStream.NCE trojan
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\2ef758e6-62c4eef3 Java/Agent.BV trojan
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\7a052e27-2ace4847 multiple threats
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\316f34ee-6a533b62 probably a variant of Java/Agent.BR trojan
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\d126230-399e0e36 Java/Agent.BV trojan
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\7baf0ab2-79fdfdf2 a variant of Java/Agent.BR trojan
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\759fac34-450f03c9 Java/Agent.BV trojan
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\2cd50f76-7f6ea6d7 Java/Agent.BV trojan
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\5380c53a-4287e1c0 Java/Agent.BV trojan
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\f6aebc6-2dd925ad a variant of Java/Agent.BR trojan
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\1d87cc08-4baec865 probably a variant of Java/Agent.BR trojan
C:\Users\Andrew Saputo\Documents\Andrew's Personal Docs\Trojan Problem\gamebooster.exe a variant of Win32/Toolbar.Widgi application
C:\Users\Andrew Saputo\Documents\Andrew's Personal Docs\USB Stuff\Setup Files That will Help\gamebooster.exe a variant of Win32/Toolbar.Widgi application

Here is Security Check Log

Results of screen317's Security Check version 0.99.30
Windows 7 Service Pack 1 x86 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

TuneUp Utilities 2011
TuneUp Utilities Language Pack (en-US)
TuneUp Utilities 2011
CCleaner
Java™ 6 Update 22
Java version out of date!
Adobe Flash Player 11.1.102.55
Adobe Reader X (10.1.2)
Mozilla Firefox 10.0. Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

#11 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:05 AM

Posted 05 February 2012 - 07:23 AM

Hi!

Your aswMBR log looks good.

I believe these two threats below that were found by ESET were detected because of the way that these files are packed into the installation file.

C:\ProgramData\VistaCodecs\{AEBE7C7C-6FE6-4AFB-B38E-6919361DF949}\Vista Codec Package.msi Win32/Packed.Autoit.C.Gen application
C:\Users\All Users\VistaCodecs\{AEBE7C7C-6FE6-4AFB-B38E-6919361DF949}\Vista Codec Package.msi Win32/Packed.Autoit.C.Gen application


These threat(s) below are currently in Quarantine/System Restore and shall be removed when we clean up our tools later on.

C:\TDSSKiller_Quarantine\30.01.2012_12.28.51\mbr0000\tdlfs0000\tsk0011.dta a variant of Win32/Olmasco.Q trojan


It looks like these two threats below were detected becuase the installation file for them includes a toolbar. I am not going to remove these. If you want me to remove them for you, let me know.

C:\Users\Andrew Saputo\Documents\Andrew's Personal Docs\Trojan Problem\gamebooster.exe a variant of Win32/Toolbar.Widgi application
C:\Users\Andrew Saputo\Documents\Andrew's Personal Docs\USB Stuff\Setup Files That will Help\gamebooster.exe a variant of Win32/Toolbar.Widgi application



These threat(s) below will be removed very shortly:

C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\649e4dc0-4610a4f0 probably a variant of Java/TrojanDownloader.Agent.NCT trojan
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\532f4a01-25849662 Java/Agent.CK trojan
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\6b1e720a-40434ead Java/Agent.BV trojan
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\48c68542-37aeefca a variant of Java/TrojanDownloader.OpenStream.NCI trojan
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\4ec49a58-3a86fbd7 Java/Agent.BV trojan
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\77aee51b-4448574f a variant of Java/TrojanDownloader.OpenStream.NCE trojan
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\77aee51b-6bfd5344 a variant of Java/TrojanDownloader.OpenStream.NCE trojan
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\67d4379c-339f9d01 a variant of Win32/Kryptik.ZRY trojan
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\5422c5e1-16241c8e a variant of Java/TrojanDownloader.OpenStream.NBE trojan
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\5422c5e1-3f6b2a26 a variant of Java/TrojanDownloader.OpenStream.NBE trojan
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\5422c5e1-5e14d5cb a variant of Java/TrojanDownloader.OpenStream.NBE trojan
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\5422c5e1-644af5cc a variant of Java/TrojanDownloader.OpenStream.NBE trojan
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\5422c5e1-7694f277 a variant of Java/TrojanDownloader.OpenStream.NBE trojan
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\5422c5e1-7f083df1 a variant of Java/TrojanDownloader.OpenStream.NBE trojan
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\323c05a3-3de6d0ae Java/TrojanDownloader.OpenStream.NCE trojan
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\2ef758e6-62c4eef3 Java/Agent.BV trojan
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\7a052e27-2ace4847 multiple threats
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\316f34ee-6a533b62 probably a variant of Java/Agent.BR trojan
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\d126230-399e0e36 Java/Agent.BV trojan
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\7baf0ab2-79fdfdf2 a variant of Java/Agent.BR trojan
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\759fac34-450f03c9 Java/Agent.BV trojan
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\2cd50f76-7f6ea6d7 Java/Agent.BV trojan
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\5380c53a-4287e1c0 Java/Agent.BV trojan
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\f6aebc6-2dd925ad a variant of Java/Agent.BR trojan
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\1d87cc08-4baec865 probably a variant of Java/Agent.BR trojan


____________________________________________________

From the looks of your SecurityCheck log, I can see that we have some outdated programs that need to be updated.

Lets address those programs that need updating now!

Java Outdated

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform:
    • 32-bit Select: Windows x86 Offline.
    • 64-bit Select: Windows x64.
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u2-windows-i586-s.exe (or jre-7u2-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


NEXT


OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    
    :Reg
    
    :Files
    C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\649e4dc0-4610a4f0
    C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\532f4a01-25849662
    C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\6b1e720a-40434ead
    C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\48c68542-37aeefca
    C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\4ec49a58-3a86fbd7
    C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\77aee51b-4448574f
    C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\77aee51b-6bfd5344
    C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\67d4379c-339f9d01
    C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\5422c5e1-16241c8e
    C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\5422c5e1-3f6b2a26
    C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\5422c5e1-5e14d5cb
    C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\5422c5e1-644af5cc
    C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\5422c5e1-7694f277
    C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\5422c5e1-7f083df1
    C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\323c05a3-3de6d0ae
    C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\2ef758e6-62c4eef3
    C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\7a052e27-2ace4847
    C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\316f34ee-6a533b62
    C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\d126230-399e0e36
    C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\7baf0ab2-79fdfdf2
    C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\759fac34-450f03c9
    C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\2cd50f76-7f6ea6d7
    C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\5380c53a-4287e1c0
    C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\f6aebc6-2dd925ad
    C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\1d87cc08-4baec865
    C:\TDSSKiller_Quarantine\
    :Commands
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.


    netsvcs
    drivers32
    hklm\software\clients\startmenuinternet|command /rs
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push the Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



What outstanding issues (if any) are you still experiencing with your computer?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#12 andrewsaputo

andrewsaputo
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Eugene Oregon
  • Local time:06:05 AM

Posted 05 February 2012 - 11:20 PM

Well, I'm not experiencing any more issues at the moment. Here are the logs.

First Log:

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\649e4dc0-4610a4f0 moved successfully.
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\532f4a01-25849662 moved successfully.
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\6b1e720a-40434ead moved successfully.
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\48c68542-37aeefca moved successfully.
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\4ec49a58-3a86fbd7 moved successfully.
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\77aee51b-4448574f moved successfully.
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\77aee51b-6bfd5344 moved successfully.
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\67d4379c-339f9d01 moved successfully.
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\5422c5e1-16241c8e moved successfully.
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\5422c5e1-3f6b2a26 moved successfully.
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\5422c5e1-5e14d5cb moved successfully.
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\5422c5e1-644af5cc moved successfully.
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\5422c5e1-7694f277 moved successfully.
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\5422c5e1-7f083df1 moved successfully.
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\323c05a3-3de6d0ae moved successfully.
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\2ef758e6-62c4eef3 moved successfully.
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\7a052e27-2ace4847 moved successfully.
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\316f34ee-6a533b62 moved successfully.
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\d126230-399e0e36 moved successfully.
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\7baf0ab2-79fdfdf2 moved successfully.
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\759fac34-450f03c9 moved successfully.
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\2cd50f76-7f6ea6d7 moved successfully.
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\5380c53a-4287e1c0 moved successfully.
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\f6aebc6-2dd925ad moved successfully.
C:\Users\Andrew Saputo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\1d87cc08-4baec865 moved successfully.
C:\TDSSKiller_Quarantine\30.01.2012_12.28.51\mbr0000\tdlfs0000 folder moved successfully.
C:\TDSSKiller_Quarantine\30.01.2012_12.28.51\mbr0000\mbr0000 folder moved successfully.
C:\TDSSKiller_Quarantine\30.01.2012_12.28.51\mbr0000 folder moved successfully.
C:\TDSSKiller_Quarantine\30.01.2012_12.28.51 folder moved successfully.
C:\TDSSKiller_Quarantine folder moved successfully.
========== COMMANDS ==========


[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 25813897 bytes
->FireFox cache emptied: 43698440 bytes
->Flash cache emptied: 510 bytes

User: All Users

User: Andrew Saputo
->Temp folder emptied: 2849128 bytes
->Temporary Internet Files folder emptied: 30798301 bytes
->Java cache emptied: 70461686 bytes
->FireFox cache emptied: 743489802 bytes
->Flash cache emptied: 14273 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56543 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 84 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 271970 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 875.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Andrew Saputo
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Mcx1
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Administrator
->Java cache emptied: 0 bytes

User: All Users

User: Andrew Saputo
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Mcx1

User: Public

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 02052012_200351

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Second Log

OTL logfile created on: 2/5/2012 8:12:12 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Andrew Saputo\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.92% Memory free
3.93 Gb Paging File | 2.93 Gb Available in Paging File | 74.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 26.18 Gb Free Space | 11.75% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.70 Gb Free Space | 46.99% Space Free | Partition Type: NTFS
Drive H: | 465.76 Gb Total Space | 47.09 Gb Free Space | 10.11% Space Free | Partition Type: NTFS
Drive I: | 698.64 Gb Total Space | 71.68 Gb Free Space | 10.26% Space Free | Partition Type: NTFS
Drive J: | 931.51 Gb Total Space | 843.26 Gb Free Space | 90.53% Space Free | Partition Type: NTFS
Drive K: | 74.53 Gb Total Space | 11.03 Gb Free Space | 14.80% Space Free | Partition Type: NTFS

Computer Name: HURLEY | User Name: Andrew Saputo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/02 15:59:30 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/02/02 10:34:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew Saputo\Desktop\OTL.exe
PRC - [2012/01/31 21:31:32 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.99\GoogleCrashHandler.exe
PRC - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/01 01:03:54 | 003,045,744 | ---- | M] (GFI Software) -- C:\Program Files\GFI Software\VIPRE\SBAMTray.exe
PRC - [2011/11/01 00:41:20 | 003,287,472 | ---- | M] (GFI Software) -- C:\Program Files\GFI Software\VIPRE\SBAMSvc.exe
PRC - [2011/11/01 00:41:00 | 000,173,424 | ---- | M] (GFI Software) -- C:\Program Files\GFI Software\VIPRE\SBPIMSvc.exe
PRC - [2011/04/21 15:54:38 | 000,352,656 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/04/13 23:02:36 | 000,161,336 | ---- | M] (Google) -- C:\Users\Andrew Saputo\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/23 08:15:38 | 000,645,952 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2010/11/23 08:13:50 | 001,483,072 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2010/11/20 04:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/05/25 05:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/02 15:59:29 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/19 15:38:55 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/01 00:41:20 | 003,287,472 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files\GFI Software\VIPRE\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/11/01 00:41:00 | 000,173,424 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files\GFI Software\VIPRE\SBPIMSvc.exe -- (SBPIMSvc)
SRV - [2011/06/13 12:33:01 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/04/21 15:54:38 | 000,352,656 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2010/11/23 08:13:50 | 001,483,072 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/11/23 08:11:36 | 000,029,504 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009/12/22 02:13:43 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 17:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 17:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/12/04 09:00:26 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV - [2012/01/26 16:48:06 | 000,091,936 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP)
DRV - [2011/11/01 00:08:14 | 000,093,816 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sbhips.sys -- (SbHips)
DRV - [2011/11/01 00:08:14 | 000,072,312 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\sbwtis.sys -- (sbwtis)
DRV - [2011/11/01 00:08:12 | 000,223,864 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SbFw.sys -- (SbFw)
DRV - [2011/10/26 15:40:02 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/09/29 13:19:02 | 000,094,584 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV - [2011/09/29 13:19:02 | 000,094,584 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2011/09/09 10:10:40 | 000,077,816 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2010/11/20 04:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 04:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 04:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 02:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 02:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 01:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 01:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 01:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/07 13:34:32 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/07/13 15:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 14:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/02/26 10:11:02 | 000,299,520 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr70.sys -- (rt70x86)
DRV - [2008/08/26 09:55:14 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/08/18 23:03:28 | 000,079,960 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
DRV - [2008/08/18 23:02:56 | 000,027,648 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV - [2008/08/18 22:59:30 | 000,122,368 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/06/30 04:10:54 | 000,738,304 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\A3ABv.sys -- (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB)
DRV - [2001/07/13 12:56:14 | 000,014,976 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SBKUPNT.SYS -- (SBKUPNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:6.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8
FF - prefs.js..extensions.enabledItems: {fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3}:5.1.0.26


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer,version=1.18.6: C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin,version=6.1.5.22: C:\Program Files\Musicnotes\npsibelius.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Andrew Saputo\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Andrew Saputo\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Andrew Saputo\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Andrew Saputo\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Andrew Saputo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/02 15:59:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/05 20:00:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Andrew Saputo\AppData\Roaming\IDM\idmmzcc5 [2012/01/31 12:36:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Andrew Saputo\AppData\Roaming\IDM\idmmzcc5 [2012/01/31 12:36:29 | 000,000,000 | ---D | M]

[2009/12/10 01:49:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrew Saputo\AppData\Roaming\Mozilla\Extensions
[2012/01/31 13:03:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrew Saputo\AppData\Roaming\Mozilla\Firefox\Profiles\6gi2yah6.default\extensions
[2012/01/30 12:08:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Andrew Saputo\AppData\Roaming\Mozilla\Firefox\Profiles\6gi2yah6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/30 12:08:22 | 000,000,000 | ---D | M] (Diigo Toolbar) -- C:\Users\Andrew Saputo\AppData\Roaming\Mozilla\Firefox\Profiles\6gi2yah6.default\extensions\{fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3}
[2012/02/05 19:53:25 | 000,002,533 | ---- | M] () -- C:\Users\Andrew Saputo\AppData\Roaming\Mozilla\Firefox\Profiles\6gi2yah6.default\searchplugins\diigo--google.xml
[2010/09/03 16:39:11 | 000,001,710 | ---- | M] () -- C:\Users\Andrew Saputo\AppData\Roaming\Mozilla\Firefox\Profiles\6gi2yah6.default\searchplugins\goodsearch.xml
[2011/11/09 17:51:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/31 12:36:29 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\ANDREW SAPUTO\APPDATA\ROAMING\IDM\IDMMZCC5
() (No name found) -- C:\USERS\ANDREW SAPUTO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6GI2YAH6.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/02/02 15:59:30 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/04 19:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/04 19:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/01/30 18:08:25 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [SBAMTray] C:\Program Files\GFI Software\VIPRE\SBAMTray.exe (GFI Software)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.69.150 68.87.85.102
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F6E6535-4CF7-484F-884D-44FFA3CB735A}: DhcpNameServer = 68.87.69.146 68.87.85.98
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E27B521A-A228-42E5-9F71-9DF439C9A51E}: DhcpNameServer = 68.87.69.150 68.87.85.102
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O24 - Desktop WallPaper: C:\Users\Andrew Saputo\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Andrew Saputo\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/04/04 01:39:00 | 000,000,000 | RH-D | M] - J:\autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2012/02/05 20:03:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/05 20:00:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/02/04 10:01:19 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/02/04 10:00:12 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Andrew Saputo\Desktop\esetsmartinstaller_enu.exe
[2012/02/04 09:38:09 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\Andrew Saputo\Desktop\aswMBR.exe
[2012/02/02 17:07:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2012/02/02 17:05:54 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2012/02/02 10:34:51 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Andrew Saputo\Desktop\OTL.exe
[2012/02/02 10:29:46 | 002,059,312 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Andrew Saputo\Desktop\tdsskiller.exe
[2012/01/31 10:56:43 | 000,000,000 | ---D | C] -- C:\Windows\TEMP
[2012/01/30 18:13:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/30 18:06:08 | 000,000,000 | ---D | C] -- C:\Users\Andrew Saputo\AppData\Local\temp
[2012/01/30 17:48:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/30 17:48:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/30 17:48:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/30 17:48:16 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/30 17:48:15 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/01/30 17:48:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/30 12:36:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/30 12:36:29 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/01/30 12:36:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/26 05:42:01 | 000,091,936 | ---- | C] (Tonec Inc.) -- C:\Windows\System32\drivers\idmwfp.sys
[2012/01/13 13:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\PDF Writer
[2012/01/13 13:12:02 | 000,000,000 | ---D | C] -- C:\Users\Andrew Saputo\AppData\Roaming\PDF Writer
[2012/01/13 13:12:02 | 000,000,000 | ---D | C] -- C:\Users\Andrew Saputo\AppData\Local\PDF Writer
[2012/01/13 13:09:19 | 000,227,840 | ---- | C] (Bullzip) -- C:\Windows\System32\bzFlRdr.dll
[2012/01/13 13:09:19 | 000,103,424 | ---- | C] (Bullzip) -- C:\Windows\System32\bzDCT.dll
[2012/01/13 13:09:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bullzip
[2012/01/13 13:09:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bullzip
[2012/01/13 13:09:18 | 000,135,168 | ---- | C] (Bullzip) -- C:\Windows\System32\bzpdfc.dll
[2012/01/13 13:09:16 | 000,196,608 | ---- | C] (Bullzip) -- C:\Windows\System32\bzpdf.dll
[2012/01/13 13:09:11 | 000,000,000 | ---D | C] -- C:\Program Files\Bullzip
[2012/01/12 13:56:07 | 000,000,000 | ---D | C] -- C:\Users\Andrew Saputo\Desktop\Sublist Stuff & Transcripts
[2012/01/12 13:25:48 | 000,000,000 | ---D | C] -- C:\Users\Andrew Saputo\Desktop\Curbside & Phone Pics
[2010/08/25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[1 C:\Users\Andrew Saputo\Desktop\*.tmp files -> C:\Users\Andrew Saputo\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/05 20:15:40 | 000,015,280 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/05 20:15:40 | 000,015,280 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/05 20:09:22 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/05 20:08:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/05 19:36:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/04 18:23:12 | 134,661,516 | ---- | M] () -- C:\Users\Andrew Saputo\Desktop\DSC_0011.MOV
[2012/02/04 18:22:56 | 007,186,572 | ---- | M] () -- C:\Users\Andrew Saputo\Desktop\DSC_0010.JPG
[2012/02/04 18:22:46 | 007,166,976 | ---- | M] () -- C:\Users\Andrew Saputo\Desktop\DSC_0009.JPG
[2012/02/04 18:22:36 | 007,910,272 | ---- | M] () -- C:\Users\Andrew Saputo\Desktop\DSC_0008.JPG
[2012/02/04 18:21:58 | 007,214,347 | ---- | M] () -- C:\Users\Andrew Saputo\Desktop\DSC_0007.JPG
[2012/02/04 18:21:48 | 006,245,615 | ---- | M] () -- C:\Users\Andrew Saputo\Desktop\DSC_0006.JPG
[2012/02/04 18:21:30 | 006,384,980 | ---- | M] () -- C:\Users\Andrew Saputo\Desktop\DSC_0005.JPG
[2012/02/04 18:21:04 | 007,449,427 | ---- | M] () -- C:\Users\Andrew Saputo\Desktop\DSC_0004.JPG
[2012/02/04 18:18:10 | 006,517,434 | ---- | M] () -- C:\Users\Andrew Saputo\Desktop\DSC_0003.JPG
[2012/02/04 18:16:44 | 006,771,161 | ---- | M] () -- C:\Users\Andrew Saputo\Desktop\DSC_0002.JPG
[2012/02/04 18:16:24 | 007,173,175 | ---- | M] () -- C:\Users\Andrew Saputo\Desktop\DSC_0001.JPG
[2012/02/04 16:00:28 | 000,019,030 | ---- | M] () -- C:\Windows\System32\FirewallConfig.xml
[2012/02/04 10:03:08 | 000,879,683 | ---- | M] () -- C:\Users\Andrew Saputo\Desktop\SecurityCheck.exe
[2012/02/04 10:00:16 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Andrew Saputo\Desktop\esetsmartinstaller_enu.exe
[2012/02/04 09:43:15 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/04 09:40:21 | 000,000,512 | ---- | M] () -- C:\Users\Andrew Saputo\Desktop\MBR.dat
[2012/02/04 09:38:19 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Andrew Saputo\Desktop\aswMBR.exe
[2012/02/03 15:24:13 | 000,169,591 | ---- | M] () -- C:\Users\Andrew Saputo\Desktop\StatementPdf.pdf.pdf
[2012/02/03 15:23:45 | 000,169,048 | ---- | M] () -- C:\Users\Andrew Saputo\Desktop\StatementPdf.pdf
[2012/02/02 16:07:13 | 000,626,844 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/02 16:07:13 | 000,107,160 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/02 10:34:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew Saputo\Desktop\OTL.exe
[2012/02/02 10:33:07 | 000,335,515 | ---- | M] () -- C:\Users\Andrew Saputo\Desktop\FSS.exe
[2012/02/02 10:29:55 | 002,059,312 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Andrew Saputo\Desktop\tdsskiller.exe
[2012/01/30 18:08:25 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/01/30 17:58:53 | 000,000,228 | ---- | M] () -- C:\Windows\tasks\TuneUpUtilities_Task_BkGndMaintenance2011.job
[2012/01/27 12:28:25 | 000,043,376 | ---- | M] () -- C:\Users\Andrew Saputo\Desktop\Oregon Ducks _ Online Ticket Office _ Thank You For Your Order.pdf
[2012/01/26 16:48:06 | 000,091,936 | ---- | M] (Tonec Inc.) -- C:\Windows\System32\drivers\idmwfp.sys
[1 C:\Users\Andrew Saputo\Desktop\*.tmp files -> C:\Users\Andrew Saputo\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/05 11:24:01 | 134,661,516 | ---- | C] () -- C:\Users\Andrew Saputo\Desktop\DSC_0011.MOV
[2012/02/05 11:24:00 | 007,186,572 | ---- | C] () -- C:\Users\Andrew Saputo\Desktop\DSC_0010.JPG
[2012/02/05 11:24:00 | 007,166,976 | ---- | C] () -- C:\Users\Andrew Saputo\Desktop\DSC_0009.JPG
[2012/02/05 11:23:59 | 007,910,272 | ---- | C] () -- C:\Users\Andrew Saputo\Desktop\DSC_0008.JPG
[2012/02/05 11:23:59 | 007,214,347 | ---- | C] () -- C:\Users\Andrew Saputo\Desktop\DSC_0007.JPG
[2012/02/05 11:23:58 | 006,384,980 | ---- | C] () -- C:\Users\Andrew Saputo\Desktop\DSC_0005.JPG
[2012/02/05 11:23:58 | 006,245,615 | ---- | C] () -- C:\Users\Andrew Saputo\Desktop\DSC_0006.JPG
[2012/02/05 11:23:57 | 007,449,427 | ---- | C] () -- C:\Users\Andrew Saputo\Desktop\DSC_0004.JPG
[2012/02/05 11:23:57 | 006,517,434 | ---- | C] () -- C:\Users\Andrew Saputo\Desktop\DSC_0003.JPG
[2012/02/05 11:23:53 | 007,173,175 | ---- | C] () -- C:\Users\Andrew Saputo\Desktop\DSC_0001.JPG
[2012/02/05 11:23:53 | 006,771,161 | ---- | C] () -- C:\Users\Andrew Saputo\Desktop\DSC_0002.JPG
[2012/02/04 16:00:28 | 000,019,030 | ---- | C] () -- C:\Windows\System32\FirewallConfig.xml
[2012/02/04 10:03:06 | 000,879,683 | ---- | C] () -- C:\Users\Andrew Saputo\Desktop\SecurityCheck.exe
[2012/02/04 09:40:21 | 000,000,512 | ---- | C] () -- C:\Users\Andrew Saputo\Desktop\MBR.dat
[2012/02/03 15:24:13 | 000,169,591 | ---- | C] () -- C:\Users\Andrew Saputo\Desktop\StatementPdf.pdf.pdf
[2012/02/03 15:23:45 | 000,169,048 | ---- | C] () -- C:\Users\Andrew Saputo\Desktop\StatementPdf.pdf
[2012/02/02 10:33:05 | 000,335,515 | ---- | C] () -- C:\Users\Andrew Saputo\Desktop\FSS.exe
[2012/01/30 17:58:53 | 000,000,228 | ---- | C] () -- C:\Windows\tasks\TuneUpUtilities_Task_BkGndMaintenance2011.job
[2012/01/30 17:48:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/30 17:48:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/30 17:48:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/30 17:48:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/30 17:48:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/30 12:37:22 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/27 12:28:25 | 000,043,376 | ---- | C] () -- C:\Users\Andrew Saputo\Desktop\Oregon Ducks _ Online Ticket Office _ Thank You For Your Order.pdf
[2011/09/27 20:05:33 | 000,213,240 | ---- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/06/08 18:41:41 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/06/08 18:40:14 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010/11/25 10:55:31 | 000,000,097 | ---- | C] () -- C:\Users\Andrew Saputo\AppData\Roaming\netstat.bat
[2010/08/25 19:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 19:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 19:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/02/19 22:58:35 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/02/07 08:13:14 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/02/01 19:02:59 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2009/12/13 15:51:21 | 000,007,603 | ---- | C] () -- C:\Users\Andrew Saputo\AppData\Local\Resmon.ResmonCfg
[2009/12/13 12:21:09 | 000,029,696 | ---- | C] () -- C:\Users\Andrew Saputo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/10 02:11:38 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2009/11/23 13:38:44 | 001,060,864 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2009/11/23 13:38:44 | 000,909,312 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2009/11/23 13:38:44 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2009/11/23 13:38:44 | 000,036,864 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2009/11/23 13:38:44 | 000,036,734 | ---- | C] () -- C:\Windows\System32\OggDSuninst.exe
[2009/09/16 16:34:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/13 20:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:33:53 | 002,380,856 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 18:05:48 | 000,626,844 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 18:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 18:05:48 | 000,107,160 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 18:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 18:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 18:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 15:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 14:09:19 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/05/24 15:28:10 | 000,014,976 | ---- | C] () -- C:\Windows\System32\drivers\SBKUPNT.SYS
[2009/05/24 15:28:10 | 000,013,312 | ---- | C] () -- C:\Windows\System32\DEVLOAD.EXE
[2009/05/24 15:28:05 | 000,002,799 | ---- | C] () -- C:\Windows\SKLANG.INI
[2009/05/14 18:04:36 | 000,008,273 | ---- | C] () -- C:\Users\Andrew Saputo\AppData\Roaming\Comma Separated Values (Windows).JNL
[2009/05/14 17:59:08 | 000,038,266 | ---- | C] () -- C:\Users\Andrew Saputo\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2009/05/14 17:58:25 | 000,012,958 | ---- | C] () -- C:\Users\Andrew Saputo\AppData\Roaming\Microsoft Excel 97-2003.CAL
[2009/04/26 00:16:11 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll

========== LOP Check ==========

[2009/12/10 01:49:50 | 000,000,000 | ---D | M] -- C:\Users\Andrew Saputo\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/02/11 20:16:20 | 000,000,000 | ---D | M] -- C:\Users\Andrew Saputo\AppData\Roaming\Design Science
[2012/02/05 20:11:24 | 000,000,000 | ---D | M] -- C:\Users\Andrew Saputo\AppData\Roaming\DMCache
[2012/01/30 11:55:01 | 000,000,000 | ---D | M] -- C:\Users\Andrew Saputo\AppData\Roaming\Dropbox
[2012/01/30 11:55:03 | 000,000,000 | ---D | M] -- C:\Users\Andrew Saputo\AppData\Roaming\EA
[2011/05/05 20:53:43 | 000,000,000 | ---D | M] -- C:\Users\Andrew Saputo\AppData\Roaming\eInstruction
[2010/01/04 17:27:53 | 000,000,000 | ---D | M] -- C:\Users\Andrew Saputo\AppData\Roaming\FileZilla
[2012/01/30 12:08:19 | 000,000,000 | ---D | M] -- C:\Users\Andrew Saputo\AppData\Roaming\FreeAudioPack
[2011/11/07 19:59:02 | 000,000,000 | ---D | M] -- C:\Users\Andrew Saputo\AppData\Roaming\GFI Software
[2010/04/27 22:00:42 | 000,000,000 | ---D | M] -- C:\Users\Andrew Saputo\AppData\Roaming\HandBrake
[2012/02/02 14:30:46 | 000,000,000 | ---D | M] -- C:\Users\Andrew Saputo\AppData\Roaming\IDM
[2012/01/30 11:55:07 | 000,000,000 | ---D | M] -- C:\Users\Andrew Saputo\AppData\Roaming\IObit
[2012/01/30 12:08:19 | 000,000,000 | ---D | M] -- C:\Users\Andrew Saputo\AppData\Roaming\IrfanView
[2012/01/30 12:08:23 | 000,000,000 | ---D | M] -- C:\Users\Andrew Saputo\AppData\Roaming\PDF Writer
[2012/01/30 11:55:23 | 000,000,000 | ---D | M] -- C:\Users\Andrew Saputo\AppData\Roaming\TuneUp Software
[2012/01/31 13:02:35 | 000,000,000 | ---D | M] -- C:\Users\Andrew Saputo\AppData\Roaming\uTorrent
[2009/12/10 01:49:59 | 000,000,000 | ---D | M] -- C:\Users\Andrew Saputo\AppData\Roaming\Xilisoft Corporation
[2011/02/10 00:08:10 | 000,000,276 | ---- | M] () -- C:\Windows\Tasks\RtlNICDiagVistaStart.job
[2012/01/30 17:53:46 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/01/30 17:58:53 | 000,000,228 | ---- | M] () -- C:\Windows\Tasks\TuneUpUtilities_Task_BkGndMaintenance2011.job

========== Purity Check ==========



========== Custom Scans ==========


< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/02 15:59:28 | 000,834,800 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/02 15:59:28 | 000,834,800 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/02 15:59:28 | 000,834,800 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/02 15:59:30 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/02 15:59:30 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/02 15:59:30 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/05/11 18:35:08 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/05/11 18:35:08 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/05/11 18:35:08 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/11 18:35:08 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/05/11 18:35:08 | 000,748,336 | ---- | M] (Microsoft Corporation)

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-01-19 11:03:11

< End of report >

Thanks for the help!

#13 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:05 AM

Posted 06 February 2012 - 04:04 AM

Hi!

If everything goes well with this fix, we can clean-up the rest of our tools in the next reply.

OTL Fix

We need to run an OTL Fix

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    [2012/02/04 10:00:12 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Andrew Saputo\Desktop\esetsmartinstaller_enu.exe
    [2012/02/04 09:38:09 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\Andrew Saputo\Desktop\aswMBR.exe
    [2012/02/02 10:29:46 | 002,059,312 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Andrew Saputo\Desktop\tdsskiller.exe
    [2012/02/04 10:03:08 | 000,879,683 | ---- | M] () -- C:\Users\Andrew Saputo\Desktop\SecurityCheck.exe
    [2012/02/04 09:40:21 | 000,000,512 | ---- | M] () -- C:\Users\Andrew Saputo\Desktop\MBR.dat
    [2012/02/02 10:33:07 | 000,335,515 | ---- | M] () -- C:\Users\Andrew Saputo\Desktop\FSS.exe
    :Reg
    
    :Files
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#14 andrewsaputo

andrewsaputo
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Eugene Oregon
  • Local time:06:05 AM

Posted 06 February 2012 - 02:32 PM

All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
File C:\Users\Andrew Saputo\Desktop\esetsmartinstaller_enu.exe not found.
File C:\Users\Andrew Saputo\Desktop\aswMBR.exe not found.
File C:\Users\Andrew Saputo\Desktop\tdsskiller.exe not found.
File C:\Users\Andrew Saputo\Desktop\SecurityCheck.exe not found.
File C:\Users\Andrew Saputo\Desktop\MBR.dat not found.
File C:\Users\Andrew Saputo\Desktop\FSS.exe not found.
========== REGISTRY ==========
========== FILES ==========
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\Windows\system32\drivers\etc\hosts
C:\Users\Andrew Saputo\Desktop\cmd.bat deleted successfully.
C:\Users\Andrew Saputo\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Andrew Saputo\Desktop\cmd.bat deleted successfully.
C:\Users\Andrew Saputo\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully


[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Andrew Saputo
->Temp folder emptied: 170263 bytes
->Temporary Internet Files folder emptied: 44994400 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 738546616 bytes
->Flash cache emptied: 4722 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 117594950 bytes

Total Files Cleaned = 860.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Andrew Saputo
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Mcx1
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Administrator
->Java cache emptied: 0 bytes

User: All Users

User: Andrew Saputo
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Mcx1

User: Public

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 02062012_104117

Files\Folders moved on Reboot...
File\Folder C:\Users\Andrew Saputo\AppData\Local\Temp\~DF33730A43D08F7CB0.TMP not found!
File\Folder C:\Users\Andrew Saputo\AppData\Local\Temp\~DFF105D8FE0BA3CFA1.TMP not found!

Registry entries deleted on Reboot...

#15 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:05 AM

Posted 07 February 2012 - 03:14 AM

Hello,

Your logs appear to be clean, so if you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.



Time for some housekeeping
The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /Uninstall



NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Commands
    [ClearAllRestorePoints]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



OTL Clean-Up

We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:
  • Reopen Posted Image on your desktop.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


NEXT:



All Clean Speech

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===



Below I have included a number of recommendations for how to protect your computer against malware infections.


Updated Anti-Virus Program
It's essential that you have an updated anti-virus program running on your computer. You don't want to run more than one as it can cause program conflicts, as well as false positives

You can view an excellent list of Free Security Software programs that has been compiled by GeekstoGo.


Avoid P2P Programs

Remember that no matter how clean the program you're using for peer-to-peer filesharing may be, it offers no guarantees regarding the cleanliness of files you may choose to download. All files available via p2p filesharing carry a high risk, particularly those that offer you illegitimate methods of using legitimate software programs without paying for them. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

If you have any of these programs installed then I highly suggest you uninstall them.

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.


Internet Browsers

Many of the users that I assist here on the forums, ask me which programs they can use to prevent themselves from getting infected again in the future. The best answer I can give you is too practice safe browsing.

Please consider using an alternative browser such as Google Chrome or Opera. They are both much more secure than Internet Explorer, immune to almost all known browser hijackers, and also have great built-in pop-up blockers.

I also suggest you make your Internet Explore more secure.


Make Internet Explorer more secure

  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.



Extra Goodies

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    then consider a password keeper, to keep all your passwords safe.
  • Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • You should run an updated scan with MalwareBytes' Anti-Malware weekly. Instructions are included below:

    • Open Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Check for Updates

  • Be weary of e-mails from unknown senders. Keep the following in mind as well: If it's to good to be true, then it more than likely is.

  • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for Chrome and Opera.
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.
**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users