Jump to content

DanielHendrycks

Honorary Members
 View Profile  See their activity

  • Posts

    43

  • Joined

  • Last visited

Reputation

1 Neutral

About DanielHendrycks

  • Birthday 10/08/1995

Profile Information

  • Location
    Marshfield, Missouri
  1. DanielHendrycks
    Nothing was found, no issues occurred, I think I'm all clean!
  2. DanielHendrycks
    Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5662 Windows 6.1.7600 Internet Explorer 9.0.7930.16406 2/2/2011 14:38:57 mbam-log-2011-02-02 (14-38-57).txt Scan type: Quick scan Objects scanned: 158540 Time elapsed: 1 minute(s), 22 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Things seem to be running fine now, I haven't experienced any of the issues so far. Is it OK if I turn on my Anti-Virus again? I think it may be solved
  3. DanielHendrycks
    ComboFix 11-01-31.02 - Daniel 02/02/2011 14:02:39.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5887.4199 [GMT -6:00] Running from: c:\users\Daniel\Desktop\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . ----- File Replicators ----- c:\program files (x86)\Git\libexec\git-core\git-add.exe c:\program files (x86)\Git\libexec\git-core\git-annotate.exe c:\program files (x86)\Git\libexec\git-core\git-apply.exe c:\program files (x86)\Git\libexec\git-core\git-archive.exe c:\program files (x86)\Git\libexec\git-core\git-bisect--helper.exe c:\program files (x86)\Git\libexec\git-core\git-blame.exe c:\program files (x86)\Git\libexec\git-core\git-branch.exe c:\program files (x86)\Git\libexec\git-core\git-bundle.exe c:\program files (x86)\Git\libexec\git-core\git-cat-file.exe c:\program files (x86)\Git\libexec\git-core\git-check-attr.exe c:\program files (x86)\Git\libexec\git-core\git-check-ref-format.exe c:\program files (x86)\Git\libexec\git-core\git-checkout-index.exe c:\program files (x86)\Git\libexec\git-core\git-checkout.exe c:\program files (x86)\Git\libexec\git-core\git-cherry-pick.exe c:\program files (x86)\Git\libexec\git-core\git-cherry.exe c:\program files (x86)\Git\libexec\git-core\git-clean.exe c:\program files (x86)\Git\libexec\git-core\git-clone.exe c:\program files (x86)\Git\libexec\git-core\git-commit-tree.exe c:\program files (x86)\Git\libexec\git-core\git-commit.exe c:\program files (x86)\Git\libexec\git-core\git-config.exe c:\program files (x86)\Git\libexec\git-core\git-count-objects.exe c:\program files (x86)\Git\libexec\git-core\git-describe.exe c:\program files (x86)\Git\libexec\git-core\git-diff-files.exe c:\program files (x86)\Git\libexec\git-core\git-diff-index.exe c:\program files (x86)\Git\libexec\git-core\git-diff-tree.exe c:\program files (x86)\Git\libexec\git-core\git-diff.exe c:\program files (x86)\Git\libexec\git-core\git-fast-export.exe c:\program files (x86)\Git\libexec\git-core\git-fetch-pack.exe c:\program files (x86)\Git\libexec\git-core\git-fetch.exe c:\program files (x86)\Git\libexec\git-core\git-fmt-merge-msg.exe c:\program files (x86)\Git\libexec\git-core\git-for-each-ref.exe c:\program files (x86)\Git\libexec\git-core\git-format-patch.exe c:\program files (x86)\Git\libexec\git-core\git-fsck-objects.exe c:\program files (x86)\Git\libexec\git-core\git-fsck.exe c:\program files (x86)\Git\libexec\git-core\git-gc.exe c:\program files (x86)\Git\libexec\git-core\git-get-tar-commit-id.exe c:\program files (x86)\Git\libexec\git-core\git-grep.exe c:\program files (x86)\Git\libexec\git-core\git-hash-object.exe c:\program files (x86)\Git\libexec\git-core\git-help.exe c:\program files (x86)\Git\libexec\git-core\git-index-pack.exe c:\program files (x86)\Git\libexec\git-core\git-init-db.exe c:\program files (x86)\Git\libexec\git-core\git-init.exe c:\program files (x86)\Git\libexec\git-core\git-log.exe c:\program files (x86)\Git\libexec\git-core\git-ls-files.exe c:\program files (x86)\Git\libexec\git-core\git-ls-remote.exe c:\program files (x86)\Git\libexec\git-core\git-ls-tree.exe c:\program files (x86)\Git\libexec\git-core\git-mailinfo.exe c:\program files (x86)\Git\libexec\git-core\git-mailsplit.exe c:\program files (x86)\Git\libexec\git-core\git-merge-base.exe c:\program files (x86)\Git\libexec\git-core\git-merge-file.exe c:\program files (x86)\Git\libexec\git-core\git-merge-index.exe c:\program files (x86)\Git\libexec\git-core\git-merge-ours.exe c:\program files (x86)\Git\libexec\git-core\git-merge-recursive.exe c:\program files (x86)\Git\libexec\git-core\git-merge-subtree.exe c:\program files (x86)\Git\libexec\git-core\git-merge-tree.exe c:\program files (x86)\Git\libexec\git-core\git-merge.exe c:\program files (x86)\Git\libexec\git-core\git-mktag.exe c:\program files (x86)\Git\libexec\git-core\git-mktree.exe c:\program files (x86)\Git\libexec\git-core\git-mv.exe c:\program files (x86)\Git\libexec\git-core\git-name-rev.exe c:\program files (x86)\Git\libexec\git-core\git-notes.exe c:\program files (x86)\Git\libexec\git-core\git-pack-objects.exe c:\program files (x86)\Git\libexec\git-core\git-pack-redundant.exe c:\program files (x86)\Git\libexec\git-core\git-pack-refs.exe c:\program files (x86)\Git\libexec\git-core\git-patch-id.exe c:\program files (x86)\Git\libexec\git-core\git-peek-remote.exe c:\program files (x86)\Git\libexec\git-core\git-prune-packed.exe c:\program files (x86)\Git\libexec\git-core\git-prune.exe c:\program files (x86)\Git\libexec\git-core\git-push.exe c:\program files (x86)\Git\libexec\git-core\git-read-tree.exe c:\program files (x86)\Git\libexec\git-core\git-receive-pack.exe c:\program files (x86)\Git\libexec\git-core\git-reflog.exe c:\program files (x86)\Git\libexec\git-core\git-remote.exe c:\program files (x86)\Git\libexec\git-core\git-replace.exe c:\program files (x86)\Git\libexec\git-core\git-repo-config.exe c:\program files (x86)\Git\libexec\git-core\git-rerere.exe c:\program files (x86)\Git\libexec\git-core\git-reset.exe c:\program files (x86)\Git\libexec\git-core\git-rev-list.exe c:\program files (x86)\Git\libexec\git-core\git-rev-parse.exe c:\program files (x86)\Git\libexec\git-core\git-revert.exe c:\program files (x86)\Git\libexec\git-core\git-rm.exe c:\program files (x86)\Git\libexec\git-core\git-send-pack.exe c:\program files (x86)\Git\libexec\git-core\git-shortlog.exe c:\program files (x86)\Git\libexec\git-core\git-show-branch.exe c:\program files (x86)\Git\libexec\git-core\git-show-ref.exe c:\program files (x86)\Git\libexec\git-core\git-show.exe c:\program files (x86)\Git\libexec\git-core\git-stage.exe c:\program files (x86)\Git\libexec\git-core\git-status.exe c:\program files (x86)\Git\libexec\git-core\git-stripspace.exe c:\program files (x86)\Git\libexec\git-core\git-symbolic-ref.exe c:\program files (x86)\Git\libexec\git-core\git-tag.exe c:\program files (x86)\Git\libexec\git-core\git-tar-tree.exe c:\program files (x86)\Git\libexec\git-core\git-unpack-file.exe c:\program files (x86)\Git\libexec\git-core\git-unpack-objects.exe c:\program files (x86)\Git\libexec\git-core\git-update-index.exe c:\program files (x86)\Git\libexec\git-core\git-update-ref.exe c:\program files (x86)\Git\libexec\git-core\git-update-server-info.exe c:\program files (x86)\Git\libexec\git-core\git-upload-archive.exe c:\program files (x86)\Git\libexec\git-core\git-var.exe c:\program files (x86)\Git\libexec\git-core\git-verify-pack.exe c:\program files (x86)\Git\libexec\git-core\git-verify-tag.exe c:\program files (x86)\Git\libexec\git-core\git-whatchanged.exe c:\program files (x86)\Git\libexec\git-core\git-write-tree.exe c:\program files (x86)\Git\libexec\git-core\git.exe . . ((((((((((((((((((((((((( Files Created from 2011-01-02 to 2011-02-02 ))))))))))))))))))))))))))))))) . 2011-02-02 20:06 . 2011-02-02 20:06 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-02-02 16:48 . 2011-02-02 16:50 34560 ----a-w- c:\windows\SysWow64\drivers\Normandy.sys 2011-02-02 01:30 . 2011-02-02 01:30 -------- d-----w- c:\users\Daniel\AppData\Local\{8F0B5C08-67BC-435C-8D46-1F180FF3BC2C} 2011-02-01 17:19 . 2011-02-01 17:26 -------- d-----w- c:\program files (x86)\Project64 1.6 2011-02-01 16:22 . 2011-01-13 10:20 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0884DA47-E21F-4E05-8A37-DE465A4E65EB}\mpengine.dll 2011-01-23 03:19 . 2011-01-23 03:19 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2011-01-23 03:18 . 2011-01-23 03:18 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2011-01-23 03:16 . 2011-01-23 03:16 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2011-01-20 20:00 . 2011-01-20 20:00 -------- d-----w- c:\users\Daniel\AppData\Roaming\Avira 2011-01-20 19:02 . 2010-12-13 14:40 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-01-20 19:02 . 2010-12-13 14:40 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-01-20 19:02 . 2011-01-20 19:02 -------- d-----w- c:\programdata\Avira 2011-01-20 19:02 . 2011-01-20 19:02 -------- d-----w- c:\program files (x86)\Avira 2011-01-20 17:48 . 2011-01-20 18:04 -------- d-----w- c:\users\Daniel\Attack Surface Analyzer 2011-01-18 12:23 . 2011-01-18 12:23 -------- d-----w- c:\users\Daniel\AppData\Local\{1DD2A861-EA08-460D-A548-671F2A75A396} 2011-01-13 00:23 . 2011-01-13 00:23 -------- d-----w- c:\program files (x86)\Xiph.Org 2011-01-12 20:28 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll 2011-01-12 20:28 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll 2011-01-12 20:28 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll 2011-01-12 20:28 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll 2011-01-12 20:28 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll 2011-01-12 20:28 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll 2011-01-12 20:28 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll 2011-01-12 20:28 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll 2011-01-12 20:28 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll 2011-01-12 20:28 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll 2011-01-12 00:20 . 2011-01-12 00:20 -------- d-----w- c:\users\Daniel\AppData\Local\{98208CDF-B275-41A9-BD7E-B6E50E2D1A8E} 2011-01-08 02:49 . 2011-01-08 02:49 795752 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll 2011-01-08 02:49 . 2011-01-08 02:49 6143080 ----a-w- c:\windows\system32\nvcpl.dll 2011-01-08 02:49 . 2011-01-08 02:49 3156072 ----a-w- c:\windows\system32\nvsvc64.dll 2011-01-08 02:48 . 2011-01-08 02:48 117864 ----a-w- c:\windows\system32\nvmctray.dll 2011-01-08 02:48 . 2011-01-08 02:48 1005160 ----a-w- c:\windows\system32\nvvsvc.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-01-08 03:27 . 2010-07-20 06:06 1965672 ----a-w- c:\windows\SysWow64\nvapi.dll 2011-01-08 03:27 . 2009-08-15 21:18 12859496 ----a-w- c:\windows\system32\nvd3dumx.dll 2011-01-08 03:27 . 2009-08-15 21:18 2200680 ----a-w- c:\windows\system32\nvapi64.dll 2010-12-26 21:31 . 2010-07-20 07:21 521448 ----a-w- c:\windows\system32\deployJava1.dll 2010-12-26 20:37 . 2010-07-08 22:10 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2010-12-22 21:08 . 2010-12-22 21:08 173840 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys 2010-12-22 21:08 . 2010-12-23 19:04 226448 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys 2010-12-22 21:08 . 2010-12-23 19:04 54864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys 2010-12-22 21:08 . 2010-12-22 21:08 154256 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys 2010-12-22 21:08 . 2010-12-22 21:08 318992 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll 2010-12-21 00:09 . 2010-03-30 02:34 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2010-12-21 00:08 . 2009-12-25 16:48 24152 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-11-15 12:30 . 2010-11-15 12:30 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll 2010-11-10 08:54 . 2010-11-10 08:54 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll 2010-11-10 08:28 . 2010-11-10 08:28 301936 ----a-w- c:\windows\WLXPGSS.SCR 2010-11-09 03:55 . 2010-11-24 18:15 1502208 ----a-w- c:\windows\system32\inetcpl.cpl 2010-11-09 03:52 . 2010-11-24 18:15 2381824 ----a-w- c:\windows\system32\mshtml.tlb . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-01-16 135664] "FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832] "Wakoopa"="c:\program files (x86)\Wakoopa\Wakoopa.exe" [2009-03-25 573440] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader\Reader\Reader_sl.exe" [2010-11-10 35736] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768] c:\users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-12-16 23343848] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] R3 cpuz130;cpuz130;c:\users\Daniel\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x] R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [2008-09-17 12744] R3 netr28ux;Belkin USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [2009-08-06 987648] R3 Normandy;Normandy SR2; [x] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4924336] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-24 1255736] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976] R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880] S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2010-12-22 226448] S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2010-12-22 54864] S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-12-13 135336] S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-06-04 1150496] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-09-23 447848] S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 240160] S3 sftfs;sftfs;c:\program files (x86)\Microsoft Application Virtualization Client\drivers\sftfslh.sys [2009-09-23 712536] S3 sftplay;sftplay;c:\program files (x86)\Microsoft Application Virtualization Client\drivers\sftplaylh.sys [2009-09-23 261480] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-09-23 25944] S3 sftvol;sftvol;c:\program files (x86)\Microsoft Application Virtualization Client\drivers\sftvollh.sys [2009-09-23 17752] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-09-23 203608] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-12-22 154256] S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2010-12-22 173840] . Contents of the 'Scheduled Tasks' folder 2009-12-31 c:\windows\Tasks\Defraggler Volume C Task.job - c:\program files (x86)\Defraggler\df.exe [2010-11-10 15:06] 2011-02-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2262635457-234178780-3350582580-1000Core.job - c:\users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-16 14:22] 2011-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2262635457-234178780-3350582580-1000UA.job - c:\users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-16 14:22] . --------- x86-64 ----------- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 97792 ----a-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 97792 ----a-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 97792 ----a-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 97792 ----a-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uStart Page = hxxp://www.bing.com/ uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17361209g106p0335v175r4871s24o mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\tyd2e1eq.default\ . - - - - ORPHANS REMOVED - - - - Toolbar-Locked - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_2_161_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_2_161_ActiveX.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-02-02 14:07:55 ComboFix-quarantined-files.txt 2011-02-02 20:07 Pre-Run: 661,381,668,864 bytes free Post-Run: 661,246,291,968 bytes free - - End Of File - - B5862F2B42C696832A87D698DD2F46C4
  4. DanielHendrycks
    2011/02/02 13:02:40.0310 3824 TDSS rootkit removing tool 2.4.16.0 Feb 1 2011 10:34:03 2011/02/02 13:02:40.0598 3824 ================================================================================ 2011/02/02 13:02:40.0598 3824 SystemInfo: 2011/02/02 13:02:40.0599 3824 2011/02/02 13:02:40.0599 3824 OS Version: 6.1.7600 ServicePack: 0.0 2011/02/02 13:02:40.0599 3824 Product type: Workstation 2011/02/02 13:02:40.0599 3824 ComputerName: DANIEL-PC 2011/02/02 13:02:40.0599 3824 UserName: Daniel 2011/02/02 13:02:40.0599 3824 Windows directory: C:\Windows 2011/02/02 13:02:40.0599 3824 System windows directory: C:\Windows 2011/02/02 13:02:40.0599 3824 Running under WOW64 2011/02/02 13:02:40.0599 3824 Processor architecture: Intel x64 2011/02/02 13:02:40.0599 3824 Number of processors: 2 2011/02/02 13:02:40.0599 3824 Page size: 0x1000 2011/02/02 13:02:40.0599 3824 Boot type: Normal boot 2011/02/02 13:02:40.0599 3824 ================================================================================ 2011/02/02 13:02:40.0786 3824 Initialize success 2011/02/02 13:02:55.0433 4712 ================================================================================ 2011/02/02 13:02:55.0433 4712 Scan started 2011/02/02 13:02:55.0434 4712 Mode: Manual; 2011/02/02 13:02:55.0434 4712 ================================================================================ 2011/02/02 13:02:55.0895 4712 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys 2011/02/02 13:02:55.0946 4712 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys 2011/02/02 13:02:55.0965 4712 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys 2011/02/02 13:02:56.0003 4712 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 2011/02/02 13:02:56.0034 4712 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 2011/02/02 13:02:56.0065 4712 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 2011/02/02 13:02:56.0108 4712 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys 2011/02/02 13:02:56.0138 4712 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys 2011/02/02 13:02:56.0169 4712 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys 2011/02/02 13:02:56.0185 4712 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys 2011/02/02 13:02:56.0207 4712 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 2011/02/02 13:02:56.0243 4712 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 2011/02/02 13:02:56.0269 4712 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys 2011/02/02 13:02:56.0299 4712 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 2011/02/02 13:02:56.0328 4712 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys 2011/02/02 13:02:56.0411 4712 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys 2011/02/02 13:02:56.0447 4712 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 2011/02/02 13:02:56.0466 4712 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 2011/02/02 13:02:56.0527 4712 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/02/02 13:02:56.0551 4712 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys 2011/02/02 13:02:56.0613 4712 avgntflt (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys 2011/02/02 13:02:56.0661 4712 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys 2011/02/02 13:02:56.0716 4712 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 2011/02/02 13:02:56.0760 4712 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 2011/02/02 13:02:56.0805 4712 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 2011/02/02 13:02:56.0846 4712 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 2011/02/02 13:02:56.0868 4712 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys 2011/02/02 13:02:56.0894 4712 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 2011/02/02 13:02:56.0909 4712 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 2011/02/02 13:02:56.0938 4712 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 2011/02/02 13:02:56.0963 4712 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 2011/02/02 13:02:56.0988 4712 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 2011/02/02 13:02:57.0008 4712 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 2011/02/02 13:02:57.0039 4712 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 2011/02/02 13:02:57.0070 4712 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 2011/02/02 13:02:57.0096 4712 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys 2011/02/02 13:02:57.0126 4712 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 2011/02/02 13:02:57.0173 4712 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 2011/02/02 13:02:57.0270 4712 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/02/02 13:02:57.0285 4712 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys 2011/02/02 13:02:57.0306 4712 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys 2011/02/02 13:02:57.0338 4712 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 2011/02/02 13:02:57.0363 4712 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys 2011/02/02 13:02:57.0469 4712 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 2011/02/02 13:02:57.0530 4712 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys 2011/02/02 13:02:57.0554 4712 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 2011/02/02 13:02:57.0581 4712 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 2011/02/02 13:02:57.0622 4712 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 2011/02/02 13:02:57.0668 4712 DXGKrnl (24ce1ecf9d0ae0301775b07f5fea175b) C:\Windows\System32\drivers\dxgkrnl.sys 2011/02/02 13:02:57.0777 4712 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 2011/02/02 13:02:57.0890 4712 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 2011/02/02 13:02:57.0941 4712 ENTECH64 (12c061d9f9621be916d58191872ec281) C:\Windows\system32\DRIVERS\ENTECH64.sys 2011/02/02 13:02:57.0962 4712 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys 2011/02/02 13:02:58.0004 4712 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 2011/02/02 13:02:58.0030 4712 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 2011/02/02 13:02:58.0080 4712 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 2011/02/02 13:02:58.0110 4712 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 2011/02/02 13:02:58.0133 4712 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 2011/02/02 13:02:58.0166 4712 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/02/02 13:02:58.0197 4712 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys 2011/02/02 13:02:58.0249 4712 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 2011/02/02 13:02:58.0278 4712 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 2011/02/02 13:02:58.0307 4712 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys 2011/02/02 13:02:58.0336 4712 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 2011/02/02 13:02:58.0373 4712 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 2011/02/02 13:02:58.0417 4712 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys 2011/02/02 13:02:58.0451 4712 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/02/02 13:02:58.0490 4712 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 2011/02/02 13:02:58.0523 4712 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 2011/02/02 13:02:58.0556 4712 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 2011/02/02 13:02:58.0580 4712 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys 2011/02/02 13:02:58.0616 4712 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys 2011/02/02 13:02:58.0655 4712 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys 2011/02/02 13:02:58.0691 4712 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys 2011/02/02 13:02:58.0722 4712 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/02/02 13:02:58.0762 4712 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys 2011/02/02 13:02:58.0818 4712 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 2011/02/02 13:02:58.0986 4712 IntcAzAudAddService (bc64b75e8e0a0b8982ab773483164e72) C:\Windows\system32\drivers\RTKVHD64.sys 2011/02/02 13:02:59.0050 4712 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys 2011/02/02 13:02:59.0081 4712 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 2011/02/02 13:02:59.0112 4712 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/02/02 13:02:59.0136 4712 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys 2011/02/02 13:02:59.0174 4712 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 2011/02/02 13:02:59.0197 4712 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 2011/02/02 13:02:59.0222 4712 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys 2011/02/02 13:02:59.0251 4712 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/02/02 13:02:59.0296 4712 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/02/02 13:02:59.0323 4712 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/02/02 13:02:59.0352 4712 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys 2011/02/02 13:02:59.0383 4712 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys 2011/02/02 13:02:59.0411 4712 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 2011/02/02 13:02:59.0463 4712 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 2011/02/02 13:02:59.0513 4712 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 2011/02/02 13:02:59.0531 4712 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 2011/02/02 13:02:59.0550 4712 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 2011/02/02 13:02:59.0571 4712 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 2011/02/02 13:02:59.0603 4712 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 2011/02/02 13:02:59.0641 4712 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 2011/02/02 13:02:59.0670 4712 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 2011/02/02 13:02:59.0703 4712 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 2011/02/02 13:02:59.0720 4712 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 2011/02/02 13:02:59.0738 4712 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 2011/02/02 13:02:59.0761 4712 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 2011/02/02 13:02:59.0777 4712 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys 2011/02/02 13:02:59.0796 4712 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys 2011/02/02 13:02:59.0820 4712 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 2011/02/02 13:02:59.0841 4712 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys 2011/02/02 13:02:59.0876 4712 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/02/02 13:02:59.0904 4712 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/02/02 13:02:59.0935 4712 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/02/02 13:02:59.0959 4712 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys 2011/02/02 13:02:59.0987 4712 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys 2011/02/02 13:03:00.0029 4712 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 2011/02/02 13:03:00.0049 4712 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 2011/02/02 13:03:00.0063 4712 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys 2011/02/02 13:03:00.0121 4712 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 2011/02/02 13:03:00.0135 4712 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/02/02 13:03:00.0152 4712 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 2011/02/02 13:03:00.0185 4712 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys 2011/02/02 13:03:00.0215 4712 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/02/02 13:03:00.0258 4712 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 2011/02/02 13:03:00.0275 4712 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 2011/02/02 13:03:00.0292 4712 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 2011/02/02 13:03:00.0341 4712 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 2011/02/02 13:03:00.0381 4712 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys 2011/02/02 13:03:00.0415 4712 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 2011/02/02 13:03:00.0449 4712 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/02/02 13:03:00.0474 4712 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/02/02 13:03:00.0496 4712 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/02/02 13:03:00.0522 4712 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys 2011/02/02 13:03:00.0543 4712 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 2011/02/02 13:03:00.0568 4712 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys 2011/02/02 13:03:00.0644 4712 netr28ux (26672f93749ac9fd28da1b0f94efa78d) C:\Windows\system32\DRIVERS\netr28ux.sys 2011/02/02 13:03:00.0696 4712 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 2011/02/02 13:03:00.0761 4712 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 2011/02/02 13:03:00.0782 4712 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 2011/02/02 13:03:00.0837 4712 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys 2011/02/02 13:03:00.0892 4712 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 2011/02/02 13:03:00.0923 4712 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys 2011/02/02 13:03:01.0178 4712 nvlddmkm (f12c5f17d48d9f5c70e4408b3ccb5443) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2011/02/02 13:03:01.0428 4712 NVNET (0ad267a4674805b61a5d7b911d2a978a) C:\Windows\system32\DRIVERS\nvmf6264.sys 2011/02/02 13:03:01.0462 4712 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys 2011/02/02 13:03:01.0489 4712 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys 2011/02/02 13:03:01.0520 4712 nvstor64 (7c7eef51979658ce15bbc04f96a77d56) C:\Windows\system32\DRIVERS\nvstor64.sys 2011/02/02 13:03:01.0566 4712 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys 2011/02/02 13:03:01.0609 4712 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/02/02 13:03:01.0673 4712 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 2011/02/02 13:03:01.0700 4712 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys 2011/02/02 13:03:01.0727 4712 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys 2011/02/02 13:03:01.0755 4712 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys 2011/02/02 13:03:01.0780 4712 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 2011/02/02 13:03:01.0802 4712 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 2011/02/02 13:03:01.0837 4712 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 2011/02/02 13:03:01.0936 4712 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys 2011/02/02 13:03:01.0964 4712 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 2011/02/02 13:03:01.0996 4712 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys 2011/02/02 13:03:02.0051 4712 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 2011/02/02 13:03:02.0102 4712 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 2011/02/02 13:03:02.0125 4712 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 2011/02/02 13:03:02.0160 4712 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 2011/02/02 13:03:02.0207 4712 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 2011/02/02 13:03:02.0234 4712 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/02/02 13:03:02.0291 4712 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/02/02 13:03:02.0306 4712 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 2011/02/02 13:03:02.0332 4712 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys 2011/02/02 13:03:02.0360 4712 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 2011/02/02 13:03:02.0383 4712 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/02/02 13:03:02.0409 4712 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 2011/02/02 13:03:02.0432 4712 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 2011/02/02 13:03:02.0460 4712 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys 2011/02/02 13:03:02.0489 4712 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys 2011/02/02 13:03:02.0579 4712 RsFx0103 (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys 2011/02/02 13:03:02.0615 4712 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 2011/02/02 13:03:02.0649 4712 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys 2011/02/02 13:03:02.0682 4712 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys 2011/02/02 13:03:02.0716 4712 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 2011/02/02 13:03:02.0755 4712 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 2011/02/02 13:03:02.0798 4712 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 2011/02/02 13:03:02.0823 4712 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 2011/02/02 13:03:02.0875 4712 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys 2011/02/02 13:03:02.0900 4712 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys 2011/02/02 13:03:02.0930 4712 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys 2011/02/02 13:03:02.0949 4712 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 2011/02/02 13:03:03.0036 4712 sftfs (6532f56e1bd7fe50e1352b909530c651) C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\sftfslh.sys 2011/02/02 13:03:03.0100 4712 sftplay (e6ff02b1bd81ea2f6894066d5cb6d91e) C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\sftplaylh.sys 2011/02/02 13:03:03.0121 4712 Sftredir (cffb30b10c66f9a8c6a70d105bd4de8d) C:\Windows\system32\DRIVERS\Sftredirlh.sys 2011/02/02 13:03:03.0138 4712 sftvol (baf32ef413025559c23754afcabca90a) C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\sftvollh.sys 2011/02/02 13:03:03.0186 4712 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 2011/02/02 13:03:03.0219 4712 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 2011/02/02 13:03:03.0240 4712 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 2011/02/02 13:03:03.0281 4712 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 2011/02/02 13:03:03.0351 4712 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys 2011/02/02 13:03:03.0420 4712 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys 2011/02/02 13:03:03.0465 4712 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys 2011/02/02 13:03:03.0503 4712 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 2011/02/02 13:03:03.0533 4712 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 2011/02/02 13:03:03.0620 4712 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys 2011/02/02 13:03:03.0703 4712 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys 2011/02/02 13:03:03.0735 4712 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys 2011/02/02 13:03:03.0764 4712 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 2011/02/02 13:03:03.0784 4712 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 2011/02/02 13:03:03.0800 4712 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys 2011/02/02 13:03:03.0828 4712 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys 2011/02/02 13:03:03.0878 4712 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/02/02 13:03:03.0912 4712 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys 2011/02/02 13:03:03.0938 4712 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 2011/02/02 13:03:03.0981 4712 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys 2011/02/02 13:03:04.0040 4712 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys 2011/02/02 13:03:04.0070 4712 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys 2011/02/02 13:03:04.0097 4712 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 2011/02/02 13:03:04.0144 4712 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/02/02 13:03:04.0169 4712 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys 2011/02/02 13:03:04.0204 4712 usbehci (df9f9afc9aaabd8ed47975d44e38169a) C:\Windows\system32\DRIVERS\usbehci.sys 2011/02/02 13:03:04.0232 4712 usbhub (372a91bc3c6603080a793880b0873785) C:\Windows\system32\DRIVERS\usbhub.sys 2011/02/02 13:03:04.0253 4712 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys 2011/02/02 13:03:04.0277 4712 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 2011/02/02 13:03:04.0294 4712 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/02/02 13:03:04.0319 4712 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/02/02 13:03:04.0365 4712 VBoxDrv (ecacf742133777de0fe914e122fad449) C:\Windows\system32\DRIVERS\VBoxDrv.sys 2011/02/02 13:03:04.0402 4712 VBoxNetAdp (9304501324486866f91b3ae4c420f206) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys 2011/02/02 13:03:04.0448 4712 VBoxNetFlt (8781827699eacee780552ed71e5af5df) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys 2011/02/02 13:03:04.0470 4712 VBoxUSBMon (035c13e15ed13bc0eb5f0157aafd8a4e) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys 2011/02/02 13:03:04.0487 4712 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys 2011/02/02 13:03:04.0515 4712 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/02/02 13:03:04.0538 4712 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 2011/02/02 13:03:04.0568 4712 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys 2011/02/02 13:03:04.0594 4712 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys 2011/02/02 13:03:04.0621 4712 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys 2011/02/02 13:03:04.0651 4712 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys 2011/02/02 13:03:04.0681 4712 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys 2011/02/02 13:03:04.0718 4712 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 2011/02/02 13:03:04.0750 4712 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 2011/02/02 13:03:04.0795 4712 VWiFiFlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 2011/02/02 13:03:04.0826 4712 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 2011/02/02 13:03:04.0857 4712 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 2011/02/02 13:03:04.0877 4712 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 2011/02/02 13:03:04.0928 4712 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 2011/02/02 13:03:04.0960 4712 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 2011/02/02 13:03:05.0014 4712 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 2011/02/02 13:03:05.0034 4712 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 2011/02/02 13:03:05.0108 4712 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/02/02 13:03:05.0154 4712 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 2011/02/02 13:03:05.0187 4712 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys 2011/02/02 13:03:05.0229 4712 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/02/02 13:03:05.0288 4712 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0) 2011/02/02 13:03:05.0292 4712 ================================================================================ 2011/02/02 13:03:05.0292 4712 Scan finished 2011/02/02 13:03:05.0292 4712 ================================================================================ 2011/02/02 13:03:05.0305 2896 Detected object count: 1 2011/02/02 13:03:12.0278 2896 \HardDisk0 - will be cured after reboot 2011/02/02 13:03:12.0279 2896 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure 2011/02/02 13:03:29.0661 3996 Deinitialize success
  5. DanielHendrycks
    Description: Tabs open randomly to sites that want me to download malware or phishing sites, it also opens to sites that run some scripts in an attempt to exploit the browser. "WhiteSmoke" also gets installed without my permission (when my settings are supposed to have things ask permission); WhiteSmoke is a trojan. Also, and most annoying, Processes wont start completely, sometimes; I'll click on the shortcut and it will create a process but it wont fully start-up, this happens sometimes. OTL Extras logfile created on: 2/2/2011 10:41:56 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Daniel\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.7930.16406) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 72.00% Memory free 11.00 Gb Paging File | 10.00 Gb Available in Paging File | 85.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 683.54 Gb Total Space | 617.17 Gb Free Space | 90.29% Space Free | Partition Type: NTFS Computer Name: DANIEL-PC | User Name: Daniel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{20140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010 (Beta) "{26A24AE4-039D-4CA4-87B4-2F86416023FF}" = Java 6 Update 23 (64-bit) "{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files "{639673E9-D53F-44F4-A046-485C8A6ADA16}" = Paint.NET v3.5.6 "{76B91A94-33F6-4E92-88DF-3325427F4F47}" = Oracle VM VirtualBox 4.0.0 "{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver "{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services "{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services "{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0 "Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit "CCleaner" = CCleaner "Defraggler" = Defraggler "GIMP-2_is1" = GIMP 2.7.1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0 "NVIDIA Drivers" = NVIDIA Drivers "Recuva" = Recuva [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java 6 Update 23 "{2AD738DC-FC24-4342-A2DA-BB6DCCF6B048}" = Jing "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3C6A7D0A-1763-46D9-BDFB-4E7A212E8D54}" = Mercurial 1.7.1 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit February 2010 (Version 3.5.50211.1) "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8CCA4800-152A-4C51-8569-5803FBD67CC9}" = LibreOffice 3.3 "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EE171732-BEB4-4576-887D-CB62727F01CA}" = eMachines Updater "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FBDCDFA2-6950-46A1-B31E-B1B3DF08242B}" = Miro Video Converter "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "eMachines Registration" = eMachines Registration "FileHippo.com" = FileHippo.com Update Checker "Git_is1" = Git version 1.7.3.1-preview20101002 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "Identity Card" = Identity Card "Inkscape" = Inkscape 0.48.0 "InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Minefield 4.0b11pre (x86 en-US)" = Minefield 4.0b11pre (x86 en-US) "Notepad++" = Notepad++ "Open Codecs" = Xiph.Org Open Codecs 0.85.17777 "Opera 11.00.1156_1" = Opera 11.00 "Opera 11.01.1190" = Opera 11.01 "SystemRequirementsLab" = System Requirements Lab "Wascana C/C++ IDE for Windows" = Wascana C/C++ IDE for Windows "WinLiveSuite" = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2262635457-234178780-3350582580-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "CodeBlocks" = CodeBlocks "Dropbox" = Dropbox "Google Chrome" = Google Chrome "Google Chrome SxS" = Google Chrome Canary Build "oOrganizer beta1" = oOrganizer beta1 "Opera SVG Viewer" = Opera SVG Viewer "Twiget (Twitter Widget)" = Twiget (Twitter Widget) "Wakoopa" = Wakoopa ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 1/13/2011 12:48:28 | Computer Name = Daniel-PC | Source = Application Error | ID = 1005 Description = Windows cannot access the file for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Host Process for Windows Services because of this error. Program: Host Process for Windows Services File: The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: 00000000 Disk type: 0 Error - 1/14/2011 8:09:57 | Computer Name = Daniel-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe". Dependent Assembly Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.1833" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 1/14/2011 8:42:51 | Computer Name = Daniel-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe". Dependent Assembly Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.1833" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 1/15/2011 14:46:30 | Computer Name = Daniel-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe". Dependent Assembly Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.1833" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 1/16/2011 10:15:01 | Computer Name = Daniel-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe". Dependent Assembly Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.1833" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 1/16/2011 13:08:33 | Computer Name = Daniel-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe". Dependent Assembly Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.1833" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 1/17/2011 8:07:48 | Computer Name = Daniel-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe". Dependent Assembly Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.1833" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 1/17/2011 20:32:25 | Computer Name = Daniel-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe". Dependent Assembly Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.1833" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 1/18/2011 7:35:48 | Computer Name = Daniel-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe". Dependent Assembly Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.1833" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 1/18/2011 18:49:42 | Computer Name = Daniel-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe". Dependent Assembly Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.1833" could not be found. Please use sxstrace.exe for detailed diagnosis. [ Media Center Events ] Error - 1/22/2011 21:13:46 | Computer Name = Daniel-PC | Source = MCUpdate | ID = 0 Description = 7:13:46 PM - Error connecting to the internet. 7:13:46 PM - Unable to contact server.. Error - 1/22/2011 21:14:16 | Computer Name = Daniel-PC | Source = MCUpdate | ID = 0 Description = 7:14:15 PM - Error connecting to the internet. 7:14:15 PM - Unable to contact server.. Error - 1/22/2011 22:15:08 | Computer Name = Daniel-PC | Source = MCUpdate | ID = 0 Description = 8:15:08 PM - Error connecting to the internet. 8:15:08 PM - Unable to contact server.. Error - 1/22/2011 22:15:42 | Computer Name = Daniel-PC | Source = MCUpdate | ID = 0 Description = 8:15:37 PM - Error connecting to the internet. 8:15:37 PM - Unable to contact server.. Error - 1/22/2011 23:19:23 | Computer Name = Daniel-PC | Source = MCUpdate | ID = 0 Description = 9:19:23 PM - Failed to retrieve SportsSchedule (Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.) [ System Events ] Error - 2/1/2011 11:57:19 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7023 Description = The Windows Replication Management service terminated with the following error: %%126 Error - 2/1/2011 11:57:19 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7000 Description = The SQL Server (SQLEXPRESS) service failed to start due to the following error: %%14001 Error - 2/1/2011 11:57:22 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7000 Description = The Client Virtualization Handler service failed to start due to the following error: %%2 Error - 2/1/2011 12:22:06 | Computer Name = Daniel-PC | Source = Ntfs | ID = 262199 Description = The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume eMachines. Error - 2/1/2011 23:38:37 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7023 Description = The Windows Replication Management service terminated with the following error: %%126 Error - 2/1/2011 23:38:37 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7000 Description = The SQL Server (SQLEXPRESS) service failed to start due to the following error: %%14001 Error - 2/1/2011 23:38:43 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7000 Description = The Client Virtualization Handler service failed to start due to the following error: %%2 Error - 2/2/2011 12:32:38 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7023 Description = The Windows Replication Management service terminated with the following error: %%126 Error - 2/2/2011 12:32:38 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7000 Description = The SQL Server (SQLEXPRESS) service failed to start due to the following error: %%14001 Error - 2/2/2011 12:32:43 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7000 Description = The Client Virtualization Handler service failed to start due to the following error: %%2 < End of report > OTL logfile created on: 2/2/2011 10:41:55 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Daniel\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.7930.16406) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 72.00% Memory free 11.00 Gb Paging File | 10.00 Gb Available in Paging File | 85.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 683.54 Gb Total Space | 617.17 Gb Free Space | 90.29% Space Free | Partition Type: NTFS Computer Name: DANIEL-PC | User Name: Daniel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/02/02 10:41:12 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe PRC - [2011/01/30 13:26:17 | 000,943,472 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe PRC - [2010/12/16 20:24:30 | 023,343,848 | ---- | M] (Dropbox, Inc.) -- C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2010/12/13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2010/12/13 08:39:54 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010/12/13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2010/11/10 12:49:36 | 001,289,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader\Reader\AcroRd32.exe PRC - [2010/10/20 14:34:03 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Users\Daniel\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe PRC - [2009/09/23 15:04:42 | 000,447,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2009/09/23 15:04:42 | 000,203,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2009/07/03 19:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe PRC - [2009/06/04 07:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe PRC - [2009/03/25 07:40:14 | 000,573,440 | ---- | M] (Wakoopa) -- C:\Program Files (x86)\Wakoopa\Wakoopa.exe ========== Modules (SafeList) ========== MOD - [2011/02/02 10:41:12 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe MOD - [2010/08/20 23:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll MOD - [2009/07/13 19:15:31 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll MOD - [2009/07/13 19:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/03 19:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe -- (Updater Service) SRV:64bit: - [2009/04/19 09:34:48 | 000,625,184 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) SRV:64bit: - [2009/04/19 09:34:48 | 000,207,904 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp) SRV - [2010/12/13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010/12/13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/09/23 15:04:42 | 000,447,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2009/09/23 15:04:42 | 000,203,608 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/06/04 07:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe -- (Greg_Service) ========== Driver Services (SafeList) ========== DRV:64bit: - [2010/12/22 15:08:50 | 000,154,256 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2010/12/13 08:40:21 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2010/12/13 08:40:21 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2010/08/12 12:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET) DRV:64bit: - [2009/09/23 15:04:52 | 000,025,944 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2009/08/05 21:59:48 | 000,987,648 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux) DRV:64bit: - [2009/07/13 19:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009/07/13 19:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 14:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009/06/10 14:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008/09/17 15:14:00 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Entech64.sys -- (ENTECH64) DRV - [2009/09/23 15:04:42 | 000,261,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\sftplaylh.sys -- (sftplay) DRV - [2009/09/23 15:04:42 | 000,017,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\SftVollh.sys -- (sftvol) DRV - [2009/09/23 15:04:38 | 000,712,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\SftFSlh.sys -- (sftfs) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=A...35v175r4871s24o IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=A...35v175r4871s24o IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z007&form=ZGAPHP IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.bing.com/?pc=Z007&form=ZGAPHP IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z007&form=ZGAPHP IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.bing.com/?pc=Z007&form=ZGAPHP IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2262635457-234178780-3350582580-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=A...35v175r4871s24o IE - HKU\S-1-5-21-2262635457-234178780-3350582580-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/ IE - HKU\S-1-5-21-2262635457-234178780-3350582580-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\software\mozilla\Minefield 4.0b11pre\extensions\\Components: C:\Program Files\Firefox\components [2011/02/01 10:36:44 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Minefield 4.0b11pre\extensions\\Plugins: C:\Program Files\Firefox\plugins [2010/07/27 03:12:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Extensions [2010/11/24 22:36:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\tyd2e1eq.default\extensions File not found (No name found) -- O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-2262635457-234178780-3350582580-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKU\S-1-5-19..\Run: [sidebar] File not found O4 - HKU\S-1-5-20..\Run: [sidebar] File not found O4 - HKU\S-1-5-21-2262635457-234178780-3350582580-1000..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com) O4 - HKU\S-1-5-21-2262635457-234178780-3350582580-1000..\Run: [Wakoopa] C:\Program Files (x86)\Wakoopa\Wakoopa.exe (Wakoopa) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found O4 - Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-2262635457-234178780-3350582580-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab (NVIDIA Smart Scan) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_23) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.91.3.46 64.91.3.60 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/02/02 10:41:12 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe [2011/02/01 19:30:43 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{8F0B5C08-67BC-435C-8D46-1F180FF3BC2C} [2011/02/01 11:19:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Project64 1.6 [2011/01/25 16:47:24 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 3.3 [2011/01/21 16:08:05 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\Socialist Party USA [2011/01/20 14:00:02 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Avira [2011/01/20 13:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011/01/20 13:02:30 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011/01/20 13:02:30 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011/01/20 13:02:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011/01/20 13:02:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2011/01/20 11:48:49 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Attack Surface Analyzer [2011/01/20 06:30:00 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2011/01/20 06:30:00 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2011/01/18 16:55:52 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\V3 Site [2011/01/18 06:23:40 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{1DD2A861-EA08-460D-A548-671F2A75A396} [2011/01/12 18:23:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xiph.Org [2011/01/12 18:23:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xiph.Org [2011/01/11 18:20:47 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{98208CDF-B275-41A9-BD7E-B6E50E2D1A8E} [2011/01/11 15:21:16 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\Debate [2011/01/05 20:34:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2011/01/03 11:15:51 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wascana [2011/01/03 11:15:13 | 000,000,000 | ---D | C] -- C:\Program Files\Wascana [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/02/02 10:41:12 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe [2011/02/02 10:39:51 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/02/02 10:39:51 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/02/02 10:39:15 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2262635457-234178780-3350582580-1000UA.job [2011/02/02 10:37:06 | 000,872,716 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011/02/02 10:37:06 | 000,726,418 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011/02/02 10:37:06 | 000,146,178 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011/02/02 10:32:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/02/02 10:32:19 | 335,044,607 | -HS- | M] () -- C:\hiberfil.sys [2011/02/02 00:53:15 | 000,002,611 | ---- | M] () -- C:\Users\Daniel\Desktop\Attach.zip [2011/02/02 00:35:44 | 000,000,000 | ---- | M] () -- C:\Users\Daniel\defogger_reenable [2011/02/01 20:09:35 | 021,960,114 | ---- | M] () -- C:\Users\Daniel\Documents\Speak.wmv [2011/02/01 20:09:35 | 021,960,114 | ---- | M] () -- C:\Users\Daniel\Desktop\Speak.wmv [2011/02/01 16:55:59 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2262635457-234178780-3350582580-1000Core.job [2011/02/01 16:54:20 | 000,002,769 | ---- | M] () -- C:\Users\Daniel\.recently-used.xbel [2011/01/31 20:40:10 | 000,001,182 | ---- | M] () -- C:\Users\Daniel\Documents\V3.png [2011/01/31 20:28:13 | 000,032,977 | ---- | M] () -- C:\Users\Daniel\Documents\Socialist Party USA logo.png [2011/01/31 06:51:30 | 002,055,170 | ---- | M] () -- C:\Users\Daniel\Documents\mc.docx [2011/01/30 15:56:11 | 003,714,713 | ---- | M] () -- C:\Users\Daniel\Documents\4th Amendment.pptx [2011/01/30 12:34:19 | 000,006,144 | ---- | M] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/01/26 07:07:37 | 000,399,880 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011/01/23 17:23:20 | 001,279,079 | ---- | M] () -- C:\Users\Daniel\Documents\ask obama.docx [2011/01/21 15:32:03 | 000,006,874 | ---- | M] () -- C:\Users\Daniel\Documents\test.svg [2011/01/21 15:31:14 | 000,006,894 | ---- | M] () -- C:\Users\Daniel\Documents\Socialist Party USA logo.svg [2011/01/21 14:14:14 | 000,014,228 | ---- | M] () -- C:\Users\Daniel\Documents\social logo.svg [2011/01/20 17:49:46 | 000,026,752 | ---- | M] () -- C:\Users\Daniel\windows.xml [2011/01/20 13:02:37 | 000,002,035 | ---- | M] () -- C:\Users\Public\Desktop\Avira.lnk [2011/01/20 12:28:30 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif [2011/01/18 17:10:36 | 000,007,600 | ---- | M] () -- C:\Users\Daniel\AppData\Local\resmon.resmoncfg [2011/01/10 21:51:38 | 002,379,459 | ---- | M] () -- C:\Users\Daniel\Documents\Refutation of the Collective Unconscious.docx [2011/01/09 12:32:26 | 000,001,306 | ---- | M] () -- C:\Users\Daniel\Documents\Box shadow bug.mht [2011/01/08 17:25:41 | 001,278,857 | ---- | M] () -- C:\Users\Daniel\Documents\hack forums pass.docx [2011/01/08 13:22:11 | 000,016,936 | ---- | M] () -- C:\Users\Daniel\Documents\Latin.docx [2011/01/07 21:27:00 | 000,067,176 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2011/01/07 21:27:00 | 000,057,960 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2011/01/07 21:27:00 | 000,007,621 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2011/01/03 16:01:30 | 002,829,203 | ---- | M] () -- C:\Users\Daniel\Documents\Programming things to remember.docx [2011/01/03 11:15:51 | 000,000,911 | ---- | M] () -- C:\Users\Daniel\Desktop\Eclipse.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/02/02 00:53:15 | 000,002,611 | ---- | C] () -- C:\Users\Daniel\Desktop\Attach.zip [2011/02/02 00:35:44 | 000,000,000 | ---- | C] () -- C:\Users\Daniel\defogger_reenable [2011/02/01 20:34:05 | 021,960,114 | ---- | C] () -- C:\Users\Daniel\Desktop\Speak.wmv [2011/02/01 20:07:34 | 021,960,114 | ---- | C] () -- C:\Users\Daniel\Documents\Speak.wmv [2011/02/01 16:54:20 | 000,002,769 | ---- | C] () -- C:\Users\Daniel\.recently-used.xbel [2011/01/31 20:39:34 | 000,001,182 | ---- | C] () -- C:\Users\Daniel\Documents\V3.png [2011/01/31 06:51:29 | 002,055,170 | ---- | C] () -- C:\Users\Daniel\Documents\mc.docx [2011/01/23 17:23:20 | 001,279,079 | ---- | C] () -- C:\Users\Daniel\Documents\ask obama.docx [2011/01/21 15:36:35 | 000,032,977 | ---- | C] () -- C:\Users\Daniel\Documents\Socialist Party USA logo.png [2011/01/21 15:28:09 | 000,006,874 | ---- | C] () -- C:\Users\Daniel\Documents\test.svg [2011/01/21 15:23:48 | 000,006,894 | ---- | C] () -- C:\Users\Daniel\Documents\Socialist Party USA logo.svg [2011/01/21 13:09:44 | 000,014,228 | ---- | C] () -- C:\Users\Daniel\Documents\social logo.svg [2011/01/20 13:02:37 | 000,002,035 | ---- | C] () -- C:\Users\Public\Desktop\Avira.lnk [2011/01/20 11:57:02 | 000,026,752 | ---- | C] () -- C:\Users\Daniel\windows.xml [2011/01/10 21:35:29 | 002,379,459 | ---- | C] () -- C:\Users\Daniel\Documents\Refutation of the Collective Unconscious.docx [2011/01/09 12:32:26 | 000,001,306 | ---- | C] () -- C:\Users\Daniel\Documents\Box shadow bug.mht [2011/01/08 17:25:41 | 001,278,857 | ---- | C] () -- C:\Users\Daniel\Documents\hack forums pass.docx [2011/01/03 11:15:51 | 000,000,911 | ---- | C] () -- C:\Users\Daniel\Desktop\Eclipse.lnk [2010/06/08 18:27:26 | 000,007,600 | ---- | C] () -- C:\Users\Daniel\AppData\Local\resmon.resmoncfg [2010/03/16 06:32:57 | 000,000,218 | ---- | C] () -- C:\Windows\iepreview.ini [2010/02/17 18:01:24 | 000,006,144 | ---- | C] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/01/11 16:28:22 | 000,889,810 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2007/11/28 06:32:00 | 001,163,264 | ---- | C] () -- C:\Windows\SysWow64\acAuth.dll ========== LOP Check ========== [2010/09/16 17:01:12 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Blender Foundation [2010/12/26 14:33:14 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Dev-Cpp [2011/02/02 10:32:53 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Dropbox [2009/12/30 10:23:09 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Foxit [2010/09/02 16:20:45 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\gtk-2.0 [2010/08/24 05:15:55 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\inkscape [2010/10/06 06:01:48 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\LibreOffice [2010/12/01 21:05:59 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Notepad++ [2010/01/11 16:29:40 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\NVD [2010/11/22 18:18:18 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Opera [2010/03/19 10:49:16 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Participatory Culture Foundation [2009/12/30 13:56:25 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\smc [2010/02/17 17:48:54 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\SoftGrid Client [2010/04/24 18:34:50 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Subversion [2010/02/15 21:22:24 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\TP [2009/12/30 18:41:30 | 000,000,304 | ---- | M] () -- C:\Windows\Tasks\Defraggler Volume C Task.job [2011/01/22 09:45:58 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > THE RKU LOG IS NOT ACHIEVABLE ON MY SYSTEM. The following error message on attempt to start is: http://img138.imageshack.us/img138/2855/18386850.png
  6. DanielHendrycks
    DDS (Ver_10-12-12.02) - NTFS_AMD64 Run by Daniel at 0:36:29.71 on Wed 02/02/2011 Internet Explorer: 9.0.7930.16406 BrowserJavaVersion: 1.6.0_23 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5887.3994 [GMT -6:00] AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe C:\Windows\system32\conhost.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe C:\Program Files (x86)\Wakoopa\Wakoopa.exe C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Users\Daniel\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Opera\opera.exe C:\Program Files (x86)\Adobe\Reader\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Reader\Reader\AcroRd32.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Users\Daniel\AppData\Local\Opera\Opera\temporary_downloads\Defogger.exe C:\Windows\system32\conhost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\Daniel\Desktop\dds.com C:\Windows\system32\conhost.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.bing.com/ uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17361209g106p0335v175r4871s24o uWindow Title = Microsoft Internet Explorer provided by CenturyLink mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17361209g106p0335v175r4871s24o BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [Google Update] "C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background uRun: [Wakoopa] C:\Program Files (x86)\Wakoopa\Wakoopa.exe mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min StartupFolder: C:\Users\Daniel\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe ================= FIREFOX =================== FF - ProfilePath - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\tyd2e1eq.default\ FF - plugin: C:\Program Files (x86)\Adobe\Reader\Reader\browser\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Daniel\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ============= SERVICES / DRIVERS =============== R1 VWiFiFlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-1-20 135336] R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-1-20 267944] R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2011-1-20 83120] R2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-6-4 1150496] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-9-23 447848] R2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2009-8-15 240160] R3 sftfs;sftfs;C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\SftFSlh.sys [2009-9-23 712536] R3 sftplay;sftplay;C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\sftplaylh.sys [2009-9-23 261480] R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2009-9-23 25944] R3 sftvol;sftvol;C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\SftVollh.sys [2009-9-23 17752] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-9-23 203608] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 cvhsvc;Client Virtualization Handler;"C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE" --> C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [?] S3 ENTECH64;ENTECH64;C:\Windows\System32\drivers\Entech64.sys [2010-2-8 12744] S3 netr28ux;Belkin USB Wireless LAN Card Driver for Vista;C:\Windows\System32\drivers\netr28ux.sys [2009-8-5 987648] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-9-26 4924336] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-2-23 1255736] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976] S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880] =============== Created Last 30 ================ 2011-02-02 01:30:43 -------- d-----w- C:\Users\Daniel\AppData\Local\{8F0B5C08-67BC-435C-8D46-1F180FF3BC2C} 2011-02-01 17:19:28 -------- d-----w- C:\Program Files (x86)\Project64 1.6 2011-02-01 16:22:22 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{0884DA47-E21F-4E05-8A37-DE465A4E65EB}\mpengine.dll 2011-01-23 03:19:57 737072 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2011-01-23 03:18:55 4277016 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2011-01-23 03:16:22 42776 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2011-01-20 20:00:02 -------- d-----w- C:\Users\Daniel\AppData\Roaming\Avira 2011-01-20 19:02:30 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys 2011-01-20 19:02:29 -------- d-----w- C:\Program Files (x86)\Avira 2011-01-20 19:02:29 -------- d-----w- C:\PROGRA~3\Avira 2011-01-20 17:48:49 -------- d-----w- C:\Users\Daniel\Attack Surface Analyzer 2011-01-18 12:23:40 -------- d-----w- C:\Users\Daniel\AppData\Local\{1DD2A861-EA08-460D-A548-671F2A75A396} 2011-01-13 00:23:07 -------- d-----w- C:\Program Files (x86)\Xiph.Org 2011-01-12 20:28:48 720896 ----a-w- C:\Windows\System32\odbc32.dll 2011-01-12 20:28:47 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll 2011-01-12 20:28:47 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll 2011-01-12 20:28:47 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll 2011-01-12 20:28:47 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll 2011-01-12 20:28:47 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll 2011-01-12 20:28:47 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll 2011-01-12 20:28:47 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll 2011-01-12 20:28:47 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll 2011-01-12 20:28:47 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll 2011-01-12 00:20:47 -------- d-----w- C:\Users\Daniel\AppData\Local\{98208CDF-B275-41A9-BD7E-B6E50E2D1A8E} 2011-01-08 02:49:34 795752 ----a-w- C:\Windows\System32\easyUpdatusAPIU64.dll 2011-01-08 02:49:28 6143080 ----a-w- C:\Windows\System32\nvcpl.dll 2011-01-08 02:49:10 3156072 ----a-w- C:\Windows\System32\nvsvc64.dll 2011-01-08 02:48:58 117864 ----a-w- C:\Windows\System32\nvmctray.dll 2011-01-08 02:48:58 1005160 ----a-w- C:\Windows\System32\nvvsvc.exe 2011-01-03 17:15:13 -------- d-----w- C:\Program Files\Wascana ==================== Find3M ==================== 2010-12-26 21:31:10 521448 ----a-w- C:\Windows\System32\deployJava1.dll 2010-12-26 20:37:47 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2010-12-22 21:08:52 173840 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys 2010-12-22 21:08:50 54864 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys 2010-12-22 21:08:50 226448 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys 2010-12-22 21:08:50 154256 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys 2010-12-22 21:08:48 318992 ----a-w- C:\Windows\System32\VBoxNetFltNotify.dll 2010-12-21 00:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2010-11-10 08:54:18 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll 2010-11-10 08:28:46 301936 ----a-w- C:\Windows\WLXPGSS.SCR 2010-11-09 03:55:57 1502208 ----a-w- C:\Windows\System32\inetcpl.cpl 2010-11-09 03:52:06 2381824 ----a-w- C:\Windows\System32\mshtml.tlb ============= FINISH: 0:36:55.11 =============== Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5657 Windows 6.1.7600 Internet Explorer 9.0.7930.16406 2/1/2011 21:36:23 mbam-log-2011-02-01 (21-36-23).txt Scan type: Quick scan Objects scanned: 156184 Time elapsed: 46 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 3 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 13 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{52794457-af6c-4c50-9def-f2e24f4c8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\WhiteSmokeTranslator (PUP.WhiteSmoke) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\WhiteSmokeTranslator (PUP.WhiteSmoke) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: c:\Windows\System32\config\systemprofile\AppData\Roaming\whitesmokesetup (PUP.WhiteSmoke) -> Quarantined and deleted successfully. Files Infected: c:\Windows\System32\config\systemprofile\AppData\Roaming\whitesmokesetup\0x0409.ini (PUP.WhiteSmoke) -> Quarantined and deleted successfully. c:\Windows\System32\config\systemprofile\AppData\Roaming\whitesmokesetup\config.txt (PUP.WhiteSmoke) -> Quarantined and deleted successfully. c:\Windows\System32\config\systemprofile\AppData\Roaming\whitesmokesetup\data1.cab (PUP.WhiteSmoke) -> Quarantined and deleted successfully. c:\Windows\System32\config\systemprofile\AppData\Roaming\whitesmokesetup\data1.hdr (PUP.WhiteSmoke) -> Quarantined and deleted successfully. c:\Windows\System32\config\systemprofile\AppData\Roaming\whitesmokesetup\data2.cab (PUP.WhiteSmoke) -> Quarantined and deleted successfully. c:\Windows\System32\config\systemprofile\AppData\Roaming\whitesmokesetup\ISSetup.dll (PUP.WhiteSmoke) -> Quarantined and deleted successfully. c:\Windows\System32\config\systemprofile\AppData\Roaming\whitesmokesetup\layout.bin (PUP.WhiteSmoke) -> Quarantined and deleted successfully. c:\Windows\System32\config\systemprofile\AppData\Roaming\whitesmokesetup\setup.exe (PUP.WhiteSmoke) -> Quarantined and deleted successfully. c:\Windows\System32\config\systemprofile\AppData\Roaming\whitesmokesetup\setup.ini (PUP.WhiteSmoke) -> Quarantined and deleted successfully. c:\Windows\System32\config\systemprofile\AppData\Roaming\whitesmokesetup\setup.inx (PUP.WhiteSmoke) -> Quarantined and deleted successfully. c:\Windows\System32\config\systemprofile\AppData\Roaming\whitesmokesetup\setup.iss (PUP.WhiteSmoke) -> Quarantined and deleted successfully. c:\Windows\System32\config\systemprofile\AppData\Roaming\whitesmokesetup\setup.log (PUP.WhiteSmoke) -> Quarantined and deleted successfully. c:\Windows\System32\config\systemprofile\AppData\Roaming\whitesmokesetup\setup.ocx (PUP.WhiteSmoke) -> Quarantined and deleted successfully. Attach.zip
  7. DanielHendrycks
    /* MBAM Log */ Malwarebytes' Anti-Malware 1.42 Database version: 3436 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 12/26/2009 9:00:23 PM mbam-log-2009-12-26 (21-00-23).txt Scan type: Quick Scan Objects scanned: 90256 Time elapsed: 2 minute(s), 16 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) /* DDS Part */ DDS (Ver_10-11-27.01) - NTFS_AMD64 Run by Daniel at 17:27:36.21 on Sun 11/28/2010 Internet Explorer: 9.0.7930.16406 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5887.3635 [GMT -6:00] ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\SysWOW64\svchost.exe -k netsvcs C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe C:\Program Files (x86)\Wakoopa\Wakoopa.exe C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\AMD\Power Profile Client\PPC.exe c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Opera\Opera.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\LibreOffice 3\program\soffice.exe C:\Program Files (x86)\LibreOffice 3\program\soffice.bin C:\Users\Daniel\AppData\Local\Opera\Opera\temporary_downloads\Defogger.exe C:\Windows\system32\conhost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Daniel\AppData\Local\Opera\Opera\temporary_downloads\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.bing.com/ uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17361209g106p0335v175r4871s24o uWindow Title = Microsoft Internet Explorer provided by CenturyLink mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17361209g106p0335v175r4871s24o BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files (x86)\whitesmoketoolbar\whitesmoketoolbarX.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files (x86)\whitesmoketoolbar\whitesmoketoolbarX.dll TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [Google Update] "C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background uRun: [Wakoopa] C:\Program Files (x86)\Wakoopa\Wakoopa.exe mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe mRun: [PPC] C:\Program Files (x86)\AMD\Power Profile Client\ppc.exe mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" dRun: [EqCAlppKDp.exe] C:\Windows\TEMP\EqCAlppKDp.exe StartupFolder: C:\Users\Daniel\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\Users\Daniel\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LIBREO~1.LNK - C:\Program Files (x86)\LibreOffice 3\program\quickstart.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) /* Attach.zip contains attach.txt and ark.txt */ /* Thanks! */ Attach.zip
  8. DanielHendrycks
    Update: Forgot to say my Anti-Virus is Microsoft Security Essentials, GT500 recommended that to me, along with some others.
  9. DanielHendrycks
    I know using Java as the decoder and player is unheard of, except with with Cortado, but I was willing to take the risk. Come to think of it, I only use Java once in a Black Swan, so I think I'll uninstall it now. (Wish I could do the same for Flash, but HTML5 isn't far enough along, yet.)
  10. DanielHendrycks
    Hulu wasn't in the Search results, like it would if it would have the episode. I am doing some scanning with my AV then MBAM, again, since my browser (Opera ) keeps opening a fraud site, because of the virus. So I reported it to NetCraft and soon all browsers with Phishtank should get a warning. So, in all, I am kinda happy I did it, so others can be notified about it.
  11. DanielHendrycks
    Thank you for taking care of my computer. Yesterday, I was looking for a one minute fragment of Law and Order, and the only ways were to pay for the episode, but I only wanted to see just a minute. So I decided to look for it and there was a video site, but the video player wanted to run Java; I was 90% sure this was a virus, but I took the risk, just in case it was the episode. It was a virus, then I did the scan and it took care of everything, 15 viruses, in fact. Thanks MBAM! (If you want to snip the part about me looking for the fragment, then fine)
  12. DanielHendrycks
    I don't see it in my jun or normal inbox...
  13. DanielHendrycks
    "We'll have a beta out shortly." Awesome
  14. DanielHendrycks
    Awesome, hopefully they'll sent the e-mail in an hour or so
  15. DanielHendrycks
    Thanks
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.