Sign in to follow this  
NYMan85

Can't run adaware (can't connect to service)

Recommended Posts

My computer is infected to the point where I can't find just about any malware removal program except for SpyBot. I get the "failed to connect to service" error when trying to run Ad-Aware. I have used Revo to uninstall and reinstall, to no avail. In "Services", the status for this process is blank; when I click "start", I get the error message,

"Windows could not start the Lavasoft Ad-Aware service on Local Computer.

Error 5: Access is denied."

I'm not sure Ad-aware will fix the problem (it was "Guard Online" that I've thoroughly researched; none of the methods have worked in fixing the problems my computer has been having; a general slowness to everything and websites redirecting to other sites) but I would like to have it run. Any suggestions?

Share this post


Link to post
Share on other sites
Hi NYMan85,

Malware can stop installation of security programs.

Please, to get help with cleaning your computer follow the instructions in the topic [url="http://www.lavasoftsupport.com/index.php?showtopic=30823"]Read This Before You Post![/url] and I will move your topic to the forum [url="http://www.lavasoftsupport.com/index.php?showforum=36"]Help with Stubborn Infections[/url].

Share this post


Link to post
Share on other sites
[quote name='CeciliaB' post='129958' date='Oct 16 2011, 04:45 AM']Hi NYMan85,

Malware can stop installation of security programs.

Please, to get help with cleaning your computer follow the instructions in the topic [url="http://www.lavasoftsupport.com/index.php?showtopic=30823"]Read This Before You Post![/url] and I will move your topic to the forum [url="http://www.lavasoftsupport.com/index.php?showforum=36"]Help with Stubborn Infections[/url].[/quote]
Thanks for the reply. I ran the OLT program and it did seem like the program ran, but no notepad windows appeared. I tried this twice, saving to both my 'Downloads' folder and 'Desktop' and I cannot find any new notepad files that would contain the information requested.

Share this post


Link to post
Share on other sites
You are welcome :)

1.
Please, start the computer in 'Safe mode with network".
The infection has changed the proxy settings. Restore them in the following way:

Control panel - Internet Options - Connections - LAN settings
Click on Advanced
Remove content in such a way that all fields belonging to the header "Servers" are empty.
Click OK
If anything in the field Address, remove it.
Uncheck "Use a proxy server..."

If you use Firefox:
Firefox - Tools - Properties - Advanced - Network - Settings
Select "No proxy".

2.
Please, save TDSSKiller on the Desktop (still in 'Safe mode with network'):
[url="http://support.kaspersky.com/downloads/utils/tdsskiller.zip"]http://support.kaspersky.com/downloads/utils/tdsskiller.zip[/url]

Right-click and select [b]Extract all[/b]. Remember the location of the extracted file.
Turn off all programs.
Run the program TDSSKiller.exe which is the file you extracted.

Click on [b]Start Scan[/b].

If any threats are found select [b]Cure [/b]and click [b]Continue[/b]. If [b]Cure [/b]isn't available select [b]Skip. [/b]Do NOT select Quarantine or Delete.
The computer might need a restart.

Paste the content of the TDSSKiller log which is located in the folder C:\ with the name TDSSKiller followed by version and time.

3.
Please, delete the OTL files that you have downloaded.
Now download and run OTL again.

PS.
Note that you are not supposed to run ComboFix without guidance since it is a powerful that can destroy Windows if not used in a proper way.

Share this post


Link to post
Share on other sites
@skybox999:
Your post has been moved to its own separate topic: http://www.lavasoftsupport.com/index.php?/topic/31879-skybox999-splitted-from-other-topic/

Share this post


Link to post
Share on other sites
Sorry for not replying until now. I was able to do the aforementioned steps. When I rebooted, the "Use a proxy server" was still checked under IE options, but that's probably normal as this PC is infected pretty badly. Here are following logs:

TDSSKiller.2.6.14.0_30.10.2011_17.57.39_log.txt

a17:57:39.0203 1896 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
17:57:39.0343 1896 ============================================================
17:57:39.0343 1896 Current date / time: 2011/10/30 17:57:39.0343
17:57:39.0343 1896 SystemInfo:
17:57:39.0343 1896
17:57:39.0343 1896 OS Version: 6.0.6002 ServicePack: 2.0
17:57:39.0343 1896 Product type: Workstation
17:57:39.0343 1896 ComputerName: MIKE-PC
17:57:39.0343 1896 UserName: mike
17:57:39.0343 1896 Windows directory: C:\Windows
17:57:39.0343 1896 System windows directory: C:\Windows
17:57:39.0343 1896 Processor architecture: Intel x86
17:57:39.0343 1896 Number of processors: 2
17:57:39.0343 1896 Page size: 0x1000
17:57:39.0343 1896 Boot type: Safe boot with network
17:57:39.0343 1896 ============================================================
17:57:40.0607 1896 Initialize success
17:57:41.0964 2284 ============================================================
17:57:41.0964 2284 Scan started
17:57:41.0964 2284 Mode: Manual;
17:57:41.0964 2284 ============================================================
17:57:43.0165 2284 22ced8d6 (704947e61adb812445496fb4660d59f2) C:\Windows\3604532770:3710986025.exe
17:57:43.0165 2284 Suspicious file (Hidden): C:\Windows\3604532770:3710986025.exe. md5: 704947e61adb812445496fb4660d59f2
17:57:43.0165 2284 22ced8d6 ( Rootkit.Win32.PMax.gen ) - infected
17:57:43.0165 2284 22ced8d6 - detected Rootkit.Win32.PMax.gen (0)
17:57:43.0243 2284 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
17:57:43.0259 2284 ACPI - ok
17:57:43.0306 2284 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
17:57:43.0321 2284 adp94xx - ok
17:57:43.0337 2284 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
17:57:43.0353 2284 adpahci - ok
17:57:43.0384 2284 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
17:57:43.0384 2284 adpu160m - ok
17:57:43.0399 2284 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
17:57:43.0415 2284 adpu320 - ok
17:57:43.0462 2284 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
17:57:43.0462 2284 AFD - ok
17:57:43.0509 2284 AgereSoftModem (5d97943c128ed756d1b0a08302c1b1f8) C:\Windows\system32\DRIVERS\AGRSM.sys
17:57:43.0540 2284 AgereSoftModem - ok
17:57:43.0571 2284 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
17:57:43.0571 2284 agp440 - ok
17:57:43.0602 2284 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
17:57:43.0602 2284 aic78xx - ok
17:57:43.0618 2284 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
17:57:43.0618 2284 aliide - ok
17:57:43.0649 2284 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
17:57:43.0649 2284 amdagp - ok
17:57:43.0665 2284 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
17:57:43.0665 2284 amdide - ok
17:57:43.0696 2284 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
17:57:43.0696 2284 AmdK7 - ok
17:57:43.0711 2284 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
17:57:43.0711 2284 AmdK8 - ok
17:57:43.0758 2284 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
17:57:43.0758 2284 arc - ok
17:57:43.0774 2284 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
17:57:43.0774 2284 arcsas - ok
17:57:43.0805 2284 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
17:57:43.0821 2284 AsyncMac - ok
17:57:43.0852 2284 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
17:57:43.0852 2284 atapi - ok
17:57:43.0883 2284 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
17:57:43.0883 2284 Beep - ok
17:57:43.0930 2284 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
17:57:43.0930 2284 blbdrive - ok
17:57:43.0961 2284 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
17:57:43.0961 2284 bowser - ok
17:57:43.0977 2284 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
17:57:43.0977 2284 BrFiltLo - ok
17:57:44.0008 2284 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
17:57:44.0008 2284 BrFiltUp - ok
17:57:44.0023 2284 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
17:57:44.0023 2284 Brserid - ok
17:57:44.0055 2284 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
17:57:44.0055 2284 BrSerWdm - ok
17:57:44.0070 2284 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
17:57:44.0070 2284 BrUsbMdm - ok
17:57:44.0086 2284 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
17:57:44.0086 2284 BrUsbSer - ok
17:57:44.0117 2284 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
17:57:44.0117 2284 BTHMODEM - ok
17:57:44.0148 2284 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
17:57:44.0148 2284 cdfs - ok
17:57:44.0179 2284 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
17:57:44.0195 2284 cdrom - ok
17:57:44.0211 2284 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
17:57:44.0211 2284 circlass - ok
17:57:44.0257 2284 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
17:57:44.0257 2284 CLFS - ok
17:57:44.0320 2284 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
17:57:44.0320 2284 CmBatt - ok
17:57:44.0351 2284 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
17:57:44.0351 2284 cmdide - ok
17:57:44.0367 2284 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
17:57:44.0367 2284 Compbatt - ok
17:57:44.0398 2284 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
17:57:44.0398 2284 crcdisk - ok
17:57:44.0413 2284 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
17:57:44.0413 2284 Crusoe - ok
17:57:44.0476 2284 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
17:57:44.0476 2284 DfsC - ok
17:57:44.0538 2284 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
17:57:44.0554 2284 disk - ok
17:57:44.0601 2284 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
17:57:44.0601 2284 Dot4 - ok
17:57:44.0616 2284 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
17:57:44.0616 2284 Dot4Print - ok
17:57:44.0663 2284 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
17:57:44.0663 2284 dot4usb - ok
17:57:44.0710 2284 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
17:57:44.0710 2284 drmkaud - ok
17:57:44.0757 2284 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
17:57:44.0788 2284 DXGKrnl - ok
17:57:44.0803 2284 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
17:57:44.0803 2284 E1G60 - ok
17:57:44.0866 2284 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
17:57:44.0866 2284 Ecache - ok
17:57:44.0913 2284 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
17:57:44.0928 2284 elxstor - ok
17:57:44.0959 2284 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
17:57:44.0959 2284 ErrDev - ok
17:57:45.0022 2284 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
17:57:45.0022 2284 exfat - ok
17:57:45.0069 2284 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
17:57:45.0069 2284 fastfat - ok
17:57:45.0115 2284 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
17:57:45.0115 2284 fdc - ok
17:57:45.0147 2284 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
17:57:45.0147 2284 FileInfo - ok
17:57:45.0162 2284 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
17:57:45.0178 2284 Filetrace - ok
17:57:45.0193 2284 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
17:57:45.0193 2284 flpydisk - ok
17:57:45.0225 2284 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
17:57:45.0225 2284 FltMgr - ok
17:57:45.0287 2284 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
17:57:45.0287 2284 Fs_Rec - ok
17:57:45.0318 2284 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
17:57:45.0318 2284 FwLnk - ok
17:57:45.0349 2284 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
17:57:45.0349 2284 gagp30kx - ok
17:57:45.0474 2284 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
17:57:45.0474 2284 HdAudAddService - ok
17:57:45.0537 2284 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:57:45.0537 2284 HDAudBus - ok
17:57:45.0568 2284 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
17:57:45.0568 2284 HidBth - ok
17:57:45.0599 2284 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
17:57:45.0599 2284 HidIr - ok
17:57:45.0630 2284 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
17:57:45.0630 2284 HidUsb - ok
17:57:45.0646 2284 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
17:57:45.0661 2284 HpCISSs - ok
17:57:45.0724 2284 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
17:57:45.0724 2284 HTTP - ok
17:57:45.0755 2284 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
17:57:45.0755 2284 i2omp - ok
17:57:45.0786 2284 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
17:57:45.0786 2284 i8042prt - ok
17:57:45.0817 2284 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
17:57:45.0817 2284 iaStorV - ok
17:57:46.0067 2284 igfx (dce0b53570703cce580d066f89ef58cd) C:\Windows\system32\DRIVERS\igdkmd32.sys
17:57:46.0239 2284 igfx - ok
17:57:46.0254 2284 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
17:57:46.0254 2284 iirsp - ok
17:57:46.0317 2284 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
17:57:46.0317 2284 intelide - ok
17:57:46.0348 2284 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
17:57:46.0363 2284 intelppm - ok
17:57:46.0379 2284 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:57:46.0379 2284 IpFilterDriver - ok
17:57:46.0395 2284 IpInIp - ok
17:57:46.0426 2284 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
17:57:46.0426 2284 IPMIDRV - ok
17:57:46.0457 2284 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
17:57:46.0457 2284 IPNAT - ok
17:57:46.0473 2284 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
17:57:46.0473 2284 IRENUM - ok
17:57:46.0504 2284 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
17:57:46.0504 2284 isapnp - ok
17:57:46.0535 2284 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
17:57:46.0535 2284 iScsiPrt - ok
17:57:46.0566 2284 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
17:57:46.0566 2284 iteatapi - ok
17:57:46.0582 2284 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
17:57:46.0582 2284 iteraid - ok
17:57:46.0597 2284 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
17:57:46.0597 2284 kbdclass - ok
17:57:46.0629 2284 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
17:57:46.0629 2284 kbdhid - ok
17:57:46.0660 2284 KR10I (e8ca038f51f7761bd6e3a3b0b8014263) C:\Windows\system32\drivers\kr10i.sys
17:57:46.0660 2284 KR10I - ok
17:57:46.0691 2284 KR10N (6a4adb9186dd0e114e623daf57e42b31) C:\Windows\system32\drivers\kr10n.sys
17:57:46.0691 2284 KR10N - ok
17:57:46.0738 2284 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
17:57:46.0753 2284 KSecDD - ok
17:57:46.0831 2284 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
17:57:46.0831 2284 Lavasoft Kernexplorer - ok
17:57:46.0863 2284 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys
17:57:46.0863 2284 Lbd - ok
17:57:46.0894 2284 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
17:57:46.0894 2284 lltdio - ok
17:57:46.0925 2284 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
17:57:46.0925 2284 LSI_FC - ok
17:57:46.0972 2284 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
17:57:46.0972 2284 LSI_SAS - ok
17:57:46.0987 2284 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
17:57:46.0987 2284 LSI_SCSI - ok
17:57:47.0019 2284 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
17:57:47.0019 2284 luafv - ok
17:57:47.0034 2284 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
17:57:47.0034 2284 megasas - ok
17:57:47.0081 2284 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
17:57:47.0081 2284 MegaSR - ok
17:57:47.0112 2284 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
17:57:47.0112 2284 Modem - ok
17:57:47.0143 2284 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
17:57:47.0143 2284 monitor - ok
17:57:47.0159 2284 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
17:57:47.0159 2284 mouclass - ok
17:57:47.0190 2284 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\drivers\mouhid.sys
17:57:47.0190 2284 mouhid - ok
17:57:47.0206 2284 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
17:57:47.0206 2284 MountMgr - ok
17:57:47.0253 2284 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
17:57:47.0253 2284 mpio - ok
17:57:47.0284 2284 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
17:57:47.0284 2284 mpsdrv - ok
17:57:47.0299 2284 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
17:57:47.0299 2284 Mraid35x - ok
17:57:47.0346 2284 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
17:57:47.0346 2284 MRxDAV - ok
17:57:47.0362 2284 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:57:47.0377 2284 mrxsmb - ok
17:57:47.0393 2284 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:57:47.0409 2284 mrxsmb10 - ok
17:57:47.0424 2284 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:57:47.0424 2284 mrxsmb20 - ok
17:57:47.0455 2284 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
17:57:47.0455 2284 msahci - ok
17:57:47.0487 2284 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
17:57:47.0487 2284 msdsm - ok
17:57:47.0518 2284 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
17:57:47.0518 2284 Msfs - ok
17:57:47.0580 2284 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
17:57:47.0580 2284 msisadrv - ok
17:57:47.0611 2284 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
17:57:47.0611 2284 MSKSSRV - ok
17:57:47.0627 2284 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
17:57:47.0643 2284 MSPCLOCK - ok
17:57:47.0643 2284 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
17:57:47.0643 2284 MSPQM - ok
17:57:47.0674 2284 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
17:57:47.0689 2284 MsRPC - ok
17:57:47.0705 2284 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
17:57:47.0705 2284 mssmbios - ok
17:57:47.0736 2284 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
17:57:47.0736 2284 MSTEE - ok
17:57:47.0752 2284 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
17:57:47.0752 2284 Mup - ok
17:57:47.0814 2284 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
17:57:47.0814 2284 NativeWifiP - ok
17:57:47.0861 2284 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
17:57:47.0877 2284 NDIS - ok
17:57:47.0908 2284 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
17:57:47.0923 2284 NdisTapi - ok
17:57:47.0939 2284 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
17:57:47.0939 2284 Ndisuio - ok
17:57:47.0986 2284 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
17:57:47.0986 2284 NdisWan - ok
17:57:48.0017 2284 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
17:57:48.0017 2284 NDProxy - ok
17:57:48.0033 2284 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
17:57:48.0033 2284 NetBIOS - ok
17:57:48.0064 2284 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
17:57:48.0064 2284 netbt - ok
17:57:48.0111 2284 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
17:57:48.0111 2284 nfrd960 - ok
17:57:48.0126 2284 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
17:57:48.0126 2284 Npfs - ok
17:57:48.0157 2284 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
17:57:48.0157 2284 nsiproxy - ok
17:57:48.0220 2284 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
17:57:48.0251 2284 Ntfs - ok
17:57:48.0282 2284 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
17:57:48.0282 2284 ntrigdigi - ok
17:57:48.0298 2284 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
17:57:48.0298 2284 Null - ok
17:57:48.0329 2284 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
17:57:48.0329 2284 nvraid - ok
17:57:48.0376 2284 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
17:57:48.0376 2284 nvstor - ok
17:57:48.0407 2284 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
17:57:48.0407 2284 nv_agp - ok
17:57:48.0407 2284 NwlnkFlt - ok
17:57:48.0423 2284 NwlnkFwd - ok
17:57:48.0485 2284 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
17:57:48.0485 2284 ohci1394 - ok
17:57:48.0516 2284 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
17:57:48.0516 2284 Parport - ok
17:57:48.0579 2284 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
17:57:48.0579 2284 partmgr - ok
17:57:48.0594 2284 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
17:57:48.0594 2284 Parvdm - ok
17:57:48.0625 2284 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
17:57:48.0625 2284 pci - ok
17:57:48.0672 2284 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
17:57:48.0672 2284 pciide - ok
17:57:48.0688 2284 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
17:57:48.0703 2284 pcmcia - ok
17:57:48.0735 2284 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
17:57:48.0766 2284 PEAUTH - ok
17:57:48.0828 2284 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
17:57:48.0828 2284 PptpMiniport - ok
17:57:48.0859 2284 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
17:57:48.0859 2284 Processor - ok
17:57:48.0891 2284 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
17:57:48.0891 2284 PSched - ok
17:57:48.0922 2284 PxHelp20 (b572ed0c3e6165643fa116af20425a54) C:\Windows\system32\Drivers\PxHelp20.sys
17:57:48.0922 2284 PxHelp20 - ok
17:57:48.0984 2284 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
17:57:49.0015 2284 ql2300 - ok
17:57:49.0047 2284 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
17:57:49.0047 2284 ql40xx - ok
17:57:49.0078 2284 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
17:57:49.0078 2284 QWAVEdrv - ok
17:57:49.0093 2284 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
17:57:49.0109 2284 RasAcd - ok
17:57:49.0125 2284 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:57:49.0125 2284 Rasl2tp - ok
17:57:49.0156 2284 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
17:57:49.0171 2284 RasPppoe - ok
17:57:49.0203 2284 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
17:57:49.0203 2284 RasSstp - ok
17:57:49.0249 2284 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
17:57:49.0249 2284 rdbss - ok
17:57:49.0265 2284 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:57:49.0265 2284 RDPCDD - ok
17:57:49.0312 2284 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
17:57:49.0312 2284 rdpdr - ok
17:57:49.0327 2284 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
17:57:49.0327 2284 RDPENCDD - ok
17:57:49.0343 2284 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
17:57:49.0359 2284 RDPWD - ok
17:57:49.0421 2284 Revoflt (b9bb8e2093c1615ad6ea55ad96214354) C:\Windows\system32\DRIVERS\revoflt.sys
17:57:49.0421 2284 Revoflt - ok
17:57:49.0468 2284 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
17:57:49.0468 2284 rspndr - ok
17:57:49.0499 2284 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
17:57:49.0499 2284 RTL8169 - ok
17:57:49.0546 2284 RTL8187B (7fe5089eb5f624899de08c30db4377fc) C:\Windows\system32\DRIVERS\RTL8187B.sys
17:57:49.0561 2284 RTL8187B - ok
17:57:49.0593 2284 RTSTOR (9ff7d9cf3a5f296613588b0e8db83afe) C:\Windows\system32\drivers\RTSTOR.SYS
17:57:49.0593 2284 RTSTOR - ok
17:57:49.0624 2284 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
17:57:49.0624 2284 sbp2port - ok
17:57:49.0671 2284 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:57:49.0671 2284 secdrv - ok
17:57:49.0717 2284 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
17:57:49.0717 2284 Serenum - ok
17:57:49.0733 2284 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
17:57:49.0749 2284 Serial - ok
17:57:49.0764 2284 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
17:57:49.0764 2284 sermouse - ok
17:57:49.0795 2284 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
17:57:49.0795 2284 sffdisk - ok
17:57:49.0811 2284 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
17:57:49.0827 2284 sffp_mmc - ok
17:57:49.0827 2284 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
17:57:49.0827 2284 sffp_sd - ok
17:57:49.0858 2284 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
17:57:49.0858 2284 sfloppy - ok
17:57:49.0889 2284 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
17:57:49.0889 2284 sisagp - ok
17:57:49.0905 2284 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
17:57:49.0905 2284 SiSRaid2 - ok
17:57:49.0936 2284 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
17:57:49.0936 2284 SiSRaid4 - ok
17:57:49.0983 2284 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
17:57:49.0983 2284 Smb - ok
17:57:50.0014 2284 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
17:57:50.0014 2284 spldr - ok
17:57:50.0061 2284 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
17:57:50.0061 2284 srv - ok
17:57:50.0092 2284 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
17:57:50.0092 2284 srv2 - ok
17:57:50.0123 2284 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
17:57:50.0123 2284 srvnet - ok
17:57:50.0154 2284 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
17:57:50.0154 2284 StillCam - ok
17:57:50.0201 2284 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
17:57:50.0217 2284 swenum - ok
17:57:50.0232 2284 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
17:57:50.0232 2284 Symc8xx - ok
17:57:50.0279 2284 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
17:57:50.0279 2284 Sym_hi - ok
17:57:50.0310 2284 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
17:57:50.0310 2284 Sym_u3 - ok
17:57:50.0373 2284 SynTP (70534d1e4f9ac990536d5fb5b550b3de) C:\Windows\system32\DRIVERS\SynTP.sys
17:57:50.0373 2284 SynTP - ok
17:57:50.0435 2284 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
17:57:50.0451 2284 Tcpip - ok
17:57:50.0482 2284 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
17:57:50.0482 2284 Tcpip6 - ok
17:57:50.0513 2284 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
17:57:50.0513 2284 tcpipreg - ok
17:57:50.0575 2284 tdcmdpst (6fdfba25002ce4bac463ac866ae71405) C:\Windows\system32\DRIVERS\tdcmdpst.sys
17:57:50.0575 2284 tdcmdpst - ok
17:57:50.0607 2284 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
17:57:50.0607 2284 TDPIPE - ok
17:57:50.0638 2284 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
17:57:50.0638 2284 TDTCP - ok
17:57:50.0669 2284 tdx (31396184b0e2d25a1f5fb38d88b89353) C:\Windows\system32\DRIVERS\tdx.sys
17:57:50.0669 2284 Suspicious file (Forged): C:\Windows\system32\DRIVERS\tdx.sys. Real md5: 31396184b0e2d25a1f5fb38d88b89353, Fake md5: 76b06eb8a01fc8624d699e7045303e54
17:57:50.0669 2284 tdx ( Rootkit.Win32.ZAccess.j ) - infected
17:57:50.0669 2284 tdx - detected Rootkit.Win32.ZAccess.j (0)
17:57:50.0716 2284 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
17:57:50.0716 2284 TermDD - ok
17:57:50.0763 2284 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:57:50.0763 2284 tssecsrv - ok
17:57:50.0809 2284 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
17:57:50.0809 2284 tunmp - ok
17:57:50.0825 2284 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
17:57:50.0825 2284 tunnel - ok
17:57:50.0856 2284 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
17:57:50.0856 2284 TVALZ - ok
17:57:50.0872 2284 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
17:57:50.0872 2284 uagp35 - ok
17:57:50.0919 2284 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
17:57:50.0919 2284 udfs - ok
17:57:50.0965 2284 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
17:57:50.0965 2284 uliagpkx - ok
17:57:50.0997 2284 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
17:57:50.0997 2284 uliahci - ok
17:57:51.0012 2284 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
17:57:51.0012 2284 UlSata - ok
17:57:51.0028 2284 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
17:57:51.0043 2284 ulsata2 - ok
17:57:51.0090 2284 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
17:57:51.0090 2284 umbus - ok
17:57:51.0121 2284 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
17:57:51.0121 2284 usbccgp - ok
17:57:51.0137 2284 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
17:57:51.0137 2284 usbcir - ok
17:57:51.0184 2284 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
17:57:51.0184 2284 usbehci - ok
17:57:51.0215 2284 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
17:57:51.0215 2284 usbhub - ok
17:57:51.0231 2284 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
17:57:51.0246 2284 usbohci - ok
17:57:51.0277 2284 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
17:57:51.0277 2284 usbprint - ok
17:57:51.0324 2284 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
17:57:51.0324 2284 usbscan - ok
17:57:51.0340 2284 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:57:51.0340 2284 USBSTOR - ok
17:57:51.0371 2284 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
17:57:51.0371 2284 usbuhci - ok
17:57:51.0402 2284 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
17:57:51.0418 2284 usbvideo - ok
17:57:51.0449 2284 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
17:57:51.0449 2284 vga - ok
17:57:51.0496 2284 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
17:57:51.0496 2284 VgaSave - ok
17:57:51.0511 2284 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
17:57:51.0511 2284 viaagp - ok
17:57:51.0543 2284 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
17:57:51.0543 2284 ViaC7 - ok
17:57:51.0558 2284 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
17:57:51.0558 2284 viaide - ok
17:57:51.0605 2284 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
17:57:51.0605 2284 volmgr - ok
17:57:51.0636 2284 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
17:57:51.0636 2284 volmgrx - ok
17:57:51.0667 2284 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
17:57:51.0667 2284 volsnap - ok
17:57:51.0699 2284 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
17:57:51.0714 2284 vsmraid - ok
17:57:51.0745 2284 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
17:57:51.0745 2284 WacomPen - ok
17:57:51.0777 2284 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:57:51.0777 2284 Wanarp - ok
17:57:51.0777 2284 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:57:51.0792 2284 Wanarpv6 - ok
17:57:51.0808 2284 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
17:57:51.0808 2284 Wd - ok
17:57:51.0823 2284 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
17:57:51.0839 2284 Wdf01000 - ok
17:57:51.0901 2284 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
17:57:51.0901 2284 WmiAcpi - ok
17:57:51.0979 2284 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
17:57:51.0979 2284 WpdUsb - ok
17:57:51.0995 2284 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
17:57:51.0995 2284 ws2ifsl - ok
17:57:52.0057 2284 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:57:52.0073 2284 WUDFRd - ok
17:57:52.0104 2284 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
17:57:52.0120 2284 \Device\Harddisk0\DR0 - ok
17:57:52.0120 2284 Boot (0x1200) (77699da548a86b7872752bd0aeb85be0) \Device\Harddisk0\DR0\Partition0
17:57:52.0120 2284 \Device\Harddisk0\DR0\Partition0 - ok
17:57:52.0120 2284 ============================================================
17:57:52.0120 2284 Scan finished
17:57:52.0120 2284 ============================================================
17:57:52.0135 4200 Detected object count: 2
17:57:52.0135 4200 Actual detected object count: 2
17:58:43.0631 4200 22ced8d6 ( Rootkit.Win32.PMax.gen ) - skipped by user
17:58:43.0631 4200 22ced8d6 ( Rootkit.Win32.PMax.gen ) - User select action: Skip
17:58:43.0865 4200 Backup copy found, using it..
17:58:43.0881 4200 C:\Windows\system32\DRIVERS\tdx.sys - will be cured on reboot
17:58:43.0881 4200 tdx ( Rootkit.Win32.ZAccess.j ) - User select action: Cure
17:59:26.0859 3232 Deinitialize success
OTL.txt

OTL logfile created on: 10/30/2011 6:04:23 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\mike\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.98 Gb Available Physical Memory | 68.91% Memory free
5.94 Gb Paging File | 5.13 Gb Available in Paging File | 86.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.38 Gb Total Space | 216.53 Gb Free Space | 74.82% Space Free | Partition Type: NTFS

Computer Name: MIKE-PC | User Name: mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\Users\mike\Downloads\OTL (1).exe (OldTimer Tools)
PRC - C:\Users\mike\AppData\Roaming\7FADC\lvvm.exe ()
PRC - C:\Users\mike\AppData\Roaming\Microsoft\8488\6AB.exe ()
PRC - C:\Users\mike\AppData\Roaming\8BC7F\CE584.exe ()
PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - C:\Users\mike\AppData\Roaming\7FADC\lvvm.exe ()
MOD - C:\Users\mike\AppData\Roaming\Microsoft\8488\6AB.exe ()
MOD - C:\Users\mike\AppData\Roaming\8BC7F\CE584.exe ()
MOD - C:\Program Files\Google\Google Desktop Search\gzlib.dll ()


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe ()
SRV - (TMachInfo) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (GameConsoleService) -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
DRV - (Revoflt) -- C:\Windows\System32\drivers\revoflt.sys (VS Revo Group)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation )
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://www.toshibadirect.com/dpdstart"]http://www.toshibadirect.com/dpdstart[/url]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://www.toshibadirect.com/dpdstart"]http://www.toshibadirect.com/dpdstart[/url]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.bing.com/?pc=Z030&form=ZGAPHP"]http://www.bing.com/?pc=Z030&form=ZGAPHP[/url]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = [url="http://www.toshibadirect.com/dpdstart"]http://www.toshibadirect.com/dpdstart[/url]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:58202

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "[url="http://www.google.com/ig"]http://www.google.com/ig[/url]"
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 58202
FF - prefs.js..network.proxy.type: 1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/06/14 22:09:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/22 12:18:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/06/14 22:09:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\mike\AppData\Roaming\5031 [2011/10/09 11:53:39 | 000,000,000 | ---D | M]

[2011/06/11 21:03:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mike\AppData\Roaming\Mozilla\Extensions
[2011/10/15 20:05:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/15 11:56:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/10/15 20:05:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/09 11:53:39 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\MIKE\APPDATA\ROAMING\5031
[2011/06/12 22:26:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/10/22 12:18:06 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/22 12:18:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [6AB.exe] C:\Program Files\LP\3D78\6AB.exe ()
O4 - HKCU..\Run: [6AB.exe] C:\Users\mike\AppData\Roaming\Microsoft\8488\6AB.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnceEx: [] File not found
F3 - HKCU WinNT: Load - (C:\Users\mike\AppData\Roaming\7FADC\lvvm.exe) -C:\Users\mike\AppData\Roaming\7FADC\lvvm.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab[/url] (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab[/url] (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab[/url] (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab[/url] (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A2E6BA9-3B42-4B4C-BBFB-E7D86FD7E9DB}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24F46427-CBEE-4F58-A62C-1173D0C3809B}: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Users\mike\AppData\Roaming\8BC7F\CE584.exe) -C:\Users\mike\AppData\Roaming\8BC7F\CE584.exe ()
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\toshiba_1920x1200-1.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\toshiba_1920x1200-1.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011/10/30 17:57:19 | 000,000,000 | ---D | C] -- C:\Users\mike\Desktop\tdsskiller
[2011/10/30 17:51:38 | 000,000,000 | ---D | C] -- C:\Program Files\LP
[2011/10/21 14:22:57 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Local\ElevatedDiagnostics
[2011/10/21 13:59:33 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\HpUpdate
[2011/10/21 13:59:31 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2011/10/15 23:09:08 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/10/15 23:08:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/10/15 22:52:56 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Local\VS Revo Group
[2011/10/15 22:52:53 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys
[2011/10/15 22:52:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2011/10/15 22:52:51 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/10/15 22:35:54 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/10/15 20:58:31 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/10/15 20:38:16 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Local\Sunbelt Software
[2011/10/15 20:18:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2011/10/15 20:18:06 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2011/10/15 20:12:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/10/15 20:12:53 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/10/15 20:05:42 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/10/15 20:05:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/10/15 20:05:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/10/15 19:53:12 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/10/15 19:43:52 | 000,000,000 | ---D | C] -- C:\Program Files\7FADC
[2011/10/15 19:40:55 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\haaQQH6ssW7fE9g
[2011/10/15 19:40:55 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\AxA0ucS2iDpG
[2011/10/15 19:30:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/10/15 19:29:02 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\SUPERAntiSpyware.com
[2011/10/15 19:28:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/10/15 19:28:45 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/10/15 19:22:06 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2011/10/15 19:20:48 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/10/15 19:20:47 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/10/15 19:20:47 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/10/15 19:20:46 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/10/15 19:20:46 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/10/15 19:20:46 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/10/15 19:20:46 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/10/15 19:20:46 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/10/15 19:20:45 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/10/15 19:20:44 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/10/15 19:20:44 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/10/15 19:20:44 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/10/15 19:20:44 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/10/15 19:20:44 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/10/15 19:20:44 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/10/15 19:20:44 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/10/15 19:20:44 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/10/15 19:20:44 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/10/15 19:20:44 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/10/15 19:20:43 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/10/15 19:20:43 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/10/15 19:20:43 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/10/15 19:20:43 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/10/15 19:20:43 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/10/15 19:20:42 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/10/15 19:20:42 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/10/15 19:20:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/10/15 19:20:42 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/10/15 19:20:42 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/10/15 19:20:41 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/10/15 19:20:41 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/10/15 19:20:41 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/10/15 19:20:41 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/10/15 19:20:41 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/10/15 19:20:41 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/10/15 19:20:41 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/10/15 19:20:40 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/10/15 19:14:33 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\kZqqhhYXwkU
[2011/10/15 19:14:31 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\mLLL9hhTXq
[2011/10/15 19:07:05 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/10/15 19:06:21 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\Malwarebytes
[2011/10/15 19:06:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/15 18:43:13 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\yLLL99gTXqj
[2011/10/15 18:43:13 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\WOONNyxA0
[2011/10/15 17:55:16 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\KhhhYXXwkUVlOtz
[2011/10/15 17:55:16 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\i0yyccA1iv
[2011/10/14 13:50:00 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\PHH66dWWK7f
[2011/10/14 13:50:00 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\iL99ggTXqjYCkIr
[2011/10/14 13:42:30 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\RLLL88gRZqhYwk
[2011/10/14 13:42:30 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\icSS11ivD3on4aH
[2011/10/13 09:47:27 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\ykkkUVVelOBzPy
[2011/10/13 09:47:27 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\rAAA1iivD2on4pH
[2011/10/13 09:13:48 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\QA00uuvS2ibF3n
[2011/10/13 09:13:48 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\CXXqqjUUCeIBrON
[2011/10/12 20:34:02 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\pXXXwjjUCelI
[2011/10/12 20:34:02 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\dzzzPPNyxA1uS2b
[2011/10/12 18:22:20 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2011/10/12 18:22:20 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2011/10/12 18:22:09 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011/10/12 18:22:09 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011/10/12 18:22:09 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2011/10/12 18:22:09 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2011/10/12 18:22:07 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/10/12 18:15:01 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\IIBBrrzONyxAuvi
[2011/10/12 18:15:00 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\rK88ffRL9hTXjUe
[2011/10/12 08:09:04 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\Q4ppmmG5sQJ6dK
[2011/10/12 08:09:04 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\nffRRZ9hTXwjUeI
[2011/10/11 12:58:41 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\CgggRZZqhYXkUVl
[2011/10/11 12:58:40 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\o5sssWJ7dEL
[2011/10/11 12:58:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Desktop
[2011/10/11 12:51:22 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\7FADC
[2011/10/11 12:50:39 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\rpmmGG5aQJ6dK8R
[2011/10/11 12:50:38 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\FvvDD2obbFpmGsJ
[2011/10/11 12:50:34 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\8BC7F
[2011/10/10 09:22:34 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\CIIIVVrlONtx0uS
[2011/10/10 09:22:34 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\c66ssWKK7fE9gZj
[2011/10/09 11:53:43 | 000,277,456 | ---- | C] (Adobe Systems, Incorporated) -- C:\Users\mike\AppData\Roaming\AcroIEHelpe.dll
[2011/10/09 11:53:39 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\5031
[2011/10/09 11:53:03 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\xmldm
[2011/10/09 11:53:03 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\kock
[2011/10/09 11:52:44 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/10/09 11:42:04 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\hnnGG5aaQ
[2011/10/09 11:42:04 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\bdWWWK7fRL9gTq
[2011/10/09 11:40:55 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\U888fRRZ9hTXjUe
[2011/10/09 11:40:55 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\sBBBrzzPNyxAuv
[2011/10/09 10:02:55 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\LdddEL8gRZq
[2011/10/09 10:02:54 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\SffEL8ggZqYCrOt
[2011/10/08 17:46:38 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\xbFF33pmG5a
[2011/10/08 17:46:38 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\uBBBrzzPNyxAuv2
[2011/10/08 17:46:30 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\skIIVVrlONtx0uS
[2011/10/08 17:46:30 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\faaamHH6sWJ7ELg
[2011/02/11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\mike\AppData\Roaming\*.tmp files -> C:\Users\mike\AppData\Roaming\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011/10/30 18:00:14 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/30 18:00:06 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/30 18:00:05 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/10/30 18:00:05 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/30 18:00:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/30 17:59:59 | 3082,809,344 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/30 17:56:58 | 001,545,436 | ---- | M] () -- C:\Users\mike\Desktop\tdsskiller.zip
[2011/10/30 17:51:20 | 000,000,000 | ---- | M] () -- C:\Windows\3604532770
[2011/10/30 15:51:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/28 22:45:23 | 000,014,657 | ---- | M] () -- C:\Users\mike\Documents\cover letter.odt
[2011/10/27 21:04:17 | 000,000,000 | ---- | M] () -- C:\Users\mike\AppData\Local\{86123BD8-22D7-4E14-8D5F-CDBAAD5E9BD7}
[2011/10/25 23:11:50 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/10/25 23:11:50 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/10/20 15:44:53 | 000,616,954 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/20 15:44:53 | 000,108,394 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/18 16:09:28 | 000,015,927 | ---- | M] () -- C:\Users\mike\Documents\Copy%20letter%20Mike's.odt_0.odt
[2011/10/18 12:36:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At3.job
[2011/10/18 12:35:19 | 000,175,104 | ---- | M] () -- C:\Users\mike\AppData\Roaming\firefox.exe
[2011/10/17 22:22:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At2.job
[2011/10/16 18:01:04 | 000,584,192 | ---- | M] () -- C:\Users\mike\Desktop\OTL.exe
[2011/10/15 23:09:12 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/10/15 22:52:54 | 000,001,100 | ---- | M] () -- C:\Users\mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2011/10/15 22:52:54 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2011/10/15 22:22:44 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/10/15 20:58:27 | 278,915,019 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/10/15 20:14:43 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2011/10/15 20:09:57 | 000,000,954 | ---- | M] () -- C:\Users\mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/15 20:04:17 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/10/15 20:04:17 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/10/15 19:50:49 | 000,282,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/15 19:24:17 | 000,005,115 | ---- | M] () -- C:\ProgramData\N360BUOptions.ini
[2011/10/15 19:22:47 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01007.Wdf
[2011/10/15 19:20:48 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/10/15 19:20:47 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/10/15 19:20:47 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/10/15 19:20:46 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/10/15 19:20:46 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/10/15 19:20:46 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/10/15 19:20:46 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/10/15 19:20:46 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/10/15 19:20:45 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/10/15 19:20:44 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/10/15 19:20:44 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/10/15 19:20:44 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/10/15 19:20:44 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/10/15 19:20:44 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/10/15 19:20:44 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/10/15 19:20:44 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/10/15 19:20:44 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/10/15 19:20:44 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/10/15 19:20:44 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/10/15 19:20:44 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/10/15 19:20:43 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/10/15 19:20:43 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/10/15 19:20:43 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/10/15 19:20:43 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/10/15 19:20:43 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/10/15 19:20:42 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/10/15 19:20:42 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/10/15 19:20:42 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/10/15 19:20:42 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/10/15 19:20:42 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/10/15 19:20:41 | 001,798,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/10/15 19:20:41 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/10/15 19:20:41 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/10/15 19:20:41 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/10/15 19:20:41 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/10/15 19:20:41 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/10/15 19:20:41 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/10/15 19:20:40 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/10/15 17:57:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011/10/12 08:34:09 | 000,027,136 | ---- | M] () -- C:\Users\mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/10 09:36:43 | 000,000,108 | -H-- | M] () -- C:\Users\mike\Documents\.~lock.Copy letter Mike's.odt#
[2011/10/10 09:36:26 | 000,000,108 | -H-- | M] () -- C:\Users\mike\Documents\.~lock.mikerubeoresume.odt#
[2011/10/10 09:36:12 | 000,014,054 | ---- | M] () -- C:\Users\mike\Documents\Copy letter Mike's.odt
[2011/10/10 09:30:01 | 000,016,153 | ---- | M] () -- C:\Users\mike\Documents\mikerubeoresume.odt
[2011/10/09 11:53:43 | 000,277,456 | ---- | M] (Adobe Systems, Incorporated) -- C:\Users\mike\AppData\Roaming\AcroIEHelpe.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\mike\AppData\Roaming\*.tmp files -> C:\Users\mike\AppData\Roaming\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011/10/30 17:59:59 | 3082,809,344 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/30 17:56:52 | 001,545,436 | ---- | C] () -- C:\Users\mike\Desktop\tdsskiller.zip
[2011/10/27 21:04:17 | 000,000,000 | ---- | C] () -- C:\Users\mike\AppData\Local\{86123BD8-22D7-4E14-8D5F-CDBAAD5E9BD7}
[2011/10/18 12:35:37 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At3.job
[2011/10/17 22:21:44 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At2.job
[2011/10/17 22:06:58 | 000,175,104 | ---- | C] () -- C:\Users\mike\AppData\Roaming\firefox.exe
[2011/10/16 18:01:04 | 000,584,192 | ---- | C] () -- C:\Users\mike\Desktop\OTL.exe
[2011/10/15 23:09:12 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/10/15 22:52:54 | 000,001,100 | ---- | C] () -- C:\Users\mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2011/10/15 22:52:54 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2011/10/15 20:58:27 | 278,915,019 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/10/15 20:13:05 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk
[2011/10/15 20:13:05 | 000,001,898 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2011/10/15 19:24:17 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2011/10/15 19:22:47 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01007.Wdf
[2011/10/15 19:20:44 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/10/15 17:56:48 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At1.job
[2011/10/11 12:53:56 | 000,015,927 | ---- | C] () -- C:\Users\mike\Documents\Copy%20letter%20Mike's.odt_0.odt
[2011/10/10 09:36:43 | 000,000,108 | -H-- | C] () -- C:\Users\mike\Documents\.~lock.Copy letter Mike's.odt#
[2011/10/10 09:36:26 | 000,000,108 | -H-- | C] () -- C:\Users\mike\Documents\.~lock.mikerubeoresume.odt#
[2011/10/10 09:36:11 | 000,014,054 | ---- | C] () -- C:\Users\mike\Documents\Copy letter Mike's.odt
[2011/10/09 10:01:06 | 000,000,000 | ---- | C] () -- C:\Windows\3604532770
[2011/06/19 11:04:18 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/06/19 11:04:18 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/06/14 22:22:50 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat.temp
[2011/06/14 22:02:36 | 000,207,620 | ---- | C] () -- C:\Windows\hpwins28.dat
[2011/06/14 22:02:36 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat
[2011/06/13 16:12:52 | 000,027,136 | ---- | C] () -- C:\Users\mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/12 18:32:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/06/12 18:32:09 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/06/12 00:09:36 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/06/11 12:22:31 | 000,000,016 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
[2011/06/11 12:22:30 | 000,000,006 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2011/06/11 12:22:05 | 000,000,680 | ---- | C] () -- C:\Users\mike\AppData\Local\d3d9caps.dat
[2011/02/11 19:10:52 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011/02/11 19:10:50 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011/02/11 19:10:50 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011/02/11 18:38:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2009/12/03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2008/08/18 14:36:20 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/08/18 14:07:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/08/18 14:07:48 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/08/18 14:07:48 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/08/18 14:07:48 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/08/18 14:07:48 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/08/18 14:07:48 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/08/18 13:51:31 | 000,257,053 | ---- | C] () -- C:\Windows\WOLSET.exe
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,282,080 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,616,954 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,108,394 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2004/05/19 12:33:44 | 000,053,248 | ---- | C] () -- C:\Windows\System32\pxhpinst.exe
[2000/09/08 17:53:50 | 000,073,839 | ---- | C] () -- C:\Windows\System32\KodakOneTouch.dll

[color=#E56717]========== LOP Check ==========[/color]

[2011/10/09 11:53:39 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\5031
[2011/10/29 13:54:37 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\7FADC
[2011/10/26 15:36:15 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\8BC7F
[2011/10/15 19:40:55 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\AxA0ucS2iDpG
[2011/10/09 11:42:05 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\bdWWWK7fRL9gTq
[2011/10/10 09:22:34 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\c66ssWKK7fE9gZj
[2011/10/11 13:04:11 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\CgggRZZqhYXkUVl
[2011/10/11 07:49:44 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\CIIIVVrlONtx0uS
[2011/10/13 09:13:48 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\CXXqqjUUCeIBrON
[2011/10/12 20:41:45 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\dzzzPPNyxA1uS2b
[2011/10/08 17:46:30 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\faaamHH6sWJ7ELg
[2011/10/11 12:50:38 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\FvvDD2obbFpmGsJ
[2011/10/15 19:40:58 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\haaQQH6ssW7fE9g
[2011/10/09 11:42:04 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\hnnGG5aaQ
[2011/10/15 18:01:04 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\i0yyccA1iv
[2011/10/14 13:42:30 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\icSS11ivD3on4aH
[2011/10/12 18:22:07 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\IIBBrrzONyxAuvi
[2011/10/14 13:55:10 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\iL99ggTXqjYCkIr
[2011/10/15 17:55:16 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\KhhhYXXwkUVlOtz
[2011/10/09 11:53:03 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\kock
[2011/10/15 19:19:59 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\kZqqhhYXwkU
[2011/10/09 10:03:01 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\LdddEL8gRZq
[2011/10/15 19:14:31 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\mLLL9hhTXq
[2011/10/12 08:19:24 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\nffRRZ9hTXwjUeI
[2011/10/11 12:58:40 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\o5sssWJ7dEL
[2011/06/15 12:02:23 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\OpenOffice.org
[2011/10/14 13:50:00 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\PHH66dWWK7f
[2011/10/12 20:34:02 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\pXXXwjjUCelI
[2011/10/12 08:09:04 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Q4ppmmG5sQJ6dK
[2011/10/13 09:23:05 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\QA00uuvS2ibF3n
[2011/10/13 09:54:33 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\rAAA1iivD2on4pH
[2011/10/12 18:15:00 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\rK88ffRL9hTXjUe
[2011/10/14 13:47:38 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\RLLL88gRZqhYwk
[2011/10/11 12:55:55 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\rpmmGG5aQJ6dK8R
[2011/10/09 11:40:56 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\sBBBrzzPNyxAuv
[2011/10/09 10:02:54 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\SffEL8ggZqYCrOt
[2011/10/08 17:46:30 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\skIIVVrlONtx0uS
[2011/10/09 11:40:55 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\U888fRRZ9hTXjUe
[2011/10/08 17:46:38 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\uBBBrzzPNyxAuv2
[2011/07/31 12:42:38 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\WildTangent
[2011/06/11 20:50:40 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\WinBatch
[2011/10/15 18:43:13 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\WOONNyxA0
[2011/10/08 17:46:39 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\xbFF33pmG5a
[2011/10/30 15:36:38 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\xmldm
[2011/10/13 09:47:27 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\ykkkUVVelOBzPy
[2011/10/15 18:48:35 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\yLLL99gTXqj
[2011/10/15 17:57:00 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2011/10/17 22:22:00 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2011/10/18 12:36:00 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2011/10/30 17:49:44 | 000,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 784 bytes -> C:\Windows\3604532770:3710986025.exe
< End of report >

Extras.txt

OTL Extras logfile created on: 10/30/2011 6:04:23 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\mike\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.98 Gb Available Physical Memory | 68.91% Memory free
5.94 Gb Paging File | 5.13 Gb Available in Paging File | 86.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.38 Gb Total Space | 216.53 Gb Free Space | 74.82% Space Free | Partition Type: NTFS

Computer Name: MIKE-PC | User Name: mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-214129433-4023598644-1636040247-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16378781-A5FA-4D51-B0F0-8E86F927FF05}" = rport=138 | protocol=17 | dir=out | app=system |
"{1F598C07-E1B8-48B0-BB11-0A8EA71C4275}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{355AA2A2-0A28-4F47-8F17-4E0F4C3CA93E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3AAA76E1-7A22-46D2-A2B7-91699788458E}" = rport=137 | protocol=17 | dir=out | app=system |
"{3C3B7615-B0FE-47DB-83DE-AED00DCC1760}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{45D4986F-826A-42FF-83FC-507CFB25A8FC}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4BBAB822-D3A4-4CA2-9E97-43FF1F6A5B17}" = rport=139 | protocol=6 | dir=out | app=system |
"{4CBD68E8-4DE0-421F-A40E-3654D046F236}" = lport=138 | protocol=17 | dir=in | app=system |
"{4E5BA67D-E703-4578-AC39-CDCABDEBA24F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{51E1C697-1CE2-4E0C-923B-EDF8D04D7297}" = lport=445 | protocol=6 | dir=in | app=system |
"{68AA63C1-6DC6-4D09-BD69-201D156B50B7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6F40962F-34A4-4C95-9583-7B744847624C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{74DA3609-70B6-485A-99FF-4207A318F85D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{76500A5E-E74D-483A-B8A9-796D8050286D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BE55841E-137E-4853-9920-B874CD2A6680}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email="[email protected],-28539"][email protected],-28539[/email] |
"{C4A0ADE1-C3AA-4571-886A-79F66F998884}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C656C11B-16BC-453D-90C1-2AE7AF5FEDE5}" = rport=445 | protocol=6 | dir=out | app=system |
"{D05FA6E1-074B-4C3B-823F-DB5F4A84B69B}" = lport=139 | protocol=6 | dir=in | app=system |
"{FC84C21E-2B8B-4D06-A44E-57CD0D67CDDC}" = lport=137 | protocol=17 | dir=in | app=system |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0121BE83-4FC2-44EE-810B-A7D8725E599A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{043C18A2-1D7E-439D-827E-426B6D72F506}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{0C07C467-AEFC-4E9B-A9EF-26304C8BD0D2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{2077F725-6B5C-485F-8767-470784AD5C55}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{24D86F49-6972-4955-8CF4-0F400A723B18}" = dir=in | app=c:\users\mike\appdata\local\temp\hp\oj4500vg510n-z_full_13_en\setup\hpznui01.exe |
"{2C221A1D-AAAC-49C6-99CB-984F07A66A35}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{40B3E3A0-83A3-4FF4-BCE7-758D76418841}" = protocol=58 | dir=out | [email="[email protected],-28546"][email protected],-28546[/email] |
"{460A5DF3-9181-47C1-A9E7-14BAF01022EF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{4F368C51-A250-423F-963F-C6ACD7D04568}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{5D7B94FD-DC80-44CB-88E9-6023D862ED18}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{6842FF82-6818-4B23-BC9F-15709C16F853}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{774E62BE-4A3F-4FEF-AD69-E57546DF2930}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{7DA1A3D7-4D94-4823-80EE-272A11CDF435}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{842A269D-CFAF-4581-BE19-2F9C97F7D6E9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{A3FFAFD3-3227-429F-A249-82AA1AC21FC6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{B12B5470-D284-4696-BC79-D181A723B475}" = protocol=58 | dir=in | [email="[email protected],-28545"][email protected],-28545[/email] |
"{B95AFA26-CB69-4688-808C-ACDA35012248}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{BE31FD9B-9F71-4418-B432-F11945043475}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{C43FF2DE-B94B-4C3D-980F-C6DFD83E086D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{CB53D053-C674-4A04-AD2B-90B3E1FBEE89}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{CDD042D9-8892-48F5-B4AA-ECF6DD7BFCAF}" = protocol=1 | dir=in | [email="[email protected],-28543"][email protected],-28543[/email] |
"{DBA704B0-C064-4831-8755-3632F3900600}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{EB5FCBA7-99BD-47DF-BB41-6DDEB93223ED}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FB64BD3E-CC24-4CC8-A311-B43ECE53AA87}" = protocol=1 | dir=out | [email="[email protected],-28544"][email protected],-28544[/email] |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{10E98E14-832C-4AF7-A4D1-6A9EF83B282E}" = VCAMCEN
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK
"{16E8BF9A-B419-4A44-A020-30F8CFB84B9D}" = Atheros Client Utility
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{224821ED-CADA-4A8A-AC8D-3734CC0F0931}" = Amazon Links
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex
"{385DD1DD-65AA-408D-8E70-74601C2DB7E6}" = Ad-Aware
"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{41773726-92D0-4265-A0F8-DD980CA1AEC4}" = TOSHIBA Upgrade Assistant
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{469730CC-78DF-4CD3-B286-562D459EA619}" = ESSCAM
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81
"{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.5
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help
"{69BD6399-3D8F-45B7-81D9-819361F5101D}" = PCDLNCH
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center
"{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}" = ESSCT
"{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}" = HLPSFO
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}" = Adobe Flash Player 9 ActiveX
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{99A4344A-C723-4661-A507-D9D939480358}" = Cisco LEAP Module
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BFD5911-93E3-42BB-BFCD-50E4BA5B8D67}" = Cisco EAP-FAST Module
"{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}" = CCHelp
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}" = SFR2
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{A6F18A67-B771-4191-8A33-36D2E742D6D9}" = ESSANUP
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}" = SFR
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{CA60320D-6A16-49C8-A34F-84EEF4799567}" = ESSTUTOR
"{CD344FA5-6657-47CD-940F-8727EED35595}" = Cisco PEAP Module
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}" = ESSAdpt
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F2D0C1B1-80FF-46F9-BA61-33B01A07FAFC}" = HLPCCTR
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}" = ESSEMAIL
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Google Desktop" = Google Desktop
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"Picasa2" = Picasa 2
"QuickTime" = QuickTime
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WildTangent toshiba Master Uninstall" = WildTangent Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Yahoo! Companion" = Yahoo! Toolbar

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 10/28/2011 9:15:27 AM | Computer Name = mike-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/28/2011 9:15:27 AM | Computer Name = mike-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/28/2011 9:15:27 AM | Computer Name = mike-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/28/2011 9:15:27 AM | Computer Name = mike-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/28/2011 9:15:27 AM | Computer Name = mike-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/28/2011 10:38:38 PM | Computer Name = mike-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/29/2011 1:55:22 PM | Computer Name = mike-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/30/2011 2:27:48 PM | Computer Name = mike-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/30/2011 2:45:23 PM | Computer Name = mike-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/30/2011 5:51:46 PM | Computer Name = mike-PC | Source = EventSystem | ID = 4609
Description =

[ System Events ]
Error - 7/15/2011 1:41:50 PM | Computer Name = mike-PC | Source = DCOM | ID = 10010
Description =

Error - 7/17/2011 3:45:50 PM | Computer Name = mike-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 00225FFB8F50 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 7/18/2011 1:47:10 PM | Computer Name = mike-PC | Source = DCOM | ID = 10010
Description =

Error - 7/20/2011 8:15:51 AM | Computer Name = mike-PC | Source = DCOM | ID = 10010
Description =

Error - 7/20/2011 5:47:50 PM | Computer Name = mike-PC | Source = HTTP | ID = 15016
Description =

Error - 7/20/2011 5:49:53 PM | Computer Name = mike-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:48:29 PM on 7/20/2011 was unexpected.

Error - 7/20/2011 5:49:57 PM | Computer Name = mike-PC | Source = HTTP | ID = 15016
Description =

Error - 7/27/2011 8:26:06 AM | Computer Name = mike-PC | Source = HTTP | ID = 15016
Description =

Error - 7/27/2011 11:28:02 AM | Computer Name = mike-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 7/27/2011 11:28:06 AM | Computer Name = mike-PC | Source = DCOM | ID = 10016
Description =


< End of report >

Share this post


Link to post
Share on other sites
Yes, a lot of malicious files there and they have been there at least since 8th of October. Maybe you should install Windows instead.

Please, follow the instructions on http://www.bleepingcomputer.com/combofix/how-to-use-combofix for installing and running ComboFix.

Read carefully and note the "Disclaimer of warranty"!

Paste the content of the log into your answer.

Share this post


Link to post
Share on other sites
Here are the contents of the ComboFix log:

ComboFix 11-11-12.04 - mike 11/12/2011 18:44:46.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2939.2041 [GMT -5:00]
Running from: c:\users\mike\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Internet Explorer\8488
c:\program files\Internet Explorer\8488\6AB.exe
c:\program files\Internet Explorer\lvvm.exe
c:\program files\LP
c:\program files\LP\3D78\6AB.exe
c:\program files\LP\776C\E33.exe
c:\program files\LP\8488\24ED.tmp
c:\program files\LP\8488\6AB.exe
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\users\mike\AppData\Roaming\AcROiehelpe.dll
c:\users\mike\AppData\Roaming\AcroIEHelpe.txt
c:\users\mike\AppData\Roaming\firefox.exe
c:\users\mike\AppData\Roaming\haaQQH6ssW7fE9g
c:\users\mike\AppData\Roaming\haaQQH6ssW7fE9g\Guard Online .ico
c:\users\mike\AppData\Roaming\java.exe
c:\users\mike\AppData\Roaming\Microsoft\3D78\6AB.exe
c:\users\mike\AppData\Roaming\Microsoft\776C\E33.exe
c:\users\mike\AppData\Roaming\Microsoft\B940.tmp
c:\users\mike\AppData\Roaming\srvblck2.tmp
c:\windows\$NtUninstallKB1511$
c:\windows\$NtUninstallKB1511$\1808343062
c:\windows\$NtUninstallKB1511$\583981270\@
c:\windows\$NtUninstallKB1511$\583981270\bckfg.tmp
c:\windows\$NtUninstallKB1511$\583981270\cfg.ini
c:\windows\$NtUninstallKB1511$\583981270\Desktop.ini
c:\windows\$NtUninstallKB1511$\583981270\keywords
c:\windows\$NtUninstallKB1511$\583981270\kwrd.dll
c:\windows\$NtUninstallKB1511$\583981270\L\qnbwvoto
c:\windows\$NtUninstallKB1511$\583981270\lsflt7.ver
c:\windows\$NtUninstallKB1511$\583981270\U\[email protected]
c:\windows\$NtUninstallKB1511$\583981270\U\[email protected]
c:\windows\$NtUninstallKB1511$\583981270\U\[email protected]
c:\windows\$NtUninstallKB1511$\583981270\U\[email protected]
c:\windows\$NtUninstallKB1511$\583981270\U\[email protected]
c:\windows\$NtUninstallKB1511$\583981270\U\[email protected]
c:\windows\Tasks\At1.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_22ced8d6
.
.
((((((((((((((((((((((((( Files Created from 2011-10-12 to 2011-11-12 )))))))))))))))))))))))))))))))
.
.
2011-11-12 23:55 . 2011-11-12 23:56 -------- d-----w- c:\users\mike\AppData\Local\temp
2011-11-12 23:55 . 2011-11-12 23:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-09 17:36 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-09 17:36 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 17:36 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-04 15:58 . 2011-11-04 15:58 100352 ----a-w- c:\users\mike\AppData\Roaming\Microsoft\776C\46B5.tmp
2011-11-04 15:58 . 2011-11-12 22:12 -------- d-----w- c:\users\mike\AppData\Roaming\6ABCE
2011-11-04 15:57 . 2011-11-12 22:12 -------- d-----w- c:\users\mike\AppData\Roaming\C2D6A
2011-10-27 13:11 . 2011-10-27 13:11 145 ----a-w- c:\users\mike\AppData\Roaming\Microsoft\8488\gb_91276.bat
2011-10-23 13:34 . 2011-10-23 13:34 283136 ----a-w- c:\users\mike\AppData\Roaming\Microsoft\8488\1143.exe
2011-10-23 11:32 . 2011-10-23 11:32 283136 ----a-w- c:\users\mike\AppData\Roaming\Microsoft\8488\2D28.exe
2011-10-23 09:29 . 2011-10-23 09:29 282112 ----a-w- c:\users\mike\AppData\Roaming\Microsoft\8488\4B3F.exe
2011-10-23 07:27 . 2011-10-23 07:27 283136 ----a-w- c:\users\mike\AppData\Roaming\Microsoft\8488\6773.exe
2011-10-23 05:25 . 2011-10-23 05:25 280576 ----a-w- c:\users\mike\AppData\Roaming\Microsoft\8488\84A0.exe
2011-10-23 03:23 . 2011-10-23 03:23 280576 ----a-w- c:\users\mike\AppData\Roaming\Microsoft\8488\9FF9.exe
2011-10-21 18:22 . 2011-10-21 18:22 -------- d-----w- c:\users\mike\AppData\Local\ElevatedDiagnostics
2011-10-21 17:59 . 2011-10-21 18:00 -------- d-----w- c:\users\mike\AppData\Roaming\HpUpdate
2011-10-21 17:59 . 2011-10-21 17:59 -------- d-----w- c:\windows\Hewlett-Packard
2011-10-18 18:47 . 2011-10-18 18:47 103936 ----a-w- c:\users\mike\AppData\Roaming\Microsoft\8488\FEF6.tmp
2011-10-16 03:09 . 2011-08-18 19:25 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-10-16 02:52 . 2011-10-16 02:52 -------- d-----w- c:\users\mike\AppData\Local\VS Revo Group
2011-10-16 02:52 . 2009-12-30 15:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-10-16 02:52 . 2011-10-16 02:52 -------- d-----w- c:\program files\VS Revo Group
2011-10-16 02:35 . 2011-10-16 03:08 -------- d-----w- c:\program files\Lavasoft
2011-10-16 00:38 . 2011-10-16 00:38 -------- d-----w- c:\users\mike\AppData\Local\Sunbelt Software
2011-10-16 00:18 . 2011-10-16 00:18 -------- d-----w- c:\program files\Common Files\iS3
2011-10-16 00:18 . 2011-10-16 01:11 -------- d-----w- c:\programdata\STOPzilla!
2011-10-16 00:12 . 2011-10-16 00:13 -------- d-----w- c:\program files\Common Files\Adobe
2011-10-15 23:43 . 2011-10-15 23:44 -------- d-----w- c:\program files\7FADC
2011-10-15 23:40 . 2011-10-15 23:40 -------- d-----w- c:\users\mike\AppData\Roaming\AxA0ucS2iDpG
2011-10-15 23:30 . 2011-10-15 23:30 -------- d-----w- c:\programdata\Hitman Pro
2011-10-15 23:29 . 2011-10-15 23:29 -------- d-----w- c:\users\mike\AppData\Roaming\SUPERAntiSpyware.com
2011-10-15 23:28 . 2011-10-16 01:12 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-10-15 23:28 . 2011-10-15 23:28 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-10-15 23:22 . 2011-10-15 23:22 -------- d-----w- c:\program files\Synaptics
2011-10-15 23:14 . 2011-10-15 23:19 -------- d-----w- c:\users\mike\AppData\Roaming\kZqqhhYXwkU
2011-10-15 23:14 . 2011-10-15 23:14 -------- d-----w- c:\users\mike\AppData\Roaming\mLLL9hhTXq
2011-10-15 23:07 . 2011-10-16 02:22 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-15 23:06 . 2011-10-15 23:06 -------- d-----w- c:\users\mike\AppData\Roaming\Malwarebytes
2011-10-15 23:06 . 2011-10-15 23:06 -------- d-----w- c:\programdata\Malwarebytes
2011-10-15 22:43 . 2011-10-15 22:48 -------- d-----w- c:\users\mike\AppData\Roaming\yLLL99gTXqj
2011-10-15 22:43 . 2011-10-15 22:43 -------- d-----w- c:\users\mike\AppData\Roaming\WOONNyxA0
2011-10-15 21:55 . 2011-10-15 22:01 -------- d-----w- c:\users\mike\AppData\Roaming\i0yyccA1iv
2011-10-15 21:55 . 2011-10-15 21:55 -------- d-----w- c:\users\mike\AppData\Roaming\KhhhYXXwkUVlOtz
2011-10-14 17:50 . 2011-10-14 17:55 -------- d-----w- c:\users\mike\AppData\Roaming\iL99ggTXqjYCkIr
2011-10-14 17:50 . 2011-10-14 17:50 -------- d-----w- c:\users\mike\AppData\Roaming\PHH66dWWK7f
2011-10-14 17:42 . 2011-10-14 17:47 -------- d-----w- c:\users\mike\AppData\Roaming\RLLL88gRZqhYwk
2011-10-14 17:42 . 2011-10-14 17:42 -------- d-----w- c:\users\mike\AppData\Roaming\icSS11ivD3on4aH
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-04 15:57 . 2011-10-11 16:49 285696 ----a-w- c:\users\mike\AppData\Roaming\Microsoft\8488\6AB.exe
2011-10-30 21:59 . 2011-06-12 22:31 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2011-09-06 13:30 . 2011-10-12 22:22 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-08-25 16:15 . 2011-10-12 22:22 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-08-25 16:14 . 2011-10-12 22:22 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-25 16:14 . 2011-10-12 22:22 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-08-25 13:31 . 2011-10-12 22:22 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-22 16:18 . 2011-06-12 01:03 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-10-11 16:55 . 2011-10-11 16:55 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-12 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-10-11 30192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
B1.bat [2008-8-21 140]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Splash.lnk - c:\windows\System32\sysprep\splash.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=c:\windows\pss\Kodak software updater.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^mike^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-06-19 14:53 77824 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-06-12 00:38 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-214129433-4023598644-1636040247-1000]
"EnableNotificationsRef"=dword:00000004
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-12 135664]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-10-23 2151640]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2011-10-11 30192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-12 135664]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-08-18 15232]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-08-18 64512]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
S2 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2008-08-04 46392]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-06-10 347648]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-12 02:01]
.
2011-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-12 02:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=Z030&form=ZGAPHP
uInternet Settings,ProxyServer = http=127.0.0.1:58283
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\zzbttbx6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 58283
FF - prefs.js: network.proxy.type - 1
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-6AB.exe - c:\users\mike\AppData\Roaming\Microsoft\3D78\6AB.exe
HKCU-Run-E33.exe - c:\users\mike\AppData\Roaming\Microsoft\776C\E33.exe
HKLM-Run-6AB.exe - c:\program files\LP\3D78\6AB.exe
HKLM-Run-E33.exe - c:\program files\LP\776C\E33.exe
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL
Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.DLL
SafeBoot-08950020.sys
MSConfigStartUp-6AB - c:\program files\Internet Explorer\8488\6AB.exe
MSConfigStartUp-Malwarebytes' Anti-Malware - c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSConfigStartUp-xEEEL88gTZhYCkV8234A - c:\windows\system32\RccSS1iib3onGaH.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]
Rootkit scan 2011-11-12 18:58
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\3604532770:3710986025.exe 784 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\TODDSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2011-11-12 19:01:46 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-13 00:01
.
Pre-Run: 231,206,158,336 bytes free
Post-Run: 231,030,071,296 bytes free
.
- - End Of File - - 393DBD6FAACB1FD8FF5BFB32B1B77D8F

Share this post


Link to post
Share on other sites
1.
You should not use your computer for something else than cleaning. More malicious files were created in the computer November 4th and 9th. It should also be disconnected from internet whenever possible.

2.
The infection has changed the proxy settings. Restore them in the following way:

Control panel - Internet Options - Connections - LAN settings
Click on Advanced
Remove content in such a way that all fields belonging to the header "Servers" are empty.
Click OK
If anything in the field Address, remove it.
Uncheck "Use a proxy server..."

Firefox - Tools - Properties - Advanced - Network - Settings
Select "No proxy".

3.
Save TDSSKiller on the Desktop, please:
[url=http://support.kaspersky.com/downloads/utils/tdsskiller.zip]http://support.kaspersky.com/downloads/utils/tdsskiller.zip[/url]

Right-click and select [b]Extract all[/b]. Remember the location of the extracted file.
Turn off all programs.
Run the program TDSSKiller.exe which is the file you extracted.

Click on [b]Start Scan[/b].

If any threats are found select [b]Cure [/b]and click [b]Continue[/b]. If [b]Cure [/b]isn't available select [b]Skip. [/b]Do NOT select Quarantine or Delete.
The computer might need a restart.

Paste the content of the TDSSKiller log which is located in the folder C:\ with the name TDSSKiller followed by version and time.

4.
Restart the computer.
Run ComboFix in the same way as last time and post that log, too.

Share this post


Link to post
Share on other sites
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Thank You !

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this