12 replies to this topic

[OdiousMortem]

Hi, windows update is broken and google redirects.

Attached Files

•  Attach.txt   5.8K   3 downloads
•  DDS.txt   10.68K   9 downloads

[Maniac]

Hello OdiousMortem! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  
  
  
• Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  
  
  
• Click the Start Scan button.
  
  
  
• If a suspicious object is detected, the default action will be Skip, click on Continue.
  
  
  
• If malicious objects are found, they will show in the Scan results and offer three (3) options.
  
• Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  
  
  
• Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step 2

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In your next reply, please include:

• TDSSKiller log
  
• OTL.Txt and Extras.Txt

[OdiousMortem]

Hi Maniac, thank you for taking the time to help me.
Here are the logs.

23:01:32.0468 3684 TDSS rootkit removing tool 2.7.5.0 Jan 18 2012 09:26:24
23:01:32.0828 3684 ============================================================
23:01:32.0828 3684 Current date / time: 2012/01/18 23:01:32.0828
23:01:32.0828 3684 SystemInfo:
23:01:32.0828 3684
23:01:32.0828 3684 OS Version: 6.0.6001 ServicePack: 1.0
23:01:32.0828 3684 Product type: Workstation
23:01:32.0828 3684 ComputerName: BEN-PC
23:01:32.0829 3684 UserName: Ben
23:01:32.0829 3684 Windows directory: C:\Windows
23:01:32.0829 3684 System windows directory: C:\Windows
23:01:32.0829 3684 Processor architecture: Intel x86
23:01:32.0829 3684 Number of processors: 2
23:01:32.0829 3684 Page size: 0x1000
23:01:32.0829 3684 Boot type: Normal boot
23:01:32.0829 3684 ============================================================
23:01:33.0424 3684 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:01:33.0503 3684 Initialize success
23:01:35.0967 3904 ============================================================
23:01:35.0967 3904 Scan started
23:01:35.0967 3904 Mode: Manual;
23:01:35.0967 3904 ============================================================
23:01:37.0077 3904 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
23:01:37.0082 3904 ACPI - ok
23:01:37.0236 3904 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
23:01:37.0247 3904 adp94xx - ok
23:01:37.0344 3904 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
23:01:37.0351 3904 adpahci - ok
23:01:37.0383 3904 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
23:01:37.0387 3904 adpu160m - ok
23:01:37.0496 3904 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
23:01:37.0501 3904 adpu320 - ok
23:01:37.0668 3904 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
23:01:37.0674 3904 AFD - ok
23:01:37.0809 3904 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
23:01:37.0812 3904 agp440 - ok
23:01:37.0913 3904 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
23:01:37.0917 3904 aic78xx - ok
23:01:37.0952 3904 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
23:01:37.0954 3904 aliide - ok
23:01:38.0085 3904 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
23:01:38.0088 3904 amdagp - ok
23:01:38.0195 3904 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
23:01:38.0197 3904 amdide - ok
23:01:38.0299 3904 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
23:01:38.0301 3904 AmdK7 - ok
23:01:38.0326 3904 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
23:01:38.0330 3904 AmdK8 - ok
23:01:38.0454 3904 ApfiltrService (1de27858a431a5749e0f3df54ba935b9) C:\Windows\system32\DRIVERS\Apfiltr.sys
23:01:38.0460 3904 ApfiltrService - ok
23:01:38.0634 3904 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
23:01:38.0638 3904 arc - ok
23:01:38.0790 3904 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
23:01:38.0794 3904 arcsas - ok
23:01:38.0921 3904 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
23:01:38.0923 3904 AsyncMac - ok
23:01:39.0042 3904 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
23:01:39.0044 3904 atapi - ok
23:01:39.0191 3904 ATSwpWDF (30407fb218940ae61f1aa3821b69f567) C:\Windows\system32\Drivers\ATSwpWDF.sys
23:01:39.0203 3904 ATSwpWDF - ok
23:01:39.0345 3904 BCM42RLY (7bd70aeed0d975285a1b20bd012ebf4e) C:\Windows\system32\drivers\BCM42RLY.sys
23:01:39.0348 3904 BCM42RLY - ok
23:01:39.0489 3904 BCM43XX (fa6707a346cd122407f3b0bad1c47639) C:\Windows\system32\DRIVERS\bcmwl6.sys
23:01:39.0522 3904 BCM43XX - ok
23:01:39.0683 3904 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
23:01:39.0685 3904 Beep - ok
23:01:39.0830 3904 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
23:01:39.0833 3904 blbdrive - ok
23:01:40.0018 3904 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
23:01:40.0022 3904 bowser - ok
23:01:40.0161 3904 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
23:01:40.0164 3904 BrFiltLo - ok
23:01:40.0267 3904 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
23:01:40.0270 3904 BrFiltUp - ok
23:01:40.0384 3904 Bridge (72df06d26ae4ced2e08f428b96302b0e) C:\Windows\system32\DRIVERS\bridge.sys
23:01:40.0387 3904 Bridge - ok
23:01:40.0411 3904 BridgeMP (72df06d26ae4ced2e08f428b96302b0e) C:\Windows\system32\DRIVERS\bridge.sys
23:01:40.0413 3904 BridgeMP - ok
23:01:40.0521 3904 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
23:01:40.0525 3904 Brserid - ok
23:01:40.0623 3904 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
23:01:40.0626 3904 BrSerWdm - ok
23:01:40.0736 3904 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
23:01:40.0738 3904 BrUsbMdm - ok
23:01:40.0847 3904 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
23:01:40.0850 3904 BrUsbSer - ok
23:01:40.0978 3904 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
23:01:40.0981 3904 BTHMODEM - ok
23:01:41.0132 3904 catchme - ok
23:01:41.0248 3904 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
23:01:41.0251 3904 cdfs - ok
23:01:41.0360 3904 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
23:01:41.0364 3904 cdrom - ok
23:01:41.0467 3904 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
23:01:41.0470 3904 circlass - ok
23:01:41.0569 3904 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
23:01:41.0576 3904 CLFS - ok
23:01:41.0707 3904 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
23:01:41.0710 3904 CmBatt - ok
23:01:41.0818 3904 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
23:01:41.0820 3904 cmdide - ok
23:01:41.0930 3904 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
23:01:41.0932 3904 Compbatt - ok
23:01:42.0032 3904 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
23:01:42.0035 3904 crcdisk - ok
23:01:42.0171 3904 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
23:01:42.0174 3904 Crusoe - ok
23:01:42.0310 3904 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
23:01:42.0314 3904 DfsC - ok
23:01:42.0448 3904 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
23:01:42.0450 3904 disk - ok
23:01:42.0610 3904 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
23:01:42.0613 3904 drmkaud - ok
23:01:42.0729 3904 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
23:01:42.0747 3904 DXGKrnl - ok
23:01:42.0864 3904 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
23:01:42.0870 3904 e1express - ok
23:01:42.0991 3904 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
23:01:42.0995 3904 E1G60 - ok
23:01:43.0121 3904 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
23:01:43.0126 3904 Ecache - ok
23:01:43.0261 3904 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
23:01:43.0270 3904 elxstor - ok
23:01:43.0400 3904 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
23:01:43.0403 3904 ErrDev - ok
23:01:43.0481 3904 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
23:01:43.0486 3904 exfat - ok
23:01:43.0537 3904 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
23:01:43.0542 3904 fastfat - ok
23:01:43.0673 3904 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
23:01:43.0676 3904 fdc - ok
23:01:43.0767 3904 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
23:01:43.0770 3904 FileInfo - ok
23:01:43.0825 3904 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
23:01:43.0828 3904 Filetrace - ok
23:01:43.0917 3904 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
23:01:43.0919 3904 flpydisk - ok
23:01:43.0946 3904 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
23:01:43.0952 3904 FltMgr - ok
23:01:43.0977 3904 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
23:01:43.0981 3904 Fs_Rec - ok
23:01:44.0010 3904 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
23:01:44.0013 3904 gagp30kx - ok
23:01:44.0069 3904 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:01:44.0072 3904 GEARAspiWDM - ok
23:01:44.0239 3904 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:01:44.0240 3904 HDAudBus - ok
23:01:44.0269 3904 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
23:01:44.0272 3904 HidBth - ok
23:01:44.0374 3904 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
23:01:44.0376 3904 HidIr - ok
23:01:44.0418 3904 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
23:01:44.0420 3904 HidUsb - ok
23:01:44.0523 3904 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
23:01:44.0525 3904 HpCISSs - ok
23:01:44.0590 3904 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
23:01:44.0658 3904 HTTP - ok
23:01:44.0777 3904 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
23:01:44.0780 3904 i2omp - ok
23:01:44.0915 3904 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
23:01:44.0918 3904 i8042prt - ok
23:01:44.0958 3904 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\drivers\iastor.sys
23:01:44.0961 3904 iaStor - ok
23:01:45.0013 3904 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
23:01:45.0020 3904 iaStorV - ok
23:01:45.0212 3904 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
23:01:45.0278 3904 igfx - ok
23:01:45.0388 3904 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
23:01:45.0391 3904 iirsp - ok
23:01:45.0527 3904 IntcHdmiAddService (98d303ccb3415e9202e82043b37d66dc) C:\Windows\system32\drivers\IntcHdmi.sys
23:01:45.0531 3904 IntcHdmiAddService - ok
23:01:45.0595 3904 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
23:01:45.0597 3904 intelide - ok
23:01:45.0663 3904 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
23:01:45.0664 3904 intelppm - ok
23:01:45.0813 3904 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:01:45.0816 3904 IpFilterDriver - ok
23:01:45.0829 3904 IpInIp - ok
23:01:45.0858 3904 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
23:01:45.0861 3904 IPMIDRV - ok
23:01:45.0896 3904 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
23:01:45.0900 3904 IPNAT - ok
23:01:46.0010 3904 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
23:01:46.0013 3904 IRENUM - ok
23:01:46.0036 3904 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
23:01:46.0039 3904 isapnp - ok
23:01:46.0077 3904 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
23:01:46.0081 3904 iScsiPrt - ok
23:01:46.0106 3904 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
23:01:46.0110 3904 iteatapi - ok
23:01:46.0166 3904 itecir (8bcd857c7932ad005d5f9c89329da2e1) C:\Windows\system32\DRIVERS\itecir.sys
23:01:46.0169 3904 itecir - ok
23:01:46.0198 3904 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
23:01:46.0200 3904 iteraid - ok
23:01:46.0247 3904 k57nd60x (a67e8cfcad7d4f8b35643d6c79ba64c3) C:\Windows\system32\DRIVERS\k57nd60x.sys
23:01:46.0252 3904 k57nd60x - ok
23:01:46.0287 3904 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
23:01:46.0290 3904 kbdclass - ok
23:01:46.0354 3904 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
23:01:46.0356 3904 kbdhid - ok
23:01:46.0426 3904 KL1 (186b54479d98e48aee0e9ada4b3c4d31) C:\Windows\system32\DRIVERS\kl1.sys
23:01:46.0430 3904 KL1 - ok
23:01:46.0460 3904 kl2 (bf485bfba13c0ab116701fd9c55324d0) C:\Windows\system32\DRIVERS\kl2.sys
23:01:46.0463 3904 kl2 - ok
23:01:46.0545 3904 KLIF (af04d0ce7939324e9a605b159295706c) C:\Windows\system32\DRIVERS\klif.sys
23:01:46.0735 3904 KLIF - ok
23:01:46.0860 3904 KLIM6 (6295a19003f935ecc6ccbe9e2376427b) C:\Windows\system32\DRIVERS\klim6.sys
23:01:46.0863 3904 KLIM6 - ok
23:01:46.0906 3904 klmouflt (3de1771c135328420315e21dde229bba) C:\Windows\system32\DRIVERS\klmouflt.sys
23:01:46.0909 3904 klmouflt - ok
23:01:46.0964 3904 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
23:01:46.0974 3904 KSecDD - ok
23:01:47.0029 3904 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
23:01:47.0032 3904 lltdio - ok
23:01:47.0076 3904 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
23:01:47.0080 3904 LSI_FC - ok
23:01:47.0111 3904 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
23:01:47.0115 3904 LSI_SAS - ok
23:01:47.0185 3904 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
23:01:47.0189 3904 LSI_SCSI - ok
23:01:47.0228 3904 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
23:01:47.0231 3904 luafv - ok
23:01:47.0246 3904 MCSTRM - ok
23:01:47.0288 3904 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
23:01:47.0290 3904 megasas - ok
23:01:47.0329 3904 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
23:01:47.0338 3904 MegaSR - ok
23:01:47.0365 3904 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
23:01:47.0369 3904 Modem - ok
23:01:47.0401 3904 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
23:01:47.0403 3904 monitor - ok
23:01:47.0434 3904 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
23:01:47.0437 3904 mouclass - ok
23:01:47.0463 3904 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
23:01:47.0465 3904 mouhid - ok
23:01:47.0499 3904 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
23:01:47.0503 3904 MountMgr - ok
23:01:47.0539 3904 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
23:01:47.0543 3904 mpio - ok
23:01:47.0576 3904 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
23:01:47.0607 3904 mpsdrv - ok
23:01:47.0630 3904 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
23:01:47.0633 3904 Mraid35x - ok
23:01:47.0668 3904 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
23:01:47.0672 3904 MRxDAV - ok
23:01:47.0720 3904 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:01:47.0724 3904 mrxsmb - ok
23:01:47.0792 3904 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:01:47.0798 3904 mrxsmb10 - ok
23:01:47.0821 3904 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:01:47.0825 3904 mrxsmb20 - ok
23:01:47.0871 3904 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
23:01:47.0874 3904 msahci - ok
23:01:47.0904 3904 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
23:01:47.0908 3904 msdsm - ok
23:01:47.0952 3904 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
23:01:47.0955 3904 Msfs - ok
23:01:47.0989 3904 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
23:01:47.0997 3904 msisadrv - ok
23:01:48.0045 3904 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
23:01:48.0048 3904 MSKSSRV - ok
23:01:48.0081 3904 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
23:01:48.0083 3904 MSPCLOCK - ok
23:01:48.0116 3904 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
23:01:48.0119 3904 MSPQM - ok
23:01:48.0145 3904 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
23:01:48.0150 3904 MsRPC - ok
23:01:48.0191 3904 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
23:01:48.0192 3904 mssmbios - ok
23:01:48.0220 3904 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
23:01:48.0222 3904 MSTEE - ok
23:01:48.0255 3904 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
23:01:48.0258 3904 Mup - ok
23:01:48.0320 3904 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
23:01:48.0325 3904 NativeWifiP - ok
23:01:48.0384 3904 NDIS (c8560010a542b5dca94c62468dc20784) C:\Windows\system32\drivers\ndis.sys
23:01:48.0394 3904 NDIS - ok
23:01:48.0425 3904 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
23:01:48.0428 3904 NdisTapi - ok
23:01:48.0453 3904 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
23:01:48.0455 3904 Ndisuio - ok
23:01:48.0482 3904 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
23:01:48.0487 3904 NdisWan - ok
23:01:48.0507 3904 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
23:01:48.0510 3904 NDProxy - ok
23:01:48.0536 3904 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
23:01:48.0539 3904 NetBIOS - ok
23:01:48.0566 3904 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
23:01:48.0572 3904 netbt - ok
23:01:48.0628 3904 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
23:01:48.0631 3904 nfrd960 - ok
23:01:48.0655 3904 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
23:01:48.0658 3904 Npfs - ok
23:01:48.0689 3904 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
23:01:48.0692 3904 nsiproxy - ok
23:01:48.0750 3904 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
23:01:48.0783 3904 Ntfs - ok
23:01:48.0807 3904 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
23:01:48.0810 3904 ntrigdigi - ok
23:01:48.0834 3904 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
23:01:48.0837 3904 Null - ok
23:01:48.0869 3904 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
23:01:48.0874 3904 nvraid - ok
23:01:48.0893 3904 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
23:01:48.0896 3904 nvstor - ok
23:01:48.0931 3904 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
23:01:48.0935 3904 nv_agp - ok
23:01:48.0948 3904 NwlnkFlt - ok
23:01:48.0967 3904 NwlnkFwd - ok
23:01:49.0019 3904 OA001Ufd (a015dd2ba6009c8bdd00a6c431302d06) C:\Windows\system32\DRIVERS\OA001Ufd.sys
23:01:49.0024 3904 OA001Ufd - ok
23:01:49.0057 3904 OA001Vid (d8713c79ed64012863b3344ffc2d406e) C:\Windows\system32\DRIVERS\OA001Vid.sys
23:01:49.0065 3904 OA001Vid - ok
23:01:49.0100 3904 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
23:01:49.0102 3904 ohci1394 - ok
23:01:49.0172 3904 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
23:01:49.0176 3904 Parport - ok
23:01:49.0209 3904 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
23:01:49.0212 3904 partmgr - ok
23:01:49.0235 3904 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
23:01:49.0238 3904 Parvdm - ok
23:01:49.0271 3904 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
23:01:49.0276 3904 pci - ok
23:01:49.0296 3904 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
23:01:49.0298 3904 pciide - ok
23:01:49.0334 3904 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
23:01:49.0339 3904 pcmcia - ok
23:01:49.0416 3904 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
23:01:49.0450 3904 PEAUTH - ok
23:01:49.0523 3904 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
23:01:49.0526 3904 PptpMiniport - ok
23:01:49.0558 3904 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
23:01:49.0561 3904 Processor - ok
23:01:49.0622 3904 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
23:01:49.0625 3904 PSched - ok
23:01:49.0684 3904 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
23:01:49.0687 3904 PxHelp20 - ok
23:01:49.0755 3904 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
23:01:49.0789 3904 ql2300 - ok
23:01:49.0822 3904 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
23:01:49.0827 3904 ql40xx - ok
23:01:49.0856 3904 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
23:01:49.0858 3904 QWAVEdrv - ok
23:01:49.0956 3904 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
23:01:50.0011 3904 R300 - ok
23:01:50.0035 3904 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
23:01:50.0037 3904 RasAcd - ok
23:01:50.0069 3904 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:01:50.0073 3904 Rasl2tp - ok
23:01:50.0107 3904 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
23:01:50.0111 3904 RasPppoe - ok
23:01:50.0137 3904 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
23:01:50.0141 3904 RasSstp - ok
23:01:50.0174 3904 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
23:01:50.0181 3904 rdbss - ok
23:01:50.0215 3904 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:01:50.0218 3904 RDPCDD - ok
23:01:50.0264 3904 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
23:01:50.0271 3904 rdpdr - ok
23:01:50.0297 3904 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
23:01:50.0299 3904 RDPENCDD - ok
23:01:50.0329 3904 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
23:01:50.0335 3904 RDPWD - ok
23:01:50.0393 3904 rimmptsk (c2ef513bbe069f0d4ee0938a76f975d3) C:\Windows\system32\DRIVERS\rimmptsk.sys
23:01:50.0396 3904 rimmptsk - ok
23:01:50.0427 3904 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
23:01:50.0430 3904 rimsptsk - ok
23:01:50.0493 3904 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
23:01:50.0496 3904 RimUsb - ok
23:01:50.0533 3904 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
23:01:50.0535 3904 rismxdp - ok
23:01:50.0581 3904 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
23:01:50.0584 3904 rspndr - ok
23:01:50.0624 3904 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
23:01:50.0628 3904 sbp2port - ok
23:01:50.0708 3904 SCDEmu (c23dbd9bfba8b1170706e0896b3cf7da) C:\Windows\system32\drivers\SCDEmu.sys
23:01:50.0711 3904 SCDEmu - ok
23:01:50.0770 3904 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
23:01:50.0774 3904 sdbus - ok
23:01:50.0792 3904 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
23:01:50.0795 3904 secdrv - ok
23:01:50.0824 3904 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
23:01:50.0835 3904 Serenum - ok
23:01:50.0868 3904 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
23:01:50.0872 3904 Serial - ok
23:01:50.0910 3904 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
23:01:50.0913 3904 sermouse - ok
23:01:50.0957 3904 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
23:01:50.0960 3904 sffdisk - ok
23:01:50.0988 3904 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
23:01:50.0991 3904 sffp_mmc - ok
23:01:51.0046 3904 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
23:01:51.0049 3904 sffp_sd - ok
23:01:51.0068 3904 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
23:01:51.0071 3904 sfloppy - ok
23:01:51.0120 3904 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
23:01:51.0123 3904 sisagp - ok
23:01:51.0168 3904 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
23:01:51.0171 3904 SiSRaid2 - ok
23:01:51.0213 3904 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
23:01:51.0217 3904 SiSRaid4 - ok
23:01:51.0269 3904 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
23:01:51.0272 3904 Smb - ok
23:01:51.0312 3904 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
23:01:51.0314 3904 spldr - ok
23:01:51.0384 3904 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
23:01:51.0392 3904 srv - ok
23:01:51.0456 3904 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
23:01:51.0461 3904 srv2 - ok
23:01:51.0514 3904 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
23:01:51.0518 3904 srvnet - ok
23:01:51.0590 3904 STHDA (805b1fc7e25613ce2dc93c0759d0aa30) C:\Windows\system32\DRIVERS\stwrt.sys
23:01:51.0600 3904 STHDA - ok
23:01:51.0660 3904 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
23:01:51.0662 3904 swenum - ok
23:01:51.0704 3904 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
23:01:51.0707 3904 Symc8xx - ok
23:01:51.0731 3904 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
23:01:51.0735 3904 Sym_hi - ok
23:01:51.0758 3904 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
23:01:51.0762 3904 Sym_u3 - ok
23:01:51.0841 3904 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
23:01:51.0873 3904 Tcpip - ok
23:01:51.0905 3904 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
23:01:51.0912 3904 Tcpip6 - ok
23:01:51.0940 3904 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
23:01:51.0942 3904 tcpipreg - ok
23:01:51.0971 3904 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
23:01:51.0973 3904 TDPIPE - ok
23:01:52.0009 3904 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
23:01:52.0012 3904 TDTCP - ok
23:01:52.0039 3904 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
23:01:52.0043 3904 tdx - ok
23:01:52.0067 3904 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
23:01:52.0070 3904 TermDD - ok
23:01:52.0163 3904 TrueSight (f69641efdb19acb4753b0155f7fdeed5) c:\windows\system32\drivers\TrueSight.sys
23:01:52.0293 3904 TrueSight - ok
23:01:52.0336 3904 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:01:52.0339 3904 tssecsrv - ok
23:01:52.0362 3904 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
23:01:52.0364 3904 tunmp - ok
23:01:52.0421 3904 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
23:01:52.0425 3904 tunnel - ok
23:01:52.0456 3904 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
23:01:52.0459 3904 uagp35 - ok
23:01:52.0495 3904 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
23:01:52.0501 3904 udfs - ok
23:01:52.0544 3904 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
23:01:52.0547 3904 uliagpkx - ok
23:01:52.0579 3904 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
23:01:52.0624 3904 uliahci - ok
23:01:52.0658 3904 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
23:01:52.0662 3904 UlSata - ok
23:01:52.0701 3904 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
23:01:52.0705 3904 ulsata2 - ok
23:01:52.0735 3904 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
23:01:52.0739 3904 umbus - ok
23:01:52.0767 3904 UMPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys
23:01:52.0770 3904 UMPass - ok
23:01:52.0841 3904 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys
23:01:52.0844 3904 USBAAPL - ok
23:01:52.0892 3904 usbbus (d9f3bb7c292f194f3b053ce295754eb8) C:\Windows\system32\DRIVERS\lgusbbus.sys
23:01:52.0894 3904 usbbus - ok
23:01:52.0934 3904 usbccgp (a7cd5b4adea26765cab06bdab7b07b13) C:\Windows\system32\DRIVERS\usbccgp.sys
23:01:52.0938 3904 usbccgp - ok
23:01:52.0972 3904 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
23:01:52.0976 3904 usbcir - ok
23:01:53.0002 3904 UsbDiag (c4f77da649f99fad116ea585376fc164) C:\Windows\system32\DRIVERS\lgusbdiag.sys
23:01:53.0005 3904 UsbDiag - ok
23:01:53.0051 3904 usbehci (686d4188ae36254c3008b71fedacadf3) C:\Windows\system32\DRIVERS\usbehci.sys
23:01:53.0054 3904 usbehci - ok
23:01:53.0088 3904 usbhub (4e42f665a658f08d153f7fffe7c83806) C:\Windows\system32\DRIVERS\usbhub.sys
23:01:53.0094 3904 usbhub - ok
23:01:53.0118 3904 USBModem (c0613ce45e617bc671de8ebb1b30d175) C:\Windows\system32\DRIVERS\lgusbmodem.sys
23:01:53.0120 3904 USBModem - ok
23:01:53.0154 3904 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
23:01:53.0158 3904 usbohci - ok
23:01:53.0196 3904 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
23:01:53.0199 3904 usbprint - ok
23:01:53.0251 3904 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:01:53.0254 3904 USBSTOR - ok
23:01:53.0278 3904 usbuhci (40f95a3d6d50d82f947f1d167c2ec39d) C:\Windows\system32\DRIVERS\usbuhci.sys
23:01:53.0281 3904 usbuhci - ok
23:01:53.0313 3904 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
23:01:53.0316 3904 vga - ok
23:01:53.0330 3904 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
23:01:53.0334 3904 VgaSave - ok
23:01:53.0360 3904 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
23:01:53.0363 3904 viaagp - ok
23:01:53.0386 3904 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
23:01:53.0389 3904 ViaC7 - ok
23:01:53.0417 3904 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
23:01:53.0419 3904 viaide - ok
23:01:53.0449 3904 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
23:01:53.0453 3904 volmgr - ok
23:01:53.0486 3904 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
23:01:53.0495 3904 volmgrx - ok
23:01:53.0514 3904 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
23:01:53.0518 3904 volsnap - ok
23:01:53.0549 3904 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
23:01:53.0554 3904 vsmraid - ok
23:01:53.0604 3904 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
23:01:53.0606 3904 WacomPen - ok
23:01:53.0658 3904 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
23:01:53.0661 3904 Wanarp - ok
23:01:53.0677 3904 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
23:01:53.0678 3904 Wanarpv6 - ok
23:01:53.0717 3904 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
23:01:53.0720 3904 Wd - ok
23:01:53.0757 3904 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
23:01:53.0769 3904 Wdf01000 - ok
23:01:53.0909 3904 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
23:01:53.0910 3904 WmiAcpi - ok
23:01:53.0983 3904 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
23:01:53.0987 3904 WpdUsb - ok
23:01:54.0022 3904 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
23:01:54.0025 3904 ws2ifsl - ok
23:01:54.0088 3904 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:01:54.0092 3904 WUDFRd - ok
23:01:54.0150 3904 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
23:01:54.0206 3904 \Device\Harddisk0\DR0 - ok
23:01:54.0220 3904 Boot (0x1200) (a431838945ca4aead0b42711b8ca0e9b) \Device\Harddisk0\DR0\Partition0
23:01:54.0221 3904 \Device\Harddisk0\DR0\Partition0 - ok
23:01:54.0227 3904 Boot (0x1200) (94dae90339cdc212d455c611584c7221) \Device\Harddisk0\DR0\Partition1
23:01:54.0228 3904 \Device\Harddisk0\DR0\Partition1 - ok
23:01:54.0230 3904 ============================================================
23:01:54.0230 3904 Scan finished
23:01:54.0230 3904 ============================================================
23:01:54.0249 2200 Detected object count: 0
23:01:54.0249 2200 Actual detected object count: 0
23:02:03.0471 4160 Deinitialize success

[OdiousMortem]

OTL logfile created on: 1/18/2012 11:02:15 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ben\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 49.53% Memory free
4.22 Gb Paging File | 3.02 Gb Available in Paging File | 71.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.25 Gb Total Space | 77.50 Gb Free Space | 55.65% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 4.48 Gb Free Space | 45.89% Space Free | Partition Type: NTFS

Computer Name: BEN-PC | User Name: Ben | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/18 22:59:05 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ben\Desktop\OTL.exe
PRC - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
PRC - [2009/05/21 10:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/09/25 11:11:38 | 000,072,704 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2008/08/13 23:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/07/15 11:12:48 | 001,226,024 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2008/06/30 05:28:24 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/06/30 05:28:14 | 000,196,608 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/06/30 05:28:12 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008/06/30 05:28:12 | 000,046,376 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/06/26 06:10:00 | 000,221,273 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\stacsv.exe
PRC - [2008/06/26 06:09:50 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\AEstSrv.exe
PRC - [2008/06/09 12:47:36 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe
PRC - [2008/05/05 17:46:38 | 001,168,632 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2008/05/02 14:09:04 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2007/10/03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/10/03 15:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/30 02:35:18 | 015,881,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MenuSkinning\5d8533dc28d20583d71e1c7433141d31\MenuSkinning.ni.dll
MOD - [2011/06/30 02:34:59 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\f8694104e62a8182b9fbbae0e5173fcf\System.Web.ni.dll
MOD - [2011/06/30 02:34:50 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\dee800943eedfcd6120a7b56f0887fb0\System.Runtime.Remoting.ni.dll
MOD - [2011/06/30 02:34:39 | 000,284,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\431e8bcd04578dc3a991db1fd45816cb\VistaBridgeLibrary.ni.dll
MOD - [2011/06/30 02:34:35 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\18f2261a32e4aa98d770c405554bd8d5\System.Management.ni.dll
MOD - [2011/06/30 02:34:34 | 002,261,504 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\d452b64f7cb8848b2e94eb8b3a304bb9\DellDock.ni.exe
MOD - [2011/06/30 02:34:32 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\d794c4339c61676b7e195efc65e858fc\MyDock.Util.ni.dll
MOD - [2011/06/30 02:34:24 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f183e57f94e56ac92ee99eed8e63943d\System.Configuration.ni.dll
MOD - [2011/06/30 02:34:21 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\bc78764e2649bd53edc5c9884efba391\Accessibility.ni.dll
MOD - [2011/06/30 02:31:51 | 005,451,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\59f9dfe0ea64752c07f5a59c283c163b\System.Xml.ni.dll
MOD - [2011/06/30 02:31:34 | 012,432,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f4fbd5c3aa0de64cce8f542b447a31a8\System.Windows.Forms.ni.dll
MOD - [2011/06/30 02:31:24 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\54d1bb7213f94f2bfa67b0b560785220\System.Drawing.ni.dll
MOD - [2011/06/30 02:30:19 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\a9288099fbc6849c6c7523745b4f64f4\System.ni.dll
MOD - [2011/06/30 02:29:54 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a189480a53deaaf80a820de30553259b\mscorlib.ni.dll
MOD - [2011/04/24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtgui4.dll
MOD - [2011/04/24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtsql4.dll
MOD - [2011/04/24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtscript4.dll
MOD - [2011/04/24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtnetwork4.dll
MOD - [2011/04/24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtcore4.dll
MOD - [2011/04/24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtdeclarative4.dll
MOD - [2011/04/20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\imageformats\qgif4.dll
MOD - [2009/09/05 00:54:38 | 000,180,224 | ---- | M] () -- C:\Program Files\QuickTime\QTSystem\QTCF.dll
MOD - [2009/09/04 22:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/09/04 22:14:56 | 000,120,096 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
MOD - [2009/09/04 22:14:44 | 000,039,712 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
MOD - [2008/08/05 07:16:20 | 000,055,808 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe -- (AVP)
SRV - [2008/09/25 11:24:51 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/09/25 11:11:38 | 000,072,704 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2008/08/13 23:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/06/26 06:10:00 | 000,221,273 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\stacsv.exe -- (STacSV)
SRV - [2008/06/26 06:09:50 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\AEstSrv.exe -- (AESTFilters)
SRV - [2008/06/09 12:47:36 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2008/05/05 17:46:38 | 001,168,632 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2008/05/02 14:09:04 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2007/10/03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV - [2012/01/18 01:20:49 | 000,570,160 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2011/03/10 18:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2011/03/04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2011/03/04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\kl1.sys -- (KL1)
DRV - [2009/11/02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2008/11/02 03:44:10 | 000,056,572 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/08/05 07:16:06 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/07/28 02:14:08 | 000,144,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2008/07/28 02:14:06 | 000,277,504 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2008/06/30 05:28:10 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/06/30 00:54:56 | 000,475,136 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2008/06/26 06:10:08 | 000,380,928 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/03/14 08:04:26 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2008/03/11 01:42:24 | 000,203,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink ™
DRV - [2008/03/11 01:27:52 | 000,111,616 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/03/11 01:24:46 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2008/03/11 01:24:44 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/03/11 01:24:42 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/01/20 21:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/04/09 09:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 09:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 09:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=us&ibd=5080925
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=us&ibd=5080925
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=us&ibd=5080925
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Ben\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\FirefoxExt\ [2008/09/25 11:17:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru [2012/01/18 01:47:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/01/18 01:47:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\firefoxext [2008/09/25 11:17:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Ben\AppData\Roaming\Move Networks [2009/12/29 19:31:29 | 000,000,000 | ---D | M]


Hosts file not found
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{396080BC-FE0C-4BE3-BFB1-8D750CDA9370}: DhcpNameServer = 68.87.64.230 68.87.66.234
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96897720-D01F-49ED-BEED-9EF87160FFD2}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Tranportation_1920x1200.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Tranportation_1920x1200.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7272e445-3434-11df-b616-00217086295e}\Shell\AutoRun\command - "" = F:\slacker.synclauncher.exe
O33 - MountPoints2\{7272e445-3434-11df-b616-00217086295e}\Shell\slacker\command - "" = F:\slacker.synclauncher.exe
O33 - MountPoints2\{7272e455-3434-11df-b616-00217086295e}\Shell\AutoRun\command - "" = F:\slacker.synclauncher.exe
O33 - MountPoints2\{7272e455-3434-11df-b616-00217086295e}\Shell\slacker\command - "" = F:\slacker.synclauncher.exe
O33 - MountPoints2\{dd45ab02-9112-11e0-bf6a-00217086295e}\Shell - "" = AutoRun
O33 - MountPoints2\{dd45ab02-9112-11e0-bf6a-00217086295e}\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe
O33 - MountPoints2\{e47fcae7-41e2-11e1-b41c-00217086295e}\Shell - "" = AutoRun
O33 - MountPoints2\{e47fcae7-41e2-11e1-b41c-00217086295e}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{e9db83b9-4719-11df-9dd4-00217086295e}\Shell - "" = AutoRun
O33 - MountPoints2\{e9db83b9-4719-11df-9dd4-00217086295e}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/18 22:59:01 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Ben\Desktop\OTL.exe
[2012/01/18 22:58:39 | 001,975,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ben\Desktop\tdsskiller.exe
[2012/01/18 12:21:47 | 000,000,000 | ---D | C] -- C:\Users\Ben\Desktop\RK_Quarantine
[2012/01/18 12:07:45 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Ben\Desktop\dds.scr
[2012/01/18 12:03:28 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/01/18 10:56:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
[2012/01/18 10:56:42 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2012/01/18 01:25:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2012
[2012/01/18 01:21:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/01/18 01:21:51 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2012/01/18 01:20:49 | 000,570,160 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2012/01/17 23:52:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012/01/17 21:38:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2
[2012/01/17 21:26:37 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/17 21:00:23 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012/01/17 21:00:23 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012/01/17 21:00:08 | 000,000,000 | ---D | C] -- C:\Program Files\Free Offers from Freeze.com
[2012/01/17 20:34:52 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\ElevatedDiagnostics
[2012/01/17 17:48:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Martau
[2012/01/17 17:48:35 | 000,000,000 | ---D | C] -- C:\Program Files\Total Uninstall 5
[2012/01/17 17:26:16 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\Auslogics
[2012/01/17 17:26:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2012/01/17 17:26:13 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2012/01/17 17:25:04 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/01/17 17:22:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/01/17 17:22:13 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/01/17 17:03:22 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/01/17 15:07:12 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\Malwarebytes
[2012/01/17 14:24:52 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/01/02 11:01:46 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Ben\AppData\Roaming\DataSafeDotNet.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/18 22:59:05 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ben\Desktop\OTL.exe
[2012/01/18 22:58:46 | 001,975,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ben\Desktop\tdsskiller.exe
[2012/01/18 22:56:35 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/18 22:54:33 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/18 22:54:33 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/18 22:51:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/18 22:35:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At46.job
[2012/01/18 22:35:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At45.job
[2012/01/18 21:35:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At43.job
[2012/01/18 21:34:59 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At44.job
[2012/01/18 20:35:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At42.job
[2012/01/18 20:35:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At41.job
[2012/01/18 19:35:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At40.job
[2012/01/18 19:35:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At39.job
[2012/01/18 18:35:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At38.job
[2012/01/18 18:35:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At37.job
[2012/01/18 17:35:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At36.job
[2012/01/18 17:35:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At35.job
[2012/01/18 16:35:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At34.job
[2012/01/18 16:35:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At33.job
[2012/01/18 15:35:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At32.job
[2012/01/18 15:35:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At31.job
[2012/01/18 15:00:58 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/18 15:00:58 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/18 14:54:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/18 12:49:49 | 000,000,359 | ---- | M] () -- C:\Users\Ben\Desktop\fix.reg
[2012/01/18 12:35:03 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At26.job
[2012/01/18 12:34:59 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At25.job
[2012/01/18 12:29:09 | 000,000,945 | ---- | M] () -- C:\Users\Ben\Desktop\Launch Internet Explorer Browser.lnk
[2012/01/18 12:25:04 | 000,334,421 | ---- | M] () -- C:\Users\Ben\Desktop\FSS.exe
[2012/01/18 12:22:38 | 000,111,872 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2012/01/18 12:07:08 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Ben\Desktop\dds.scr
[2012/01/18 10:56:43 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2012/01/18 10:35:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At22.job
[2012/01/18 10:34:59 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At21.job
[2012/01/18 09:35:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At20.job
[2012/01/18 09:35:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At19.job
[2012/01/18 08:35:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At18.job
[2012/01/18 08:35:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At17.job
[2012/01/18 07:35:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At16.job
[2012/01/18 07:35:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At15.job
[2012/01/18 06:35:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At14.job
[2012/01/18 06:35:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At13.job
[2012/01/18 05:35:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At12.job
[2012/01/18 05:35:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At11.job
[2012/01/18 04:35:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At10.job
[2012/01/18 04:35:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At9.job
[2012/01/18 03:35:01 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At8.job
[2012/01/18 03:35:01 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At7.job
[2012/01/18 02:35:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At6.job
[2012/01/18 02:34:59 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At5.job
[2012/01/18 01:47:13 | 000,115,369 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2012/01/18 01:47:12 | 000,097,961 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2012/01/18 01:35:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At4.job
[2012/01/18 01:35:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At3.job
[2012/01/18 01:29:43 | 000,017,408 | ---- | M] () -- C:\Users\Ben\AppData\Local\WebpageIcons.db
[2012/01/18 01:28:35 | 000,000,974 | ---- | M] () -- C:\Users\Ben\Desktop\Kaspersky Anti-Virus 2012.lnk
[2012/01/18 01:20:49 | 000,570,160 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2012/01/18 00:35:04 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At2.job
[2012/01/18 00:35:04 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At1.job
[2012/01/17 23:35:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At48.job
[2012/01/17 23:35:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At47.job
[2012/01/17 17:26:14 | 000,001,041 | ---- | M] () -- C:\Users\Ben\Desktop\Auslogics Disk Defrag.lnk
[2012/01/17 17:20:37 | 000,023,624 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro36.sys
[2012/01/17 17:14:17 | 000,001,432 | ---- | M] () -- C:\Windows\System32\.crusader
[2012/01/17 14:37:15 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At29.job
[2012/01/17 14:36:30 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At30.job
[2012/01/17 11:38:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/01/17 11:35:45 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At24.job
[2012/01/17 11:35:01 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At23.job
[2012/01/16 07:29:18 | 000,000,000 | ---- | M] () -- C:\Windows\System32\null
[2012/01/12 18:06:58 | 000,023,552 | ---- | M] () -- C:\Users\Ben\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/12 13:35:42 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At27.job
[2012/01/12 13:35:25 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At28.job
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/18 12:49:49 | 000,000,359 | ---- | C] () -- C:\Users\Ben\Desktop\fix.reg
[2012/01/18 12:25:14 | 000,334,421 | ---- | C] () -- C:\Users\Ben\Desktop\FSS.exe
[2012/01/18 12:21:49 | 000,111,872 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2012/01/18 10:56:43 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2012/01/18 01:29:38 | 000,017,408 | ---- | C] () -- C:\Users\Ben\AppData\Local\WebpageIcons.db
[2012/01/18 01:28:35 | 000,000,974 | ---- | C] () -- C:\Users\Ben\Desktop\Kaspersky Anti-Virus 2012.lnk
[2012/01/18 01:25:58 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2012/01/18 01:25:58 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2012/01/17 17:48:37 | 000,000,845 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Uninstall 5.lnk
[2012/01/17 17:26:14 | 000,001,041 | ---- | C] () -- C:\Users\Ben\Desktop\Auslogics Disk Defrag.lnk
[2012/01/17 17:14:17 | 000,001,432 | ---- | C] () -- C:\Windows\System32\.crusader
[2012/01/17 17:03:34 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro36.sys
[2011/12/15 08:20:23 | 000,000,000 | ---- | C] () -- C:\ProgramData\0U7uKtJ4.exe.b
[2011/12/09 18:28:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\50qPmDuK.com.b
[2011/12/09 18:26:33 | 000,000,112 | ---- | C] () -- C:\ProgramData\gSFE4L.dat
[2011/03/11 12:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2009/08/30 16:38:59 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Strings
[2009/08/30 16:38:59 | 000,000,268 | RH-- | C] () -- C:\Users\Ben\AppData\Roaming\StatusSheet
[2009/08/30 16:38:59 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2009/08/30 16:38:59 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Synth Leads
[2008/12/28 20:49:45 | 000,005,972 | ---- | C] () -- C:\Users\Ben\AppData\Local\d3d9caps.dat
[2008/12/21 17:45:24 | 000,870,128 | ---- | C] () -- C:\Users\Ben\AppData\Roaming\mcs.rma
[2008/12/21 17:45:24 | 000,000,004 | ---- | C] () -- C:\Users\Ben\AppData\Roaming\BEE317
[2008/10/06 16:18:17 | 000,002,206 | ---- | C] () -- C:\Users\Ben\AppData\Roaming\wklnhst.dat
[2008/10/02 19:13:55 | 000,023,552 | ---- | C] () -- C:\Users\Ben\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/02 18:51:53 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/10/02 18:51:53 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/09/25 13:51:43 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008/09/25 13:51:43 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008/09/25 13:51:43 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/09/25 13:51:43 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2008/09/25 13:51:43 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/09/25 11:21:21 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2008/09/25 11:14:23 | 000,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2008/09/25 11:14:22 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2008/09/25 11:12:23 | 000,101,376 | ---- | C] () -- C:\Windows\System32\APOMngr.dll
[2008/09/25 11:12:23 | 000,066,560 | ---- | C] () -- C:\Windows\System32\CmdRtr.dll
[2008/09/25 11:12:23 | 000,000,628 | ---- | C] () -- C:\Windows\System32\PCI_VEN_1102&DEV_FF05&SUBSYS_00001102.ini
[2008/02/03 18:11:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,295,832 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2012/01/17 17:26:16 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Auslogics
[2008/10/02 17:56:12 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\DigitalPersona
[2009/08/30 16:43:45 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Nikon
[2010/03/20 10:33:24 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Research In Motion
[2008/10/06 16:18:19 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Template
[2012/01/18 00:35:04 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2012/01/18 04:35:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At10.job
[2012/01/18 05:35:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At11.job
[2012/01/18 05:35:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At12.job
[2012/01/18 06:35:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At13.job
[2012/01/18 06:35:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At14.job
[2012/01/18 07:35:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At15.job
[2012/01/18 07:35:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At16.job
[2012/01/18 08:35:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At17.job
[2012/01/18 08:35:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At18.job
[2012/01/18 09:35:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At19.job
[2012/01/18 00:35:04 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2012/01/18 09:35:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At20.job
[2012/01/18 10:34:59 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At21.job
[2012/01/18 10:35:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At22.job
[2012/01/17 11:35:01 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At23.job
[2012/01/17 11:35:45 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At24.job
[2012/01/18 12:34:59 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At25.job
[2012/01/18 12:35:03 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At26.job
[2012/01/12 13:35:42 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At27.job
[2012/01/12 13:35:25 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At28.job
[2012/01/17 14:37:15 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At29.job
[2012/01/18 01:35:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2012/01/17 14:36:30 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At30.job
[2012/01/18 15:35:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At31.job
[2012/01/18 15:35:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At32.job
[2012/01/18 16:35:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At33.job
[2012/01/18 16:35:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At34.job
[2012/01/18 17:35:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At35.job
[2012/01/18 17:35:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At36.job
[2012/01/18 18:35:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At37.job
[2012/01/18 18:35:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At38.job
[2012/01/18 19:35:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At39.job
[2012/01/18 01:35:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2012/01/18 19:35:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At40.job
[2012/01/18 20:35:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At41.job
[2012/01/18 20:35:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At42.job
[2012/01/18 21:35:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At43.job
[2012/01/18 21:34:59 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At44.job
[2012/01/18 22:35:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At45.job
[2012/01/18 22:35:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At46.job
[2012/01/17 23:35:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At47.job
[2012/01/17 23:35:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At48.job
[2012/01/18 02:34:59 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At5.job
[2012/01/18 02:35:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At6.job
[2012/01/18 03:35:01 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At7.job
[2012/01/18 03:35:01 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At8.job
[2012/01/18 04:35:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At9.job
[2012/01/18 13:18:19 | 000,032,650 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >

[OdiousMortem]

OTL Extras logfile created on: 1/18/2012 11:02:15 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ben\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 49.53% Memory free
4.22 Gb Paging File | 3.02 Gb Available in Paging File | 71.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.25 Gb Total Space | 77.50 Gb Free Space | 55.65% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 4.48 Gb Free Space | 45.89% Space Free | Partition Type: NTFS

Computer Name: BEN-PC | User Name: Ben | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C07495-D36C-47C2-903E-2A9038ADD8B7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{025C3FBC-A96A-428D-8880-EA893D3AB962}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{02B3B8F2-9C34-4BC0-84F5-65FE276678C2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{135FD638-D9B6-4669-B3AF-C2395DD9AD87}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{21B2E0CA-10D0-4BBB-B009-5360DCE7F30D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2D68328C-3494-4920-B667-0E596BAEE947}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{31D1CB88-76A2-44A0-8C20-FEEF43898620}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{45717056-A0B5-47CB-BC6F-26708CEDFB30}" = lport=3390 | protocol=6 | dir=in | app=system |
"{6596CC10-5CBA-4D09-A094-EFB83EB8C065}" = lport=3390 | protocol=6 | dir=in | app=system |
"{68BBEF71-B0AC-4BBA-965B-BC33D0BB4632}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{6E519DBB-5A65-4B71-9946-4558671F2E6B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{71520B43-0156-4A2C-A720-E40CCEE13F2E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{74A67321-4AEE-40E7-B46C-46535FF6D83E}" = rport=10244 | protocol=6 | dir=out | app=system |
"{771A73B5-8F6C-4F5E-B234-9EF31C905800}" = lport=10244 | protocol=6 | dir=in | app=system |
"{855B75FD-EE6C-4C59-8DF7-0EACF72629D7}" = rport=10244 | protocol=6 | dir=out | app=system |
"{A6F5A0C8-A247-464A-B5E5-F69F40925098}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B8531F9E-5467-4D65-AB9D-0971AFEE331D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BBA62406-8524-4CE4-B8CE-458D4D7ED8C6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CDFC1387-9F45-4AEA-8350-6B27B2674FC6}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{D4CBCC6E-A7F0-4057-BDA4-D9863D2F32FE}" = lport=10244 | protocol=6 | dir=in | app=system |
"{DEE1F6A0-6681-4286-AD2B-D5BF0B8578B3}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{F98309DC-AD7E-4060-8523-0C307621BBDC}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{126ACA5A-33F8-40F0-8B36-7397B5F7F0BF}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{1B2D21F3-054C-43A2-9CC7-E8FBA85682BF}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{205C25C8-1CAF-4866-BD81-D22723528243}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{23F6C1A4-BDF5-4DD1-A4E4-C79E6D149420}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{26336B2B-6AF1-45C5-8398-4ECFE6F931EB}" = protocol=17 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{3ECB2187-1ADC-4B29-ACCC-6AC72E0E850F}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{4EBFB35B-BA00-4DCF-B5F0-DAEBA1696222}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{4F755447-0024-46FE-952F-457806B9F19F}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{5342D1C6-571D-4A02-AC02-FA6FCF95FCC5}" = protocol=6 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{54486F1B-952B-4154-BD12-11D630F1A608}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{6ADFF835-BFA6-4B45-B7B2-D2F5F2E53495}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{70DE34BF-4041-4ECE-99F2-0167DFFE410E}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{88EF060D-3892-47A2-89E5-DD06305C5ECA}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{8FD8052C-C10C-4DA2-9FB4-3E4A97C70305}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{BBE31CE7-EA8F-4D5F-A9F5-4CBA28E75758}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CE8D79AA-F1DB-4E43-9120-2641D1BA6E87}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D2ECED06-B213-4C9B-829E-4A508F5F6264}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{140BF0D0-E848-405C-9A01-D3256B918B6D}" = AuthenTec Fingerprint System
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{255909FA-8E58-4BC2-A83A-3C71EB5DD6EC}" = EarthLink Setup Files
"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{35EAF162-26F1-4DD2-8349-297F5CE31FD5}" = DigitalPersona Personal 3.1.0
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A447CFB-B64E-4D3C-9744-2EA44EFB8F97}" = BlackBerry Device Software Updater
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6D3963B0-E13B-4FC3-B0FF-506A304BB043}" = Cisco EAP-FAST Module
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9176251A-4CC1-4DDB-B343-B487195EB397}" = Windows Live Writer
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"7-Zip 9.20" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative OA001" = Integrated Webcam Driver (1.02.02.0603)
"Dell Video Chat" = Dell Video Chat (remove only)
"Dell Webcam Central" = Dell Webcam Central
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"GoToAssist" = GoToAssist 8.0.0.514
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PowerISO" = PowerISO
"Scrabble" = Scrabble (remove only)
"Total Uninstall 5_is1" = Total Uninstall 5.10.1

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/17/2012 6:00:49 PM | Computer Name = Ben-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/17/2012 6:17:23 PM | Computer Name = Ben-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 1/17/2012 6:17:25 PM | Computer Name = Ben-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/17/2012 6:50:04 PM | Computer Name = Ben-PC | Source = VSS | ID = 8194
Description =

Error - 1/17/2012 6:51:20 PM | Computer Name = Ben-PC | Source = VSS | ID = 8194
Description =

Error - 1/17/2012 9:01:47 PM | Computer Name = Ben-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/17/2012 9:27:28 PM | Computer Name = Ben-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 1/17/2012 9:30:13 PM | Computer Name = Ben-PC | Source = VSS | ID = 8194
Description =

Error - 1/17/2012 9:44:37 PM | Computer Name = Ben-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/17/2012 9:45:06 PM | Computer Name = Ben-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ Broadcom Wireless LAN Events ]
Error - 1/17/2012 5:46:51 PM | Computer Name = Ben-PC | Source = WLAN-Tray | ID = 0
Description = 16:46:51, Tue, Jan 17, 12 Error - User "" does not have administrative
privileges on this system

Error - 1/17/2012 5:46:51 PM | Computer Name = Ben-PC | Source = WLAN-Tray | ID = 0
Description = 16:46:51, Tue, Jan 17, 12 Error - User "" does not have administrative
privileges on this system

Error - 1/17/2012 6:14:27 PM | Computer Name = Ben-PC | Source = WLAN-Tray | ID = 0
Description = 17:14:27, Tue, Jan 17, 12 Error - User "" does not have administrative
privileges on this system

Error - 1/17/2012 6:14:27 PM | Computer Name = Ben-PC | Source = WLAN-Tray | ID = 0
Description = 17:14:27, Tue, Jan 17, 12 Error - User "" does not have administrative
privileges on this system

Error - 1/17/2012 7:20:05 PM | Computer Name = Ben-PC | Source = WLAN-Tray | ID = 0
Description = 18:20:05, Tue, Jan 17, 12 Error - User "" does not have administrative
privileges on this system

Error - 1/17/2012 7:20:05 PM | Computer Name = Ben-PC | Source = WLAN-Tray | ID = 0
Description = 18:20:05, Tue, Jan 17, 12 Error - User "" does not have administrative
privileges on this system

Error - 1/17/2012 9:02:46 PM | Computer Name = Ben-PC | Source = WLAN-Tray | ID = 0
Description = 20:02:45, Tue, Jan 17, 12 Error - Unable to gain access to user store

Error - 1/17/2012 9:43:13 PM | Computer Name = Ben-PC | Source = WLAN-Tray | ID = 0
Description = 20:43:13, Tue, Jan 17, 12 Error - User "" does not have administrative
privileges on this system

Error - 1/17/2012 9:43:13 PM | Computer Name = Ben-PC | Source = WLAN-Tray | ID = 0
Description = 20:43:13, Tue, Jan 17, 12 Error - User "" does not have administrative
privileges on this system

Error - 1/18/2012 10:43:15 AM | Computer Name = Ben-PC | Source = WLAN-Tray | ID = 0
Description = 09:43:15, Wed, Jan 18, 12 Error - User "" does not have administrative
privileges on this system

[ DigitalPersona Pro Events ]
Error - 12/30/2008 6:22:39 PM | Computer Name = Ben-PC | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 6/6/2010 1:57:48 PM | Computer Name = Ben-PC | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 1/23/2011 6:22:45 PM | Computer Name = Ben-PC | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 1/23/2011 6:22:49 PM | Computer Name = Ben-PC | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

[ Media Center Events ]
Error - 1/10/2009 11:18:06 PM | Computer Name = Ben-PC | Source = Mcx2Dvcs | ID = 401
Description =

Error - 1/10/2009 11:20:15 PM | Computer Name = Ben-PC | Source = McrMgr | ID = 107
Description =

Error - 1/10/2009 11:20:25 PM | Computer Name = Ben-PC | Source = McrMgr | ID = 107
Description =

Error - 2/13/2009 6:35:07 PM | Computer Name = Ben-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/11/2009 5:59:18 PM | Computer Name = Ben-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/3/2009 6:38:31 PM | Computer Name = Ben-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 1/4/2010 6:30:40 PM | Computer Name = Ben-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/1/2010 9:20:01 PM | Computer Name = Ben-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 8/5/2009 2:12:00 AM | Computer Name = Ben-PC | Source = DCOM | ID = 10010
Description =

Error - 8/5/2009 2:12:01 AM | Computer Name = Ben-PC | Source = DCOM | ID = 10010
Description =

Error - 8/5/2009 2:12:01 AM | Computer Name = Ben-PC | Source = Service Control Manager | ID = 7043
Description =

Error - 8/5/2009 12:33:13 PM | Computer Name = Ben-PC | Source = HTTP | ID = 15016
Description =

Error - 8/5/2009 12:33:57 PM | Computer Name = Ben-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/6/2009 10:15:10 AM | Computer Name = Ben-PC | Source = HTTP | ID = 15016
Description =

Error - 8/6/2009 10:15:56 AM | Computer Name = Ben-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/7/2009 1:51:51 AM | Computer Name = Ben-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 8/7/2009 2:38:02 PM | Computer Name = Ben-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 8/8/2009 12:53:57 AM | Computer Name = Ben-PC | Source = Service Control Manager | ID = 7011
Description =


< End of report >

[Maniac]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  [2012/01/17 21:00:08 | 000,000,000 | ---D | C] -- C:\Program Files\Free Offers from Freeze.com
  [2011/12/15 08:20:23 | 000,000,000 | ---- | C] () -- C:\ProgramData\0U7uKtJ4.exe.b
  [2011/12/09 18:28:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\50qPmDuK.com.b
  [2011/12/09 18:26:33 | 000,000,112 | ---- | C] () -- C:\ProgramData\gSFE4L.dat
  [2008/12/21 17:45:24 | 000,870,128 | ---- | C] () -- C:\Users\Ben\AppData\Roaming\mcs.rma
  [2008/12/21 17:45:24 | 000,000,004 | ---- | C] () -- C:\Users\Ben\AppData\Roaming\BEE317
  [2008/10/06 16:18:17 | 000,002,206 | ---- | C] () -- C:\Users\Ben\AppData\Roaming\wklnhst.dat
  [2008/09/25 11:21:21 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
  
  :files
  C:\Windows\tasks\*.job
  
  :Commands
  [resethosts]
  [emptytemp]

  
  
• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
  
• Post the log file.

[OdiousMortem]

All processes killed
========== OTL ==========
C:\Program Files\Free Offers from Freeze.com folder moved successfully.
File C:\ProgramData\0U7uKtJ4.exe.b not found.
C:\Windows\System32\50qPmDuK.com.b moved successfully.
File C:\ProgramData\gSFE4L.dat not found.
C:\Users\Ben\AppData\Roaming\mcs.rma moved successfully.
C:\Users\Ben\AppData\Roaming\BEE317 moved successfully.
C:\Users\Ben\AppData\Roaming\wklnhst.dat moved successfully.
C:\Windows\CT4CET.bin moved successfully.
========== FILES ==========
C:\Windows\tasks\At1.job moved successfully.
C:\Windows\tasks\At10.job moved successfully.
C:\Windows\tasks\At11.job moved successfully.
C:\Windows\tasks\At12.job moved successfully.
C:\Windows\tasks\At13.job moved successfully.
C:\Windows\tasks\At14.job moved successfully.
C:\Windows\tasks\At15.job moved successfully.
C:\Windows\tasks\At16.job moved successfully.
C:\Windows\tasks\At17.job moved successfully.
C:\Windows\tasks\At18.job moved successfully.
C:\Windows\tasks\At19.job moved successfully.
C:\Windows\tasks\At2.job moved successfully.
C:\Windows\tasks\At20.job moved successfully.
C:\Windows\tasks\At21.job moved successfully.
C:\Windows\tasks\At22.job moved successfully.
C:\Windows\tasks\At23.job moved successfully.
C:\Windows\tasks\At24.job moved successfully.
C:\Windows\tasks\At25.job moved successfully.
C:\Windows\tasks\At26.job moved successfully.
C:\Windows\tasks\At27.job moved successfully.
C:\Windows\tasks\At28.job moved successfully.
C:\Windows\tasks\At29.job moved successfully.
C:\Windows\tasks\At3.job moved successfully.
C:\Windows\tasks\At30.job moved successfully.
C:\Windows\tasks\At31.job moved successfully.
C:\Windows\tasks\At32.job moved successfully.
C:\Windows\tasks\At33.job moved successfully.
C:\Windows\tasks\At34.job moved successfully.
C:\Windows\tasks\At35.job moved successfully.
C:\Windows\tasks\At36.job moved successfully.
C:\Windows\tasks\At37.job moved successfully.
C:\Windows\tasks\At38.job moved successfully.
C:\Windows\tasks\At39.job moved successfully.
C:\Windows\tasks\At4.job moved successfully.
C:\Windows\tasks\At40.job moved successfully.
C:\Windows\tasks\At41.job moved successfully.
C:\Windows\tasks\At42.job moved successfully.
C:\Windows\tasks\At43.job moved successfully.
C:\Windows\tasks\At44.job moved successfully.
C:\Windows\tasks\At45.job moved successfully.
C:\Windows\tasks\At46.job moved successfully.
C:\Windows\tasks\At47.job moved successfully.
C:\Windows\tasks\At48.job moved successfully.
C:\Windows\tasks\At5.job moved successfully.
C:\Windows\tasks\At6.job moved successfully.
C:\Windows\tasks\At7.job moved successfully.
C:\Windows\tasks\At8.job moved successfully.
C:\Windows\tasks\At9.job moved successfully.
C:\Windows\tasks\Google Software Updater.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Ben
->Temp folder emptied: 32582 bytes
->Temporary Internet Files folder emptied: 5107867 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 23477153 bytes
RecycleBin emptied: 2821 bytes

Total Files Cleaned = 27.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01192012_095958
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...

[Maniac]

Very good!

Please follow this guide:
http://www.bleepingc...se-combofix#use

Post the log file when you are ready.

[OdiousMortem]

Hello again Maniac. Here is the combofix log.

ComboFix 12-01-19.02 - Ben 01/19/2012 23:08:51.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.795 [GMT -5:00]
Running from: c:\users\Ben\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\oem49.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-12-20 to 2012-01-20 )))))))))))))))))))))))))))))))
.
.
2012-01-20 04:17 . 2012-01-20 04:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-20 03:53 . 2012-01-20 03:53 -------- d-----w- c:\windows\system32\ca-ES
2012-01-20 03:53 . 2012-01-20 03:53 -------- d-----w- c:\windows\system32\eu-ES
2012-01-20 03:53 . 2012-01-20 03:53 -------- d-----w- c:\windows\system32\vi-VN
2012-01-19 18:13 . 2011-10-04 22:22 703824 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7AD62C7C-A16B-4711-842F-EA9C273960C9}\gapaengine.dll
2012-01-19 18:13 . 2012-01-17 09:39 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AEB919DB-BE2B-41DA-8583-5FFF5AE3A8E7}\mpengine.dll
2012-01-19 17:57 . 2012-01-19 17:58 -------- d-----w- c:\program files\Microsoft Security Client
2012-01-19 17:56 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2012-01-19 17:52 . 2009-04-11 06:28 203264 ----a-w- c:\windows\system32\uDWM.dll
2012-01-19 17:51 . 2009-04-11 06:32 53736 ----a-w- c:\windows\system32\drivers\disk.sys
2012-01-19 17:50 . 2009-04-11 06:28 61952 ----a-w- c:\windows\system32\wbem\xml\wmi2xml.dll
2012-01-19 17:49 . 2010-12-18 04:47 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-01-19 17:49 . 2010-12-18 06:26 129536 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-01-19 17:49 . 2010-12-18 06:22 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-01-19 17:49 . 2010-12-18 06:22 247808 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2012-01-19 17:47 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2012-01-19 17:44 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2012-01-19 17:44 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2012-01-19 17:43 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-19 16:29 . 2008-05-27 04:59 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2012-01-19 15:54 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2012-01-19 15:54 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2012-01-19 15:54 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2012-01-19 15:51 . 2009-10-09 21:56 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
2012-01-19 15:51 . 2009-10-09 21:56 241152 ----a-w- c:\windows\system32\winrscmd.dll
2012-01-19 15:51 . 2009-10-09 21:56 246272 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2012-01-19 15:51 . 2009-10-09 21:55 252416 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2012-01-19 15:48 . 2012-01-19 15:48 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-01-19 15:43 . 2012-01-19 15:48 567184 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-19 15:42 . 2009-09-10 14:58 1418752 ----a-w- c:\program files\Windows Media Player\setup_wm.exe
2012-01-19 15:42 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2012-01-19 15:40 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2012-01-19 15:39 . 2010-10-15 14:08 3602320 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-01-19 15:33 . 2011-02-22 13:23 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-01-19 15:32 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys
2012-01-19 15:32 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll
2012-01-19 15:31 . 2009-07-17 13:54 71680 ----a-w- c:\windows\system32\atl.dll
2012-01-19 15:31 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
2012-01-19 15:31 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2012-01-19 15:31 . 2009-06-10 11:42 160256 ----a-w- c:\windows\system32\wkssvc.dll
2012-01-19 15:31 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2012-01-19 15:30 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2012-01-19 15:30 . 2010-06-17 18:08 10926592 ----a-w- c:\program files\Movie Maker\MOVIEMK.dll
2012-01-19 15:30 . 2010-06-17 16:16 150016 ----a-w- c:\program files\Movie Maker\MOVIEMK.exe
2012-01-19 15:30 . 2009-04-11 06:28 23040 ----a-w- c:\program files\Movie Maker\WMM2EXT.dll
2012-01-19 15:30 . 2009-04-11 06:28 195072 ----a-w- c:\program files\Movie Maker\WMM2AE.dll
2012-01-19 15:30 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
2012-01-19 15:30 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2012-01-19 15:30 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-01-19 15:29 . 2010-01-21 15:05 62464 ----a-w- c:\windows\system32\l3codeca.acm
2012-01-19 15:29 . 2009-04-11 06:27 220672 ----a-w- c:\windows\system32\l3codecp.acm
2012-01-19 15:29 . 2010-12-20 16:35 563712 ----a-w- c:\windows\system32\oleaut32.dll
2012-01-19 15:29 . 2009-04-23 12:14 623616 ----a-w- c:\windows\system32\localspl.dll
2012-01-19 15:29 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll
2012-01-19 15:29 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
2012-01-19 15:29 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll
2012-01-19 15:28 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-19 15:28 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2012-01-19 15:28 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2012-01-19 15:28 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-19 15:28 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-19 15:28 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-19 15:28 . 2008-02-29 06:35 6656 ----a-w- c:\windows\system32\kbd106n.dll
2012-01-19 15:26 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll
2012-01-19 15:09 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll
2012-01-19 15:06 . 2009-07-15 12:39 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2012-01-19 15:06 . 2009-07-15 10:21 43520 ----a-w- c:\windows\system32\msdxm.tlb
2012-01-19 15:06 . 2009-07-15 10:21 18432 ----a-w- c:\windows\system32\amcompat.tlb
2012-01-19 15:00 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2012-01-19 14:58 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2012-01-19 10:18 . 2008-06-26 11:10 380928 ----a-w- c:\windows\system32\drivers\stwrt.sys
2012-01-19 10:18 . 2008-06-26 11:10 678912 ----a-w- c:\windows\system32\stapo.dll
2012-01-19 10:18 . 2008-06-26 11:10 344576 ----a-w- c:\windows\system32\stcplx.dll
2012-01-19 10:18 . 2008-06-26 11:10 405504 ----a-w- c:\windows\system32\stapi32.dll
2012-01-19 10:18 . 2008-06-26 11:09 173568 ----a-w- c:\windows\system32\st326017.dll
2012-01-19 10:08 . 2012-01-19 10:08 -------- d-----w- C:\$WINDOWS.~Q
2012-01-19 10:03 . 2012-01-19 10:03 -------- d-----w- C:\$INPLACE.~TR
2012-01-19 08:45 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-01-19 08:44 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
2012-01-19 08:40 . 2009-11-08 15:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-01-19 08:40 . 2009-11-08 15:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2012-01-19 08:40 . 2009-11-08 15:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2012-01-19 08:40 . 2009-11-08 15:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2012-01-19 08:40 . 2009-11-08 15:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-01-19 08:30 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2012-01-19 08:30 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2012-01-19 08:30 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2012-01-19 08:30 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2012-01-19 08:29 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2012-01-19 08:29 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2012-01-19 08:29 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2012-01-19 08:29 . 2009-08-07 00:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2012-01-19 08:29 . 2009-08-06 23:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-01-19 08:27 . 2012-01-19 17:56 -------- d-----w- c:\windows\Debug
2012-01-19 08:01 . 2012-01-19 08:01 -------- d-----w- c:\users\Default\video
2012-01-19 08:01 . 2012-01-19 08:01 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-01-19 07:37 . 2012-01-19 17:56 -------- d-----w- c:\users\Ben
2012-01-19 07:37 . 2012-01-19 07:37 -------- d-----w- c:\users\Mcx1
2012-01-19 07:35 . 2012-01-19 07:35 -------- d-----w- c:\program files\IDT
2012-01-19 07:35 . 2008-06-26 11:09 45568 ----a-w- c:\windows\system32\ctppld.dll
2012-01-19 07:35 . 2008-06-26 11:09 492544 ----a-w- c:\windows\system32\ctapo32.dll
2012-01-19 07:35 . 2008-06-26 11:09 372736 ----a-w- c:\windows\system32\aestecap.dll
2012-01-19 07:35 . 2008-06-26 11:09 53248 ----a-w- c:\windows\system32\aestaren.dll
2012-01-19 07:35 . 2008-06-26 11:09 133632 ----a-w- c:\windows\system32\aestacap.dll
2012-01-19 07:35 . 2008-06-26 11:10 2473984 ----a-w- c:\windows\system32\stlang.dll
2012-01-19 07:35 . 2008-06-26 11:09 516096 ----a-w- c:\windows\system32\idtmini1.exe
2012-01-19 07:35 . 2008-06-26 11:09 5615715 ----a-w- c:\windows\system32\idtcpl.cpl
2012-01-19 07:35 . 2008-06-26 11:09 73728 ----a-w- c:\windows\system32\AESTCom.dll
2012-01-19 07:35 . 2012-01-19 07:35 -------- d-----w- c:\program files\DellTPad
2012-01-19 05:27 . 2012-01-19 07:46 -------- d-----w- c:\programdata\WeCareReminder
2012-01-19 05:27 . 2012-01-19 07:44 -------- d-----w- c:\program files\Magical Jelly Bean
2012-01-18 17:21 . 2012-01-18 17:22 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-01-18 04:52 . 2012-01-19 07:48 -------- d-----w- c:\windows\system32\EventProviders
2012-01-18 02:00 . 2012-01-19 07:39 -------- d-----w- c:\program files\7-Zip
2012-01-17 22:26 . 2012-01-19 07:40 -------- d-----w- c:\program files\Auslogics
2012-01-17 22:22 . 2012-01-19 07:40 -------- d-----w- c:\program files\CCleaner
2012-01-17 22:03 . 2012-01-17 22:20 23624 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-01-17 22:03 . 2012-01-19 07:45 -------- d-----w- c:\programdata\HitmanPro
2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-14 13:27 . 2011-12-14 13:27 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-05 00:15 . 2011-12-05 00:15 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-11 133656]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-06-30 196608]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-08-05 3563520]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-26 442467]
.
c:\users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-09-25 16:24 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nikon Monitor.lnk]
backup=c:\windows\pss\Nikon Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Nikon Monitor.lnk
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell DataSafe Online]
2009-11-13 21:15 1807600 ----a-w- c:\program files\Dell DataSafe Online\DataSafeOnline.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central]
2008-06-03 20:54 446635 ----a-w- c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 15:13 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DpAgent]
2008-06-09 17:47 814144 ----a-w- c:\program files\DigitalPersona\Bin\DpAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2008-03-11 17:44 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2008-02-29 04:18 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-07-23 02:37 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2008-01-14 15:13 132392 ----a-w- c:\program files\Dell\MediaDirect\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 05:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SightSpeed]
2008-06-13 02:56 4758904 ----a-w- c:\program files\Dell Video Chat\DellVideoChat.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-09-25 16:15 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
2008-06-26 11:10 442467 ----a-w- c:\program files\IDT\WDM\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 06:00 90112 ----a-w- c:\windows\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\aestsrv.exe [2008-06-26 73728]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - KL1
*Deregistered* - kl2
*Deregistered* - KLIF
*Deregistered* - SCDEmu
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-25 21:11]
.
2012-01-20 c:\windows\Tasks\User_Feed_Synchronization-{22D4D774-F2D4-4B8B-ACB2-624E13C9F8D8}.job
- c:\windows\system32\msfeedssync.exe [2012-01-19 04:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://espn.go.com/boston/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-Finally Fast - c:\program files\Ascentive\Finally Fast\FinallyFast.exe
MSConfigStartUp-PWRISOVM - c:\program files\PowerISO\PWRISOVM.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-19 23:17
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(716)
c:\windows\system32\DPPWDFLT.dll
.
Completion time: 2012-01-19 23:20:41
ComboFix-quarantined-files.txt 2012-01-20 04:20
.
Pre-Run: 85,826,928,640 bytes free
Post-Run: 85,654,147,072 bytes free
.
- - End Of File - - 0B9898E3E6C765D45FF8733900A04CB5

[Maniac]

Please locate to:
C:\Qoobox\Add-Remove Programs.txt

Post its content in your next reply.

[OdiousMortem]

Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.2)
Advanced Audio FX Engine
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 4
ASPCA Reminder by We-Care.com v5.0.5.1
Auslogics Disk Defrag
AuthenTec Fingerprint System
BlackBerry Device Software Updater
Bonjour
Browser Address Error Redirector
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Creative MediaSource 5
Dell DataSafe Online
Dell Dock
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Touchpad
Dell Video Chat (remove only)
Dell Webcam Central
Dell Wireless WLAN Card Utility
DigitalPersona Personal 3.1.0
EarthLink Setup Files
EDocs
FileHippo.com Update Checker
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GoToAssist 8.0.0.514
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Integrated Webcam Driver (1.06.03.0309)
Intel® Matrix Storage Manager
ITECIR Driver
iTunes
Java Auto Updater
Java™ 6 Update 30
Java™ 6 Update 5
Java™ 7 Update 2
LG USB Modem driver
Live! Cam Avatar Creator
Magical Jelly Bean KeyFinder
MediaDirect
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Move Media Player
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nikon Message Center
Nikon Transfer
QuickSet
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Scrabble (remove only)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Sound Blaster Audigy ADVANCED MB
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VoiceOver Kit
Windows Live Mail
Windows Live Photo Gallery
Windows Live Writer

[Maniac]

Detected a change in your system. Apparently you have changed your antivirus program. Please do not do such, especially in this case, radical change, because this can further complicate my job and need more time and energy on your part. Thanks for understanding!

In this case, our work is complicated because there are remained visible remnants of Kaspersky. We need to take for that before procceding further. Please follow these instructions for the Kaspersky Removal Tool:
http://support.kaspe.../?qid=208279463

In your next reply, please include:

• KavRemover log
  
• a new fresh OTL log file

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!