Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Key logger's are a pain.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Key logger's are a pain.

Unread postby qqonlife » January 19th, 2012, 1:45 pm

I was hacked for all my personal accounts (facebook, hotmail ,gmail, multiple game accounts that thankfully I didn't play anymore. So first assumption is that I've been key logged. I tried to resolve the problem myself but I have no way to know if I succeeded. So I thought it would be a good idea to check if my system is clean before I start the tedious rebuilding of all my accounts.

Here is my DDS logs
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6001.18000
Run by Logan King at 12:26:59 on 2012-01-19
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.2558.1126 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Logan King\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Logan King\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Logan King\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Logan King\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Logan King\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\Taskmgr.exe
C:\Users\Logan King\Desktop\New Folder\HijackThis.exe
C:\Users\Logan King\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Logan King\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [Google Update] "c:\users\logan king\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [Linksys Wireless Manager] "c:\program files\linksys\linksys wireless manager\LinksysWirelessManager.exe" /cm /min /lcid 1033
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
TCP: DhcpNameServer = 64.71.255.198
TCP: Interfaces\{4F9BBF7A-BAFE-4D9B-AEDC-D6DB3D6666AA} : DhcpNameServer = 64.71.255.198
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-19 652872]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2012-1-18 2214504]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-1-19 1153368]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-19 20464]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-1-19 40776]
R3 netr28u;Linksys USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2012-1-18 724992]
S4 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2008-4-10 143256]
.
=============== Created Last 30 ================
.
2012-01-19 16:19:33 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-01-19 15:31:32 -------- d-----w- c:\users\logan king\appdata\roaming\SUPERAntiSpyware.com
2012-01-19 09:31:05 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9edad56e-4aa5-45ea-aaf3-c8e74855a1d6}\offreg.dll
2012-01-19 09:22:32 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-01-19 09:22:32 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-19 09:22:00 -------- d-----w- c:\programdata\SUPERSetup
2012-01-19 09:20:11 -------- d-----w- c:\program files\Lavasoft
2012-01-19 08:33:30 80896 ----a-w- c:\windows\system32\MSNP.ax
2012-01-19 08:33:30 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2012-01-19 08:33:27 293376 ----a-w- c:\windows\system32\psisdecd.dll
2012-01-19 08:33:27 217088 ----a-w- c:\windows\system32\psisrndr.ax
2012-01-19 08:26:52 454656 ----a-w- c:\program files\common files\system\msadc\msadce.dll
2012-01-19 08:14:02 97800 ----a-w- c:\windows\system32\infocardapi.dll
2012-01-19 08:14:01 622080 ----a-w- c:\windows\system32\icardagt.exe
2012-01-19 08:14:01 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-01-19 08:14:01 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2012-01-19 08:14:01 11264 ----a-w- c:\windows\system32\icardres.dll
2012-01-19 08:14:01 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2012-01-19 08:14:00 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2012-01-19 08:13:58 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2012-01-19 08:07:33 96760 ----a-w- c:\windows\system32\dfshim.dll
2012-01-19 08:07:29 41984 ----a-w- c:\windows\system32\netfxperf.dll
2012-01-19 08:07:29 282112 ----a-w- c:\windows\system32\mscoree.dll
2012-01-19 08:07:22 158720 ----a-w- c:\windows\system32\mscorier.dll
2012-01-19 08:07:19 83968 ----a-w- c:\windows\system32\mscories.dll
2012-01-19 08:05:11 411136 ----a-w- c:\windows\system32\drivers\http.sys
2012-01-19 08:05:11 31232 ----a-w- c:\windows\system32\httpapi.dll
2012-01-19 08:05:11 24064 ----a-w- c:\windows\system32\nshhttp.dll
2012-01-19 08:02:12 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2012-01-19 08:02:04 40448 ----a-w- c:\windows\system32\winrs.exe
2012-01-19 08:02:04 20480 ----a-w- c:\windows\system32\winrshost.exe
2012-01-19 08:02:04 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2012-01-19 08:02:03 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
2012-01-19 08:02:03 10240 ----a-w- c:\windows\system32\winrssrv.dll
2012-01-19 08:02:02 81408 ----a-w- c:\windows\system32\wevtfwd.dll
2012-01-19 08:02:02 79872 ----a-w- c:\windows\system32\wecutil.exe
2012-01-19 08:02:02 56320 ----a-w- c:\windows\system32\wecapi.dll
2012-01-19 08:02:02 54272 ----a-w- c:\windows\system32\WsmRes.dll
2012-01-19 08:02:02 41472 ----a-w- c:\windows\system32\pwrshplugin.dll
2012-01-19 08:02:02 146944 ----a-w- c:\windows\system32\wecsvc.dll
2012-01-19 08:01:57 201184 ----a-w- c:\windows\system32\winrm.vbs
2012-01-19 08:01:54 252416 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2012-01-19 08:01:54 246272 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2012-01-19 08:01:54 241152 ----a-w- c:\windows\system32\winrscmd.dll
2012-01-19 08:01:54 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2012-01-19 08:01:54 145408 ----a-w- c:\windows\system32\WsmAuto.dll
2012-01-19 08:01:54 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
2012-01-19 07:29:30 -------- d-----w- c:\users\logan king\appdata\roaming\Malwarebytes
2012-01-19 07:29:26 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-19 07:29:26 -------- d-----w- c:\programdata\Malwarebytes
2012-01-19 07:29:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-19 07:03:10 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-01-19 07:03:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-01-19 06:34:37 388096 ----a-r- c:\users\logan king\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-01-19 06:34:37 -------- d-----w- c:\program files\Trend Micro
2012-01-19 05:45:52 -------- d-----w- c:\windows\Panther
2012-01-19 05:45:11 -------- d-----w- c:\windows\system32\OEM
2012-01-19 05:35:07 -------- d-----w- C:\Windows.old.000
2012-01-19 04:27:22 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2012-01-19 04:27:17 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2012-01-19 04:27:01 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll
2012-01-19 04:21:10 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2012-01-19 04:21:09 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2012-01-19 04:18:58 213504 ----a-w- c:\windows\system32\msv1_0.dll
2012-01-19 04:15:43 866816 ----a-w- c:\windows\system32\wmpmde.dll
2012-01-19 04:14:58 603648 ----a-w- c:\windows\system32\schedsvc.dll
2012-01-19 04:14:58 357376 ----a-w- c:\windows\system32\taskschd.dll
2012-01-19 04:14:57 345088 ----a-w- c:\windows\system32\wmicmiplugin.dll
2012-01-19 04:14:57 270336 ----a-w- c:\windows\system32\taskcomp.dll
2012-01-19 04:14:57 171520 ----a-w- c:\windows\system32\taskeng.exe
2012-01-19 04:14:52 81920 ----a-w- c:\windows\system32\consent.exe
2012-01-19 04:14:40 2048 ----a-w- c:\windows\system32\tzres.dll
2012-01-19 04:14:01 738816 ----a-w- c:\windows\system32\inetcomm.dll
2012-01-19 04:12:57 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2012-01-19 04:12:54 276992 ----a-w- c:\windows\system32\schannel.dll
2012-01-19 03:58:04 310784 ----a-w- c:\windows\system32\unregmp2.exe
2012-01-19 03:58:04 1418752 ----a-w- c:\program files\windows media player\setup_wm.exe
2012-01-19 03:58:03 7680 ----a-w- c:\windows\system32\spwmp.dll
2012-01-19 03:58:03 107520 ----a-w- c:\program files\windows media player\wmpshare.exe
2012-01-19 03:58:03 107520 ----a-w- c:\program files\windows media player\wmpconfig.exe
2012-01-19 03:58:02 4096 ----a-w- c:\windows\system32\msdxm.ocx
2012-01-19 03:58:02 4096 ----a-w- c:\windows\system32\dxmasf.dll
2012-01-19 03:47:13 2730536 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2012-01-19 03:47:05 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9edad56e-4aa5-45ea-aaf3-c8e74855a1d6}\mpengine.dll
2012-01-19 03:47:03 222080 ------w- c:\windows\system32\MpSigStub.exe
2012-01-19 03:38:48 66664 ----a-w- c:\windows\system32\nvshext.dll
2012-01-19 03:38:48 615528 ----a-w- c:\windows\system32\nvvsvc.exe
2012-01-19 03:38:48 3693672 ----a-w- c:\windows\system32\nvcpl.dll
2012-01-19 03:38:48 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
2012-01-19 03:38:48 2557544 ----a-w- c:\windows\system32\nvsvc.dll
2012-01-19 03:38:48 111208 ----a-w- c:\windows\system32\nvmctray.dll
2012-01-19 03:38:47 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2012-01-19 03:37:20 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-01-19 03:37:15 -------- d-----w- c:\program files\NVIDIA Corporation
2012-01-19 03:36:20 171520 ----a-w- c:\windows\system32\wintrust.dll
2012-01-19 03:36:17 98304 ----a-w- c:\windows\system32\cabview.dll
2012-01-19 03:30:54 -------- d-----w- c:\users\logan king\appdata\local\Google
2012-01-19 03:30:25 -------- d-----w- c:\users\logan king\appdata\local\Apps
2012-01-19 03:30:24 -------- d-----w- c:\users\logan king\appdata\local\Deployment
2012-01-19 03:29:09 2421760 ----a-w- c:\windows\system32\wucltux.dll
2012-01-19 03:28:53 87552 ----a-w- c:\windows\system32\wudriver.dll
2012-01-19 03:28:45 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-01-19 03:28:45 171608 ----a-w- c:\windows\system32\wuwebv.dll
2012-01-19 03:27:46 -------- d-----w- c:\program files\Linksys
2012-01-19 03:27:17 24880 ----a-w- c:\windows\system32\drivers\pnarp.sys
2012-01-19 03:27:09 26416 ----a-w- c:\windows\system32\drivers\purendis.sys
2012-01-19 03:27:04 -------- d-----w- c:\program files\common files\Pure Networks Shared
2012-01-19 03:26:41 -------- d-----w- c:\programdata\Pure Networks
2012-01-19 03:26:02 724992 ----a-w- c:\windows\system32\drivers\netr28u.sys
2012-01-19 03:25:13 -------- d-sh--w- c:\windows\Installer
.
==================== Find3M ====================
.
.
============= FINISH: 12:27:15.05 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 18/01/2012 10:05:05 PM
System Uptime: 19/01/2012 9:19:51 AM (3 hours ago)
.
Motherboard: alienware | | alienware
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/267mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 690 GiB total, 644.806 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: PowerPC Processor
Device ID: PCI\VEN_1957&DEV_0086&SUBSYS_02011A56&REV_30\4&276FBEC1&0&4878
Manufacturer:
Name: PowerPC Processor
PNP Device ID: PCI\VEN_1957&DEV_0086&SUBSYS_02011A56&REV_30\4&276FBEC1&0&4878
Service:
.
==== System Restore Points ===================
.
RP7: 18/01/2012 10:25:29 PM - Installed Adapter
RP8: 19/01/2012 3:00:19 AM - Windows Update
RP9: 19/01/2012 4:16:53 AM - Installed Ad-Aware
RP10: 19/01/2012 4:17:45 AM - Installed Ad-Aware
.
==== Installed Programs ======================
.
Google Chrome
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Linksys Wireless Manager
Malwarebytes Anti-Malware version 1.60.0.1800
Microsoft .NET Framework 3.5 SP1
NVIDIA Control Panel 275.33
NVIDIA Drivers
NVIDIA Graphics Driver 275.33
NVIDIA Install Application
NVIDIA Update 1.3.5
NVIDIA Update Components
Pure Networks Platform
Spybot - Search & Destroy
SUPERAntiSpyware
WinRAR 4.10 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
19/01/2012 1:41:14 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\Users\Logan King\AppData\Local\Microsoft\Windows\UsrClass.dat' was corrupted and it has been recovered. Some data might have been lost.
18/01/2012 10:42:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070103: nVidia - Display, Other hardware - NVIDIA Geforce 9800 GT.
18/01/2012 10:29:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-tw-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
18/01/2012 10:29:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-hk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
18/01/2012 10:29:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-cn-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
18/01/2012 10:29:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-uk-ua-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
18/01/2012 10:29:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-tr-tr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
18/01/2012 10:29:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-th-th-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
18/01/2012 10:29:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sv-se-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
18/01/2012 10:29:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sr-latn-cs-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
18/01/2012 10:29:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sl-si-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
18/01/2012 10:29:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sk-sk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
18/01/2012 10:29:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ru-ru-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
18/01/2012 10:29:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ro-ro-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
18/01/2012 10:29:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pt-pt-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
18/01/2012 10:29:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pt-br-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
18/01/2012 10:29:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ps-ps-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
18/01/2012 10:29:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pl-pl-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
18/01/2012 10:29:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-nl-nl-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
18/01/2012 10:29:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-Neutral from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state
18/01/2012 10:29:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-nb-no-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
18/01/2012 10:29:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-lv-lv-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
18/01/2012 10:29:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-lt-lt-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
18/01/2012 10:29:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ko-kr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
18/01/2012 10:29:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ja-jp-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
18/01/2012 10:29:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-it-it-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
18/01/2012 10:29:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-hu-hu-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
18/01/2012 10:29:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-hr-hr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
18/01/2012 10:29:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-he-il-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
18/01/2012 10:29:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-fr-fr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
18/01/2012 10:29:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-fi-fi-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
18/01/2012 10:29:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-et-ee-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
18/01/2012 10:29:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-es-es-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
18/01/2012 10:29:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-en-us-LP from package WUClient-SelfUpdate-Aux-Package-en-us-MiniLP(Feature Pack) into Staged(Staged) state
18/01/2012 10:29:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-en-us-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state
18/01/2012 10:29:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-el-gr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
18/01/2012 10:29:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-de-de-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
18/01/2012 10:29:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-da-dk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
18/01/2012 10:29:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-cs-cz-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
18/01/2012 10:29:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-bg-bg-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
18/01/2012 10:29:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ar-sa-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
18/01/2012 10:29:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update AuxResourcesLP from package WindowsUpdateClient-SelfUpdate-Aux-Package(Language Pack) into Staged(Staged) state
18/01/2012 10:29:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update AuxComp from package WindowsUpdateClient-SelfUpdate-Aux-Package(Update) into Staged(Staged) state
18/01/2012 10:29:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Aux from package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package_en-US(Language Pack) into Staged(Staged) state
18/01/2012 10:29:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Aux from package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package(Update) into Staged(Staged) state
18/01/2012 10:29:58 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WUClient-SelfUpdate-Aux-Package-en-us-MiniLP (Feature Pack) into Install Requested(Install Requested) state
18/01/2012 10:29:58 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-Package (Update) into Install Requested(Install Requested) state
18/01/2012 10:29:58 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-Package (Language Pack) into Install Requested(Install Requested) state
18/01/2012 10:29:58 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package_en-US (Language Pack) into Install Requested(Install Requested) state
18/01/2012 10:29:58 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package (Update) into Install Requested(Install Requested) state
18/01/2012 10:29:58 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KBWUClient-SelfUpdate-Aux (Feature Pack) into Install Requested(Install Requested) state
.
==== End Of File ===========================|

Thanks in advance :albino:
qqonlife
Active Member
 
Posts: 9
Joined: January 19th, 2012, 1:33 pm
Advertisement
Register to Remove

Re: Key logger's are a pain.

Unread postby pgmigg » January 20th, 2012, 10:55 am

Hello qqonlife,

Welcome to the forum! :)

My name is pgmigg and I'll be helping you with any malware problems.

Currently I am working under the guidance of the MRU teachers and everything I post to you, must first be approved by them.
This additional review process can add some extra time to my responses, but I will post back with instructions for you as soon as possible.


Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your log and will return, as soon as possible, with additional instructions. In the meantime...
Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3177
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Key logger's are a pain.

Unread postby qqonlife » January 20th, 2012, 4:40 pm

Thanks, for the speedy reply nice to e-meet you! (: waiting upon further instruction wasn't sure if you wanted me to reply so I did to make sure I show I'm active but feel free to take your time.
qqonlife
Active Member
 
Posts: 9
Joined: January 19th, 2012, 1:33 pm

Re: Key logger's are a pain.

Unread postby pgmigg » January 22nd, 2012, 2:48 pm

Hello qqonlife,

Thank you for your patience... :)

Your logs proofed that your Windows Vista Home Premium was reinstalled at 18/01/2012 10:05:05 PM but you did not download and install recent Windows Update including important Service Pack 2. Please note, that Support for Windows Vista Service Pack 1 (SP1) ended on July 12, 2011.

WARNING!!!

You are running a version of Windows that is no longer supported and you need to be aware that once an operating system is no longer supported no further Microsoft Updates will be issued for that operating system. You should be forewarned that those unpatched operating systems have now become prime targets for malware infestations and will become infected unless you take steps to bring them up to date by installing the required Service Pack for your system.

Step 0.
No Anti-virus Software Installed!
Looking over your log... there is NO evidence of anti-virus software installed.. This puts you at serious risk.
Anti-virus software will help detect, cleanse, and erase harmful virus files on a computer, Web server, or network.
Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories.

To protect your computer from infection please download a (free for personal use) anti-virus program from one these reliable vendors.

  1. avast! Free Antivirus - Excellent detection, the freeware version includes email scanning.
  2. Microsoft Security Essentials ** - New, from Microsoft, with email scanning, easy to install, easy to use.
    ** Your PC must run genuine Windows to install Microsoft Security Essentials.

A good (pay for) Anti-virus program is ESET NOD32 Antivirus - 30 day free trial.

Installing a new AV product.
Do NOT uninstall any existing anti-virus product yet!
  1. Download the new Anti-virus product to your computer desktop.
  2. Save any work. Close all applications, especially your Internet connection.
  3. Uninstall any existing anti-virus product... Use the AV uninstall option if available.
  4. Reboot your computer, if not done during the uninstall.
  5. Install the new AV product, following installation instructions.
  6. Check for updates to the new AV product, if not done during install setup.
  7. Run a full scan of your computer.
It is strongly recommended that you run only one antivirus program at a time.
Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.


Step 1.
WVCheck
  1. Please download WVCheck.exe and save it to your Desktop.
  2. Right-click WVCheck.exe and select Run as administrator... to run the process.
  3. Read the comments on the screen, then press Enter.
    The scan can take a while depending on the size of your hard drive.
  4. Once the program is done, Notepad will open with the scan report. Save the report to your Desktop.
  5. Please copy and paste the contents of the Notepad file in your next reply.

Step 2.
MGA Diagnostics
I need you to run a tool which will aid in determining what additional steps we'll need to perform.
  • Please download this tool from Microsoft and save it to your Desktop.
  • Right click on MGADiag.exe and select Run As Administrator to run it.
  • Click "Run" again and then click "Continue".
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in. Save this file and post it in your next reply.

Step 3.
Run CKScanner
  1. Please download CKScanner from Here
  2. Important: - Save it to your Desktop.
  3. Right-click CKScanner.exe and select Run as administrator..., then click Search For Files.
  4. After a very short time, when the cursor hourglass disappears, click Save List To File.
  5. A message box will verify the file saved.
  6. Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of scan report created after WVCheck run
  3. Contents of scan report created after MGADiag run
  4. Contents of CKFiles.txt log file

Thanks,
pgmigg
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3177
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Key logger's are a pain.

Unread postby qqonlife » January 22nd, 2012, 10:21 pm

Hi again pgmigg, I think I understood everything clearly the only thing is with the service pack stuff are you going to guide me through that or am I going to have to figure it out alone. Here is the stuff you wanted in reply.

Windows Validation Check
Version: 1.9.12.5
Log Created On: 1844_22-01-2012
-----------------------

Windows Information
-----------------------
Windows Version: Windows Vista Service Pack 1
Windows Mode: Normal
Systemroot Path: C:\Windows

WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates and install them automatically.
-----------------------
Last Success Time for Update Detection: 2012-01-22 16:29:30
Last Success Time for Update Download: 2012-01-22 16:29:51
Last Success Time for Update Installation: 2012-01-22 08:04:53


WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------


WVCheck's File Dump
-----------------------
C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-security-licensing-wga_31bf3856ad364e35_6.0.6002.18005_none_5032e2f3f6cc83e3\slwga.dll
Size: 12288 bytes
Creation; 21/1/2012 13:43:31
Modification; 11/4/2009 2:28:24
MD5; da887f28054d78ee8637bebb924a2db5
Matched: slwga.dll
-----------------------
C:\Windows\System32\slwga.dll
Size: 12288 bytes
Creation; 20/1/2008 21:25:0
Modification; 20/1/2008 21:25:0
MD5; 7269a928bc18dafbddcffb96b6e987f1
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-licensing-wga_31bf3856ad364e35_6.0.6001.18000_none_4e4769e7f9aab897\slwga.dll
Size: 12288 bytes
Creation; 20/1/2008 21:25:0
Modification; 20/1/2008 21:25:0
MD5; 7269a928bc18dafbddcffb96b6e987f1
Matched: slwga.dll
-----------------------


WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.


WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.


WVCheck's MBAM Quarantine Check
-----------------------
There were no bad files quarantined by MBAM.


WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.


WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - b974d9f06dc7d1908e825dc201681269


-------- End of File, program close at 1847_22-01-2012 --------

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-VYG3W-YG4FK-2CXRF
Windows Product Key Hash: +l2pniy0UJ1X2DsDVaxQKWHW+Ow=
Windows Product ID: 89578-OEM-7332157-00026
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.0.6001.2.00010300.1.0.003
ID: {08F60C13-9B27-457F-A40F-637324AF7881}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista (TM) Home Premium
Architecture: 0x00000000
Build lab: 6001.vistasp1_gdr.101014-0432
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\Users\Logan King\AppData\Local\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{08F60C13-9B27-457F-A40F-637324AF7881}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6001.2.00010300.1.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-2CXRF</PKey><PID>89578-OEM-7332157-00026</PID><PIDType>2</PIDType><SID>S-1-5-21-3887121484-1993484394-3484393957</SID><SYSTEM><Manufacturer>alienware</Manufacturer><Model>alienware</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version>6.00 PG</Version><SMBIOSVersion major="2" minor="4"/><Date>20080122000000.000000+000</Date></BIOS><HWID>C9313507018400FA</HWID><UserLCID>1009</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ALWARE</OEMID><OEMTableID>ALIENWRE</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.0.6001.18000
Name: Windows(TM) Vista, HomePremium edition
Description: Windows Operating System - Vista, OEM_SLP channel
Activation ID: bffdc375-bbd5-499d-8ef1-4f37b61c895f
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 89578-00146-321-500026-02-4105-6001.0000-0182012
Installation ID: 021924423303244161786231326262349572861642048072621303
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474
Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475
Partial Product Key: 2CXRF
License Status: Licensed

Windows Activation Technologies-->
N/A

HWID Data-->
HWID Hash Current: NgAAAAEAAwABAAEAAQABAAAABAABAAEAeqjU18CETB+OZpIAqtMa9vL0CtaMOvYZrFbvbswx

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC ALWARE ALIENWRE
FACP ALWARE ALIENWRE
HPET ALWARE ALIENWRE
MCFG ALWARE ALIENWRE
WDRT ALWARE ALIENWRE
SLIC ALWARE ALIENWRE

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11.BNEMBF
----- EOF -----
qqonlife
Active Member
 
Posts: 9
Joined: January 19th, 2012, 1:33 pm

Re: Key logger's are a pain.

Unread postby qqonlife » January 22nd, 2012, 10:21 pm

Oh my ended up being a triple post so sorry about that :P I got impatient with it submitting.
Last edited by qqonlife on January 22nd, 2012, 10:24 pm, edited 1 time in total.
qqonlife
Active Member
 
Posts: 9
Joined: January 19th, 2012, 1:33 pm

Re: Key logger's are a pain.

Unread postby qqonlife » January 22nd, 2012, 10:21 pm

Double post sorry.
qqonlife
Active Member
 
Posts: 9
Joined: January 19th, 2012, 1:33 pm

Re: Key logger's are a pain.

Unread postby pgmigg » January 23rd, 2012, 2:18 pm

Hello qqonlife,
I think I understood everything clearly the only thing is with the service pack stuff are you going to guide me through that or am I going to have to figure it out alone.
I will explain you how to install SP2 later when I will be sure that computer is clean.

Now I would like to ask you to install one of suggested AntiVirus programs.

After that please run a few additional scans:

Step 1.
TDSSKiller - Rootkit Removal Tool - Scan only
Please download the TDSSKiller.exe by Kaspersky and save it to your Desktop. <-Important!!!
  1. Right-click on TDSSKiller.exe and select "Run As Administrator..." to run the tool for known TDSS/TDL variants.
    If TDSSKiller does not run, please rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. pgmigg.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Please select Skip instead of Cure (default).
  5. Then click Continue, then Close and then Close again.
  6. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory (usually Local Disk C:).
  7. Copy and paste the contents of that file in your next reply.

Step 2.
OTL - Download
Please download OTL.exe by Old Timer and save it to your Desktop.

OTL Scan
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Click the Scan All Users checkbox.
    Leave the remaining selections to the default settings.
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt log file
  3. Contents of OTL.txt log file
  4. Contents of Extras.txt log file

Thanks,
pgmigg
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3177
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Key logger's are a pain.

Unread postby qqonlife » January 24th, 2012, 1:41 pm

Sorry for the not so speedy reply there must be something still on my machine as , my accounts were changed again including these ones. Got them back so I could keep going with this process though.

the first thing came up clean, No threats found.


here are the logs for the OTL

OTL logfile created on: 24/01/2012 12:25:18 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Logan King\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.50 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 67.68% Memory free
5.21 Gb Paging File | 3.95 Gb Available in Paging File | 75.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 690.25 Gb Total Space | 563.55 Gb Free Space | 81.65% Space Free | Partition Type: NTFS
Drive D: | 91.69 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: LOGANKING-PC | User Name: Logan King | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/24 12:19:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Logan King\Desktop\OTL.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/11/28 13:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/05/21 06:01:00 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011/05/21 06:01:00 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2009/05/11 18:46:04 | 001,348,144 | R--- | M] (Linksys, LLC) -- C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/20 21:24:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008/01/20 21:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/09 19:44:20 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2011/09/06 22:46:26 | 000,761,279 | ---- | M] () -- C:\Program Files\ReaConverter 6.5 Standard\context.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/28 12:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 12:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 12:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 12:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/21 06:01:00 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/05/11 08:52:18 | 000,724,992 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2008/12/12 18:05:18 | 000,026,416 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\purendis.sys -- (purendis)
DRV - [2008/12/12 18:05:18 | 000,024,880 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/01/25 19:02:04 | 000,140,832 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2008/01/25 19:02:04 | 000,132,128 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007/11/17 19:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/06/15 10:52:18 | 000,143,256 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mv61xx.sys -- (mv61xx)
DRV - [2007/04/11 23:18:34 | 000,048,000 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
DRV - [2006/12/28 18:51:56 | 000,110,592 | ---- | M] (ATI Technologies Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2006/02/07 18:52:58 | 000,006,912 | ---- | M] (JMicron ) [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\jgogo.sys -- (JGOGO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Logan King\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Logan King\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Logan King\AppData\Local\Google\Chrome\Application\17.0.963.38\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Logan King\AppData\Local\Google\Chrome\Application\17.0.963.38\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Logan King\AppData\Local\Google\Chrome\Application\17.0.963.38\gcswf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\PFiles\Plugins\np-mswmp.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Logan King\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Logan King\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Users\Logan King\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Gmail = C:\Users\Logan King\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Linksys Wireless Manager] C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe (Linksys, LLC)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F9BBF7A-BAFE-4D9B-AEDC-D6DB3D6666AA}: DhcpNameServer = 64.71.255.198
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/04/25 09:42:48 | 000,000,045 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{cab5d9fe-4247-11e1-a685-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{cab5d9fe-4247-11e1-a685-806e6f6e6963}\Shell\AutoRun\command - "" = D:\start.exe -- [2009/05/14 05:09:58 | 000,020,096 | R--- | M] (Cisco Systems, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/24 12:19:20 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Logan King\Desktop\OTL.exe
[2012/01/23 21:25:51 | 000,000,000 | ---D | C] -- C:\Users\Logan King\Desktop\New Folder (2)
[2012/01/23 16:33:11 | 000,000,000 | ---D | C] -- C:\Users\Logan King\AppData\Roaming\Skype
[2012/01/23 16:32:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/01/23 16:32:31 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/01/23 16:32:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/01/23 15:58:13 | 002,054,448 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Logan King\Desktop\tdsskiller.exe
[2012/01/22 18:56:33 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2012/01/22 18:48:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2012/01/22 18:47:30 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Users\Logan King\Desktop\MGADiag.exe
[2012/01/22 17:28:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/01/22 17:28:53 | 000,314,456 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/01/22 17:28:53 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/01/22 17:28:48 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/01/22 17:28:47 | 000,435,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/01/22 17:28:47 | 000,052,952 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/01/22 17:28:45 | 000,055,128 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/01/22 17:27:19 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/01/22 17:27:19 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/01/22 17:27:07 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/01/22 17:27:07 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/01/22 03:01:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/01/20 15:23:46 | 000,000,000 | ---D | C] -- C:\ProgramData\ReaConverter
[2012/01/20 15:23:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReaConverter 6.5 Standard
[2012/01/20 15:23:20 | 000,000,000 | ---D | C] -- C:\Users\Logan King\AppData\Roaming\RCP 6
[2012/01/20 15:23:16 | 000,000,000 | ---D | C] -- C:\Program Files\ReaConverter 6.5 Standard
[2012/01/20 08:11:40 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/01/20 03:01:35 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2012/01/20 03:01:35 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2012/01/20 03:01:35 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2012/01/20 03:01:23 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2012/01/19 18:57:30 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2012/01/19 12:14:23 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Logan King\Desktop\dds.scr
[2012/01/19 10:31:32 | 000,000,000 | ---D | C] -- C:\Users\Logan King\AppData\Roaming\SUPERAntiSpyware.com
[2012/01/19 04:36:55 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2012/01/19 04:36:54 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2012/01/19 04:22:54 | 000,000,000 | ---D | C] -- C:\Users\Logan King\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/01/19 04:22:32 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/01/19 04:22:32 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/01/19 04:22:00 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup
[2012/01/19 04:20:11 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/01/19 04:20:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/01/19 04:20:11 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2012/01/19 03:49:38 | 000,000,000 | ---D | C] -- C:\Users\Logan King\Desktop\New Folder
[2012/01/19 03:37:45 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2012/01/19 03:37:44 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2012/01/19 03:37:44 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2012/01/19 03:37:43 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2012/01/19 03:37:43 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2012/01/19 03:37:43 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2012/01/19 03:37:43 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2012/01/19 03:37:43 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2012/01/19 03:37:43 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2012/01/19 03:37:43 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2012/01/19 03:37:43 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2012/01/19 03:37:43 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2012/01/19 03:37:43 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2012/01/19 03:37:43 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2012/01/19 03:37:43 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2012/01/19 03:37:43 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2012/01/19 03:37:43 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2012/01/19 03:37:43 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2012/01/19 03:37:42 | 001,582,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2012/01/19 03:37:42 | 001,418,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2012/01/19 03:37:42 | 000,670,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2012/01/19 03:37:42 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2012/01/19 03:37:42 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2012/01/19 03:33:30 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2012/01/19 03:33:30 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2012/01/19 03:33:27 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2012/01/19 03:33:27 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2012/01/19 03:14:02 | 000,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2012/01/19 03:14:01 | 000,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2012/01/19 03:14:01 | 000,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2012/01/19 03:14:01 | 000,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2012/01/19 03:14:01 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2012/01/19 03:14:00 | 000,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2012/01/19 03:07:22 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2012/01/19 03:07:19 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2012/01/19 03:05:11 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2012/01/19 03:03:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2012/01/19 03:02:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2012/01/19 03:02:04 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2012/01/19 03:02:04 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2012/01/19 03:02:04 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2012/01/19 03:02:03 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2012/01/19 03:02:03 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2012/01/19 03:02:02 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2012/01/19 03:02:02 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2012/01/19 03:02:02 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2012/01/19 03:02:02 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2012/01/19 03:02:02 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2012/01/19 03:01:54 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2012/01/19 03:01:54 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2012/01/19 03:01:54 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2012/01/19 03:01:54 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2012/01/19 03:01:54 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2012/01/19 02:29:30 | 000,000,000 | ---D | C] -- C:\Users\Logan King\AppData\Roaming\Malwarebytes
[2012/01/19 02:29:26 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/01/19 02:29:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/19 02:29:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/19 02:29:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/19 02:03:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/01/19 02:03:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/01/19 02:03:10 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/01/19 01:34:37 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/01/19 01:34:37 | 000,000,000 | ---D | C] -- C:\Users\Logan King\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/01/19 00:45:52 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/01/19 00:45:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\OEM
[2012/01/19 00:35:07 | 000,000,000 | ---D | C] -- C:\Windows.old.000
[2012/01/18 23:27:22 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2012/01/18 23:27:17 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2012/01/18 23:27:01 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2012/01/18 23:21:09 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2012/01/18 23:20:35 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012/01/18 23:20:35 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2012/01/18 23:20:35 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012/01/18 23:20:35 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2012/01/18 23:20:20 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2012/01/18 23:20:14 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2012/01/18 23:20:13 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2012/01/18 23:20:13 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2012/01/18 23:20:13 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2012/01/18 23:20:13 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2012/01/18 23:20:13 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2012/01/18 23:20:13 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2012/01/18 23:19:36 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/01/18 23:19:34 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2012/01/18 23:19:34 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/01/18 23:19:34 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/01/18 23:19:34 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/01/18 23:19:34 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/01/18 23:19:33 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/01/18 23:19:33 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/01/18 23:19:33 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/01/18 23:19:33 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2012/01/18 23:19:33 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/01/18 23:19:33 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/01/18 23:19:14 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2012/01/18 23:19:14 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2012/01/18 23:19:14 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2012/01/18 23:19:01 | 003,600,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/01/18 23:19:01 | 003,548,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/01/18 23:18:55 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2012/01/18 23:18:55 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2012/01/18 23:18:51 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2012/01/18 23:18:47 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll
[2012/01/18 23:18:44 | 002,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2012/01/18 23:18:44 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2012/01/18 23:18:36 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2012/01/18 23:18:32 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2012/01/18 23:18:17 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2012/01/18 23:18:17 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2012/01/18 23:18:11 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2012/01/18 23:18:07 | 002,042,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/01/18 23:17:35 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2012/01/18 23:17:32 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2012/01/18 23:17:15 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2012/01/18 23:17:08 | 001,695,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2012/01/18 23:17:00 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2012/01/18 23:16:26 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2012/01/18 23:16:26 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2012/01/18 23:16:22 | 002,927,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2012/01/18 23:16:07 | 000,988,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2012/01/18 23:16:07 | 000,615,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2012/01/18 23:16:07 | 000,019,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2012/01/18 23:16:06 | 000,927,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2012/01/18 23:16:06 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2012/01/18 23:16:06 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setbcdlocale.dll
[2012/01/18 23:16:05 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2012/01/18 23:16:05 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe
[2012/01/18 23:16:05 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll
[2012/01/18 23:15:43 | 000,866,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2012/01/18 23:15:40 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2012/01/18 23:15:31 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2012/01/18 23:15:31 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2012/01/18 23:15:31 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2012/01/18 23:15:31 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2012/01/18 23:15:31 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2012/01/18 23:15:31 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2012/01/18 23:15:31 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2012/01/18 23:15:26 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/01/18 23:15:24 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2012/01/18 23:15:24 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2012/01/18 23:15:24 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2012/01/18 23:15:24 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2012/01/18 23:15:21 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2012/01/18 23:15:17 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/01/18 23:15:17 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2012/01/18 23:14:58 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2012/01/18 23:14:57 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2012/01/18 23:14:57 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2012/01/18 23:14:52 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2012/01/18 23:14:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/01/18 23:13:57 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2012/01/18 23:13:56 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2012/01/18 23:13:49 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2012/01/18 23:13:49 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2012/01/18 23:13:47 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2012/01/18 23:13:44 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2012/01/18 23:13:44 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2012/01/18 23:13:41 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2012/01/18 23:13:41 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2012/01/18 23:13:34 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2012/01/18 23:13:34 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2012/01/18 23:13:27 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2012/01/18 23:13:27 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2012/01/18 23:13:25 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2012/01/18 23:13:25 | 000,511,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2012/01/18 23:13:25 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2012/01/18 23:13:25 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2012/01/18 23:13:25 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2012/01/18 23:13:25 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2012/01/18 23:13:24 | 000,329,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2012/01/18 23:13:24 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2012/01/18 23:13:24 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2012/01/18 23:13:21 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2012/01/18 23:13:11 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2012/01/18 23:13:01 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2012/01/18 23:13:01 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2012/01/18 23:12:57 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2012/01/18 22:58:54 | 000,000,000 | ---D | C] -- C:\Users\Logan King\AppData\Roaming\WinRAR
[2012/01/18 22:58:54 | 000,000,000 | ---D | C] -- C:\Users\Logan King\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/01/18 22:58:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/01/18 22:58:49 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012/01/18 22:58:04 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2012/01/18 22:58:03 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2012/01/18 22:58:02 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2012/01/18 22:58:02 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2012/01/18 22:47:03 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012/01/18 22:43:23 | 000,000,000 | ---D | C] -- C:\Users\Logan King\AppData\Roaming\Macromedia
[2012/01/18 22:43:22 | 000,000,000 | ---D | C] -- C:\Users\Logan King\AppData\Roaming\Adobe
[2012/01/18 22:40:10 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012/01/18 22:38:48 | 003,693,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll
[2012/01/18 22:38:48 | 002,560,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll
[2012/01/18 22:38:48 | 002,557,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll
[2012/01/18 22:38:48 | 000,111,208 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll
[2012/01/18 22:38:48 | 000,066,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll
[2012/01/18 22:38:47 | 000,543,336 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\easyupdatusapiu.dll
[2012/01/18 22:37:20 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/01/18 22:37:15 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012/01/18 22:31:28 | 000,000,000 | ---D | C] -- C:\Users\Logan King\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/01/18 22:30:54 | 000,000,000 | ---D | C] -- C:\Users\Logan King\AppData\Local\Google
[2012/01/18 22:30:25 | 000,000,000 | ---D | C] -- C:\Users\Logan King\AppData\Local\Apps
[2012/01/18 22:30:24 | 000,000,000 | ---D | C] -- C:\Users\Logan King\AppData\Local\Deployment
[2012/01/18 22:29:10 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/01/18 22:29:09 | 002,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/01/18 22:28:53 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/01/18 22:28:53 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/01/18 22:28:53 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/01/18 22:28:45 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/01/18 22:28:45 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/01/18 22:27:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Linksys Wireless Manager
[2012/01/18 22:27:46 | 000,000,000 | ---D | C] -- C:\Program Files\Linksys
[2012/01/18 22:27:17 | 000,024,880 | ---- | C] (Cisco Systems, Inc.) -- C:\Windows\System32\drivers\pnarp.sys
[2012/01/18 22:27:09 | 000,026,416 | ---- | C] (Cisco Systems, Inc.) -- C:\Windows\System32\drivers\purendis.sys
[2012/01/18 22:27:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2012/01/18 22:27:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Pure Networks Shared
[2012/01/18 22:26:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Pure Networks
[2012/01/18 22:26:02 | 000,724,992 | ---- | C] (Ralink Technology Corp.) -- C:\Windows\System32\drivers\netr28u.sys
[2012/01/18 22:25:13 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/01/18 22:19:18 | 000,000,000 | R--D | C] -- C:\Users\Logan King\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/01/18 22:19:18 | 000,000,000 | R--D | C] -- C:\Users\Logan King\Searches
[2012/01/18 22:19:18 | 000,000,000 | R--D | C] -- C:\Users\Logan King\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/01/18 22:19:09 | 000,000,000 | ---D | C] -- C:\Users\Logan King\AppData\Roaming\Identities
[2012/01/18 22:19:06 | 000,000,000 | R--D | C] -- C:\Users\Logan King\Contacts
[2012/01/18 22:19:05 | 000,000,000 | ---D | C] -- C:\Users\Logan King\AppData\Local\VirtualStore
[2012/01/18 22:19:00 | 000,000,000 | -HSD | C] -- C:\Users\Logan King\AppData\Local\Temporary Internet Files
[2012/01/18 22:19:00 | 000,000,000 | -HSD | C] -- C:\Users\Logan King\Templates
[2012/01/18 22:19:00 | 000,000,000 | -HSD | C] -- C:\Users\Logan King\Start Menu
[2012/01/18 22:19:00 | 000,000,000 | -HSD | C] -- C:\Users\Logan King\SendTo
[2012/01/18 22:19:00 | 000,000,000 | -HSD | C] -- C:\Users\Logan King\Recent
[2012/01/18 22:19:00 | 000,000,000 | -HSD | C] -- C:\Users\Logan King\PrintHood
[2012/01/18 22:19:00 | 000,000,000 | -HSD | C] -- C:\Users\Logan King\NetHood
[2012/01/18 22:19:00 | 000,000,000 | -HSD | C] -- C:\Users\Logan King\Documents\My Videos
[2012/01/18 22:19:00 | 000,000,000 | -HSD | C] -- C:\Users\Logan King\Documents\My Pictures
[2012/01/18 22:19:00 | 000,000,000 | -HSD | C] -- C:\Users\Logan King\Documents\My Music
[2012/01/18 22:19:00 | 000,000,000 | -HSD | C] -- C:\Users\Logan King\My Documents
[2012/01/18 22:19:00 | 000,000,000 | -HSD | C] -- C:\Users\Logan King\Local Settings
[2012/01/18 22:19:00 | 000,000,000 | -HSD | C] -- C:\Users\Logan King\AppData\Local\History
[2012/01/18 22:19:00 | 000,000,000 | -HSD | C] -- C:\Users\Logan King\Cookies
[2012/01/18 22:19:00 | 000,000,000 | -HSD | C] -- C:\Users\Logan King\Application Data
[2012/01/18 22:19:00 | 000,000,000 | -HSD | C] -- C:\Users\Logan King\AppData\Local\Application Data
[2012/01/18 22:19:00 | 000,000,000 | ---D | C] -- C:\Users\Logan King\AppData\Local\Temp
[2012/01/18 22:19:00 | 000,000,000 | ---D | C] -- C:\Users\Logan King\AppData\Local\Microsoft
[2012/01/18 22:19:00 | 000,000,000 | ---D | C] -- C:\Users\Logan King\AppData\Roaming\Media Center Programs
[2012/01/18 22:18:59 | 000,000,000 | --SD | C] -- C:\Users\Logan King\AppData\Roaming\Microsoft
[2012/01/18 22:18:59 | 000,000,000 | R--D | C] -- C:\Users\Logan King\Videos
[2012/01/18 22:18:59 | 000,000,000 | R--D | C] -- C:\Users\Logan King\Saved Games
[2012/01/18 22:18:59 | 000,000,000 | R--D | C] -- C:\Users\Logan King\Pictures
[2012/01/18 22:18:59 | 000,000,000 | R--D | C] -- C:\Users\Logan King\Music
[2012/01/18 22:18:59 | 000,000,000 | R--D | C] -- C:\Users\Logan King\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/01/18 22:18:59 | 000,000,000 | R--D | C] -- C:\Users\Logan King\Links
[2012/01/18 22:18:59 | 000,000,000 | R--D | C] -- C:\Users\Logan King\Favorites
[2012/01/18 22:18:59 | 000,000,000 | R--D | C] -- C:\Users\Logan King\Downloads
[2012/01/18 22:18:59 | 000,000,000 | R--D | C] -- C:\Users\Logan King\Documents
[2012/01/18 22:18:59 | 000,000,000 | R--D | C] -- C:\Users\Logan King\Desktop
[2012/01/18 22:18:59 | 000,000,000 | R--D | C] -- C:\Users\Logan King\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/01/18 22:18:59 | 000,000,000 | -H-D | C] -- C:\Users\Logan King\AppData
[2012/01/18 22:07:05 | 000,000,000 | ---D | C] -- C:\Windows\Debug
[2012/01/18 21:59:13 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/01/18 21:46:58 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch

========== Files - Modified Within 30 Days ==========

[2012/01/24 12:19:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Logan King\Desktop\OTL.exe
[2012/01/24 11:42:22 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/24 11:42:22 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/24 11:39:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/24 08:35:01 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3887121484-1993484394-3484393957-1000UA.job
[2012/01/24 08:15:54 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/24 08:15:54 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/23 22:35:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3887121484-1993484394-3484393957-1000Core.job
[2012/01/23 21:25:44 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2012/01/23 16:32:36 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/01/23 15:58:21 | 002,054,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Logan King\Desktop\tdsskiller.exe
[2012/01/22 20:02:54 | 000,458,240 | ---- | M] () -- C:\Users\Logan King\Desktop\CKScanner.exe
[2012/01/22 18:47:34 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Users\Logan King\Desktop\MGADiag.exe
[2012/01/22 18:44:09 | 003,514,358 | ---- | M] () -- C:\Users\Logan King\Desktop\WVCheck.exe
[2012/01/22 17:31:09 | 000,002,163 | ---- | M] () -- C:\Users\Logan King\Desktop\Google Chrome (Sneaky).lnk
[2012/01/22 17:31:09 | 000,002,155 | ---- | M] () -- C:\Users\Logan King\Desktop\Google Chrome (First user).lnk
[2012/01/22 17:28:54 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/01/22 17:28:45 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/01/20 15:32:34 | 001,149,128 | ---- | M] () -- C:\Users\Logan King\Desktop\DSC_0044.jpg
[2012/01/20 15:32:23 | 000,938,964 | ---- | M] () -- C:\Users\Logan King\Desktop\DSC_0045.jpg
[2012/01/20 15:32:14 | 000,221,095 | ---- | M] () -- C:\Users\Logan King\Desktop\DSC_0025.jpg
[2012/01/20 15:30:59 | 000,295,117 | ---- | M] () -- C:\Users\Logan King\Desktop\DSC_0022.jpg
[2012/01/20 15:29:47 | 000,226,498 | ---- | M] () -- C:\Users\Logan King\Desktop\DSC_0020.jpg
[2012/01/20 15:29:13 | 000,200,902 | ---- | M] () -- C:\Users\Logan King\Desktop\DSC_0010.jpg
[2012/01/20 15:28:47 | 000,246,814 | ---- | M] () -- C:\Users\Logan King\Desktop\DSC_0008.jpg
[2012/01/20 15:27:31 | 000,422,345 | ---- | M] () -- C:\Users\Logan King\Desktop\DSC_0021.jpg
[2012/01/20 15:25:58 | 000,997,983 | ---- | M] () -- C:\Users\Logan King\Desktop\DSC_0043.jpg
[2012/01/20 15:24:09 | 000,215,013 | ---- | M] () -- C:\Users\Logan King\Desktop\DSC_0024.jpg
[2012/01/20 15:23:21 | 000,000,861 | ---- | M] () -- C:\Users\Logan King\Desktop\ReaConverter 6.5 Standard.lnk
[2012/01/20 15:21:08 | 004,991,936 | ---- | M] () -- C:\Users\Logan King\Desktop\DSC_0024.NEF
[2012/01/20 15:21:04 | 021,929,101 | ---- | M] () -- C:\Users\Logan King\Desktop\arg.zip
[2012/01/20 15:20:56 | 005,024,171 | ---- | M] () -- C:\Users\Logan King\Desktop\DSC_0025.NEF
[2012/01/20 15:20:54 | 004,761,101 | ---- | M] () -- C:\Users\Logan King\Desktop\DSC_0043.NEF
[2012/01/20 15:20:54 | 004,693,067 | ---- | M] () -- C:\Users\Logan King\Desktop\DSC_0026.NEF
[2012/01/20 15:20:52 | 004,910,757 | ---- | M] () -- C:\Users\Logan King\Desktop\DSC_0045.NEF
[2012/01/20 15:20:52 | 004,751,288 | ---- | M] () -- C:\Users\Logan King\Desktop\DSC_0044.NEF
[2012/01/20 15:20:45 | 023,373,744 | ---- | M] () -- C:\Users\Logan King\Desktop\asdfghj.zip
[2012/01/20 15:20:36 | 005,202,695 | ---- | M] () -- C:\Users\Logan King\Desktop\DSC_0020.NEF
[2012/01/20 15:20:36 | 005,042,442 | ---- | M] () -- C:\Users\Logan King\Desktop\DSC_0008.NEF
[2012/01/20 15:20:34 | 005,177,245 | ---- | M] () -- C:\Users\Logan King\Desktop\DSC_0021.NEF
[2012/01/20 15:20:34 | 004,799,222 | ---- | M] () -- C:\Users\Logan King\Desktop\DSC_0022.NEF
[2012/01/20 15:20:32 | 004,879,928 | ---- | M] () -- C:\Users\Logan King\Desktop\DSC_0010.NEF
[2012/01/20 08:11:40 | 277,637,311 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/20 08:10:43 | 2682,822,656 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/20 03:22:59 | 000,228,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/01/19 12:14:25 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Logan King\Desktop\dds.scr
[2012/01/19 04:22:57 | 000,001,800 | ---- | M] () -- C:\Users\Logan King\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/01/19 02:29:27 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/19 02:03:14 | 000,001,055 | ---- | M] () -- C:\Users\Logan King\Desktop\Spybot - Search & Destroy.lnk
[2012/01/19 00:45:39 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2012/01/18 23:13:55 | 000,000,680 | ---- | M] () -- C:\Users\Logan King\AppData\Local\d3d9caps.dat
[2012/01/18 22:55:45 | 000,000,552 | ---- | M] () -- C:\Users\Logan King\AppData\Local\d3d8caps.dat
[2012/01/18 22:51:45 | 000,000,938 | ---- | M] () -- C:\Users\Logan King\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/01/18 22:51:02 | 000,003,584 | ---- | M] () -- C:\Users\Logan King\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/18 22:31:32 | 000,002,029 | ---- | M] () -- C:\Users\Logan King\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/18 22:28:50 | 000,000,943 | ---- | M] () -- C:\Users\Logan King\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/18 22:16:11 | 000,047,092 | ---- | M] () -- C:\Windows\System32\license.rtf
[2012/01/01 23:00:28 | 000,460,824 | ---- | M] () -- C:\img1-001.raw

========== Files Created - No Company Name ==========

[2012/01/23 21:25:44 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2012/01/23 16:32:36 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/01/22 20:02:52 | 000,458,240 | ---- | C] () -- C:\Users\Logan King\Desktop\CKScanner.exe
[2012/01/22 18:44:03 | 003,514,358 | ---- | C] () -- C:\Users\Logan King\Desktop\WVCheck.exe
[2012/01/22 17:31:09 | 000,002,163 | ---- | C] () -- C:\Users\Logan King\Desktop\Google Chrome (Sneaky).lnk
[2012/01/22 17:28:54 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/01/20 15:32:34 | 001,149,128 | ---- | C] () -- C:\Users\Logan King\Desktop\DSC_0044.jpg
[2012/01/20 15:32:23 | 000,938,964 | ---- | C] () -- C:\Users\Logan King\Desktop\DSC_0045.jpg
[2012/01/20 15:32:14 | 000,221,095 | ---- | C] () -- C:\Users\Logan King\Desktop\DSC_0025.jpg
[2012/01/20 15:30:59 | 000,295,117 | ---- | C] () -- C:\Users\Logan King\Desktop\DSC_0022.jpg
[2012/01/20 15:29:47 | 000,226,498 | ---- | C] () -- C:\Users\Logan King\Desktop\DSC_0020.jpg
[2012/01/20 15:29:13 | 000,200,902 | ---- | C] () -- C:\Users\Logan King\Desktop\DSC_0010.jpg
[2012/01/20 15:28:47 | 000,246,814 | ---- | C] () -- C:\Users\Logan King\Desktop\DSC_0008.jpg
[2012/01/20 15:27:31 | 000,422,345 | ---- | C] () -- C:\Users\Logan King\Desktop\DSC_0021.jpg
[2012/01/20 15:25:58 | 000,997,983 | ---- | C] () -- C:\Users\Logan King\Desktop\DSC_0043.jpg
[2012/01/20 15:25:27 | 005,202,695 | ---- | C] () -- C:\Users\Logan King\Desktop\DSC_0020.NEF
[2012/01/20 15:25:27 | 005,177,245 | ---- | C] () -- C:\Users\Logan King\Desktop\DSC_0021.NEF
[2012/01/20 15:25:27 | 005,042,442 | ---- | C] () -- C:\Users\Logan King\Desktop\DSC_0008.NEF
[2012/01/20 15:25:27 | 004,879,928 | ---- | C] () -- C:\Users\Logan King\Desktop\DSC_0010.NEF
[2012/01/20 15:25:27 | 004,799,222 | ---- | C] () -- C:\Users\Logan King\Desktop\DSC_0022.NEF
[2012/01/20 15:25:23 | 005,024,171 | ---- | C] () -- C:\Users\Logan King\Desktop\DSC_0025.NEF
[2012/01/20 15:25:23 | 004,761,101 | ---- | C] () -- C:\Users\Logan King\Desktop\DSC_0043.NEF
[2012/01/20 15:25:23 | 004,693,067 | ---- | C] () -- C:\Users\Logan King\Desktop\DSC_0026.NEF
[2012/01/20 15:25:22 | 004,910,757 | ---- | C] () -- C:\Users\Logan King\Desktop\DSC_0045.NEF
[2012/01/20 15:25:22 | 004,751,288 | ---- | C] () -- C:\Users\Logan King\Desktop\DSC_0044.NEF
[2012/01/20 15:24:03 | 000,215,013 | ---- | C] () -- C:\Users\Logan King\Desktop\DSC_0024.jpg
[2012/01/20 15:23:21 | 000,000,861 | ---- | C] () -- C:\Users\Logan King\Desktop\ReaConverter 6.5 Standard.lnk
[2012/01/20 15:20:59 | 004,991,936 | ---- | C] () -- C:\Users\Logan King\Desktop\DSC_0024.NEF
[2012/01/20 15:20:53 | 021,929,101 | ---- | C] () -- C:\Users\Logan King\Desktop\arg.zip
[2012/01/20 15:20:34 | 023,373,744 | ---- | C] () -- C:\Users\Logan King\Desktop\asdfghj.zip
[2012/01/20 08:10:56 | 277,637,311 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/01/19 04:29:51 | 2682,822,656 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/19 04:22:57 | 000,001,800 | ---- | C] () -- C:\Users\Logan King\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/01/19 03:37:45 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012/01/19 03:37:45 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012/01/19 03:37:43 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2012/01/19 03:01:57 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2012/01/19 03:01:57 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2012/01/19 03:01:57 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2012/01/19 02:29:27 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/19 02:03:14 | 000,001,055 | ---- | C] () -- C:\Users\Logan King\Desktop\Spybot - Search & Destroy.lnk
[2012/01/18 23:19:16 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2012/01/18 22:55:45 | 000,000,552 | ---- | C] () -- C:\Users\Logan King\AppData\Local\d3d8caps.dat
[2012/01/18 22:51:45 | 000,000,938 | ---- | C] () -- C:\Users\Logan King\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/01/18 22:51:01 | 000,003,584 | ---- | C] () -- C:\Users\Logan King\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/18 22:31:32 | 000,002,155 | ---- | C] () -- C:\Users\Logan King\Desktop\Google Chrome (First user).lnk
[2012/01/18 22:31:32 | 000,002,029 | ---- | C] () -- C:\Users\Logan King\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/18 22:30:56 | 000,000,928 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3887121484-1993484394-3484393957-1000UA.job
[2012/01/18 22:30:54 | 000,000,876 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3887121484-1993484394-3484393957-1000Core.job
[2012/01/18 22:28:50 | 000,000,943 | ---- | C] () -- C:\Users\Logan King\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/18 22:19:19 | 000,000,949 | ---- | C] () -- C:\Users\Logan King\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/01/18 22:19:18 | 000,000,944 | ---- | C] () -- C:\Users\Logan King\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/01/18 22:19:06 | 000,000,915 | ---- | C] () -- C:\Users\Logan King\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2012/01/18 22:19:02 | 000,000,680 | ---- | C] () -- C:\Users\Logan King\AppData\Local\d3d9caps.dat
[2012/01/18 22:19:00 | 000,000,258 | ---- | C] () -- C:\Users\Logan King\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/01/18 22:19:00 | 000,000,240 | ---- | C] () -- C:\Users\Logan King\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,228,176 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,608,760 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,108,268 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

< End of report >

OTL Extras logfile created on: 24/01/2012 12:25:24 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Logan King\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.50 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 67.68% Memory free
5.21 Gb Paging File | 3.95 Gb Available in Paging File | 75.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 690.25 Gb Total Space | 563.55 Gb Free Space | 81.65% Space Free | Partition Type: NTFS
Drive D: | 91.69 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: LOGANKING-PC | User Name: Logan King | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{C327DD47-7749-42D6-83A5-D77A213F3CE7}" = dir=in | app=c:\program files\skype\phone\skype.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{54F6C98F-94A0-421C-B90E-0B6A2A96A9CF}" = Pure Networks Platform
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"avast" = avast! Free Antivirus
"Linksys Wireless Manager" = Linksys Wireless Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"ReaConverter 6.5 Standard_is1" = ReaConverter 6.5 Standard
"WinRAR archiver" = WinRAR 4.10 (32-bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 22/01/2012 1:19:15 AM | Computer Name = LoganKing-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 22/01/2012 1:19:16 AM | Computer Name = LoganKing-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 22/01/2012 4:00:30 AM | Computer Name = LoganKing-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 22/01/2012 4:00:30 AM | Computer Name = LoganKing-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 22/01/2012 6:27:01 PM | Computer Name = LoganKing-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 22/01/2012 6:27:02 PM | Computer Name = LoganKing-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 22/01/2012 6:32:27 PM | Computer Name = LoganKing-PC | Source = Application Error | ID = 1000
Description = Faulting application nmctxth.exe, version 11.0.8268.0, time stamp
0x48dac830, faulting module ntdll.dll, version 6.0.6001.18538, time stamp 0x4cb733dc,
exception code 0xc0000005, fault offset 0x00067f8c, process id 0xc8, application
start time 0x01ccd7776938f510.

Error - 22/01/2012 6:33:55 PM | Computer Name = LoganKing-PC | Source = Application Error | ID = 1000
Description = Faulting application nmctxth.exe, version 11.0.8268.0, time stamp
0x48dac830, faulting module ntdll.dll, version 6.0.6001.18538, time stamp 0x4cb733dc,
exception code 0xc0000005, fault offset 0x0006a5a2, process id 0xc8, application
start time 0x01ccd7776938f510.

Error - 23/01/2012 4:00:41 AM | Computer Name = LoganKing-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 23/01/2012 4:00:43 AM | Computer Name = LoganKing-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

[ System Events ]
Error - 19/01/2012 5:26:56 AM | Computer Name = LoganKing-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 19/01/2012 5:26:56 AM | Computer Name = LoganKing-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 19/01/2012 5:26:56 AM | Computer Name = LoganKing-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 19/01/2012 5:26:56 AM | Computer Name = LoganKing-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 19/01/2012 5:26:56 AM | Computer Name = LoganKing-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 19/01/2012 5:26:56 AM | Computer Name = LoganKing-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 19/01/2012 5:26:56 AM | Computer Name = LoganKing-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 19/01/2012 5:30:25 AM | Computer Name = LoganKing-PC | Source = HTTP | ID = 15016
Description =

Error - 20/01/2012 4:23:08 AM | Computer Name = LoganKing-PC | Source = HTTP | ID = 15016
Description =

Error - 20/01/2012 9:11:27 AM | Computer Name = LoganKing-PC | Source = HTTP | ID = 15016
Description =


< End of report >

thanks in advance.
qqonlife
Active Member
 
Posts: 9
Joined: January 19th, 2012, 1:33 pm

Re: Key logger's are a pain.

Unread postby qqonlife » January 24th, 2012, 1:41 pm

double post sorry again.
qqonlife
Active Member
 
Posts: 9
Joined: January 19th, 2012, 1:33 pm

Re: Key logger's are a pain.

Unread postby pgmigg » January 25th, 2012, 1:08 pm

Hello qqonlife,

Good job! I also appreciate your selection - AVAST is good AV! :)
the first thing came up clean, No threats found.
But you did not post the log after you run TDSSKiller scan as I asked.
Please locate TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt log file - usually on your C:\ drive and return back here with report. It is important for me to see a log even in case when 'No threats found'.

Then:

Online Multi Antivirus file scan
Please go to either: Jotti or Virus Total and upload the following file for scanning:

C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf

Using Jotti
  1. Choose the appropriate language (if needed)... once a language is selected, you'll see a message "Ready to receive files"
  2. Press the Browse button and navigate to the file in the list.
  3. Double click the located file name...The file name should now appear in the online scanner's "File to scan:" box.
  4. Click on Submit..button.
      If you receive the message: This file has been scanned before. The results for this previous scan are listed below.
      Please press the Scan again button, so your file will be scanned.
  5. The file will be uploaded and scanned by various antivirus scanners..this may take a few minutes.
  6. When all scans have completed... the results page is displayed
  7. Please highlight and copy the page web address link from your browser window.
    Example of web address :
    Image
  8. Paste the Web address link(s) for the scan results in your next reply.

Using Virus Total
  1. Press the Browse button and navigate to the files in the list.
  2. Double click the located file name... The file name should now appear in the online scanner's text entry box.
  3. Click on Send File...button.
  4. The file will be queued, uploaded and scanned by various antivirus scanners..this may take a few minutes.
      If you receive the message: File has already been analysed:
      Please press the Reanalyse file now button, so your file will be scanned.
  5. When all scans have completed... the results page is displayed
  6. Please highlight and copy the page web address link from your browser window.
    Example of web address :
    Image
  7. Paste the Web address link(s) for the scan results in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt log file
  3. The resulting web link after online file scan by either Jotti or Virus Total.

Thanks,
pgmigg
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3177
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Key logger's are a pain.

Unread postby qqonlife » January 26th, 2012, 4:41 pm

Sorry about missing the TDSS killer log last reply I miss read your instruction.

TDSS killer log

15:30:33.0479 1564 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
15:30:34.0045 1564 ============================================================
15:30:34.0045 1564 Current date / time: 2012/01/26 15:30:34.0045
15:30:34.0045 1564 SystemInfo:
15:30:34.0045 1564
15:30:34.0045 1564 OS Version: 6.0.6001 ServicePack: 1.0
15:30:34.0045 1564 Product type: Workstation
15:30:34.0045 1564 ComputerName: LOGANKING-PC
15:30:34.0046 1564 UserName: Logan King
15:30:34.0046 1564 Windows directory: C:\Windows
15:30:34.0046 1564 System windows directory: C:\Windows
15:30:34.0046 1564 Processor architecture: Intel x86
15:30:34.0046 1564 Number of processors: 4
15:30:34.0046 1564 Page size: 0x1000
15:30:34.0046 1564 Boot type: Normal boot
15:30:34.0046 1564 ============================================================
15:30:35.0948 1564 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:30:35.0971 1564 Initialize success
15:30:51.0751 2444 ============================================================
15:30:51.0751 2444 Scan started
15:30:51.0751 2444 Mode: Manual;
15:30:51.0751 2444 ============================================================
15:30:52.0656 2444 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
15:30:52.0662 2444 ACPI - ok
15:30:52.0700 2444 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
15:30:52.0707 2444 adp94xx - ok
15:30:52.0721 2444 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
15:30:52.0727 2444 adpahci - ok
15:30:52.0747 2444 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
15:30:52.0773 2444 adpu160m - ok
15:30:52.0797 2444 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
15:30:52.0801 2444 adpu320 - ok
15:30:52.0829 2444 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
15:30:52.0834 2444 AFD - ok
15:30:52.0853 2444 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
15:30:52.0856 2444 agp440 - ok
15:30:52.0907 2444 ahcix86s (67740f91b47434cc6173a35667a4ba66) C:\Windows\system32\drivers\ahcix86s.sys
15:30:52.0911 2444 ahcix86s - ok
15:30:52.0956 2444 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
15:30:52.0959 2444 aic78xx - ok
15:30:53.0005 2444 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
15:30:53.0007 2444 aliide - ok
15:30:53.0021 2444 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
15:30:53.0024 2444 amdagp - ok
15:30:53.0035 2444 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
15:30:53.0037 2444 amdide - ok
15:30:53.0049 2444 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
15:30:53.0050 2444 AmdK7 - ok
15:30:53.0064 2444 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
15:30:53.0074 2444 AmdK8 - ok
15:30:53.0099 2444 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
15:30:53.0101 2444 arc - ok
15:30:53.0125 2444 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
15:30:53.0128 2444 arcsas - ok
15:30:53.0164 2444 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\Windows\system32\drivers\aswFsBlk.sys
15:30:53.0166 2444 aswFsBlk - ok
15:30:53.0210 2444 aswMonFlt (258143605e77e4008f1758481d6a977d) C:\Windows\system32\drivers\aswMonFlt.sys
15:30:53.0213 2444 aswMonFlt - ok
15:30:53.0230 2444 aswRdr (352d5a48ebab35a7693b048679304831) C:\Windows\system32\drivers\aswRdr.sys
15:30:53.0232 2444 aswRdr - ok
15:30:53.0255 2444 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\Windows\system32\drivers\aswSnx.sys
15:30:53.0263 2444 aswSnx - ok
15:30:53.0298 2444 aswSP (010012597333da1f46c3243f33f8409e) C:\Windows\system32\drivers\aswSP.sys
15:30:53.0305 2444 aswSP - ok
15:30:53.0333 2444 aswTdi (f9f84364416658e9786235904d448d37) C:\Windows\system32\drivers\aswTdi.sys
15:30:53.0336 2444 aswTdi - ok
15:30:53.0365 2444 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
15:30:53.0367 2444 AsyncMac - ok
15:30:53.0377 2444 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
15:30:53.0379 2444 atapi - ok
15:30:53.0448 2444 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
15:30:53.0450 2444 Beep - ok
15:30:53.0471 2444 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
15:30:53.0473 2444 blbdrive - ok
15:30:53.0519 2444 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
15:30:53.0522 2444 bowser - ok
15:30:53.0578 2444 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
15:30:53.0580 2444 BrFiltLo - ok
15:30:53.0592 2444 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
15:30:53.0594 2444 BrFiltUp - ok
15:30:53.0617 2444 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
15:30:53.0621 2444 Brserid - ok
15:30:53.0640 2444 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
15:30:53.0642 2444 BrSerWdm - ok
15:30:53.0658 2444 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
15:30:53.0659 2444 BrUsbMdm - ok
15:30:53.0669 2444 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
15:30:53.0670 2444 BrUsbSer - ok
15:30:53.0681 2444 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
15:30:53.0685 2444 BTHMODEM - ok
15:30:53.0697 2444 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
15:30:53.0700 2444 cdfs - ok
15:30:53.0750 2444 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
15:30:53.0753 2444 cdrom - ok
15:30:53.0772 2444 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
15:30:53.0774 2444 circlass - ok
15:30:53.0822 2444 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
15:30:53.0828 2444 CLFS - ok
15:30:53.0877 2444 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
15:30:53.0879 2444 cmdide - ok
15:30:53.0900 2444 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
15:30:53.0902 2444 Compbatt - ok
15:30:53.0915 2444 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
15:30:53.0916 2444 crcdisk - ok
15:30:53.0938 2444 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
15:30:53.0947 2444 Crusoe - ok
15:30:54.0000 2444 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
15:30:54.0003 2444 DfsC - ok
15:30:54.0060 2444 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
15:30:54.0069 2444 disk - ok
15:30:54.0133 2444 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
15:30:54.0134 2444 drmkaud - ok
15:30:54.0200 2444 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
15:30:54.0217 2444 DXGKrnl - ok
15:30:54.0265 2444 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
15:30:54.0269 2444 E1G60 - ok
15:30:54.0283 2444 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
15:30:54.0287 2444 Ecache - ok
15:30:54.0312 2444 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
15:30:54.0319 2444 elxstor - ok
15:30:54.0340 2444 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
15:30:54.0342 2444 ErrDev - ok
15:30:54.0374 2444 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
15:30:54.0378 2444 exfat - ok
15:30:54.0398 2444 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
15:30:54.0402 2444 fastfat - ok
15:30:54.0419 2444 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
15:30:54.0421 2444 fdc - ok
15:30:54.0435 2444 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
15:30:54.0437 2444 FileInfo - ok
15:30:54.0450 2444 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
15:30:54.0452 2444 Filetrace - ok
15:30:54.0473 2444 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
15:30:54.0476 2444 flpydisk - ok
15:30:54.0498 2444 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
15:30:54.0509 2444 FltMgr - ok
15:30:54.0521 2444 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
15:30:54.0523 2444 Fs_Rec - ok
15:30:54.0554 2444 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
15:30:54.0556 2444 gagp30kx - ok
15:30:54.0661 2444 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
15:30:54.0669 2444 HdAudAddService - ok
15:30:54.0691 2444 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:30:54.0694 2444 HDAudBus - ok
15:30:54.0712 2444 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
15:30:54.0714 2444 HidBth - ok
15:30:54.0730 2444 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
15:30:54.0733 2444 HidIr - ok
15:30:54.0789 2444 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
15:30:54.0792 2444 HidUsb - ok
15:30:54.0822 2444 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
15:30:54.0824 2444 HpCISSs - ok
15:30:54.0859 2444 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
15:30:54.0866 2444 HTTP - ok
15:30:54.0883 2444 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
15:30:54.0886 2444 i2omp - ok
15:30:54.0946 2444 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
15:30:54.0949 2444 i8042prt - ok
15:30:55.0005 2444 iaStor (5df93509037399b53d3ecaa8a67b6c58) C:\Windows\system32\drivers\iastor.sys
15:30:55.0011 2444 iaStor - ok
15:30:55.0024 2444 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
15:30:55.0028 2444 iaStorV - ok
15:30:55.0051 2444 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
15:30:55.0053 2444 iirsp - ok
15:30:55.0078 2444 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
15:30:55.0081 2444 intelide - ok
15:30:55.0101 2444 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
15:30:55.0103 2444 intelppm - ok
15:30:55.0143 2444 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:30:55.0145 2444 IpFilterDriver - ok
15:30:55.0164 2444 IpInIp - ok
15:30:55.0183 2444 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
15:30:55.0185 2444 IPMIDRV - ok
15:30:55.0217 2444 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
15:30:55.0220 2444 IPNAT - ok
15:30:55.0251 2444 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
15:30:55.0253 2444 IRENUM - ok
15:30:55.0279 2444 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
15:30:55.0281 2444 isapnp - ok
15:30:55.0319 2444 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
15:30:55.0324 2444 iScsiPrt - ok
15:30:55.0342 2444 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
15:30:55.0345 2444 iteatapi - ok
15:30:55.0366 2444 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
15:30:55.0368 2444 iteraid - ok
15:30:55.0387 2444 JGOGO (c995c0e8b4503fac38793bb0236ad246) C:\Windows\system32\drivers\jgogo.sys
15:30:55.0390 2444 JGOGO - ok
15:30:55.0400 2444 JRAID (f5bf72eabc7e160bb6624168aad52dfe) C:\Windows\system32\drivers\jraid.sys
15:30:55.0402 2444 JRAID - ok
15:30:55.0423 2444 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:30:55.0426 2444 kbdclass - ok
15:30:55.0441 2444 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
15:30:55.0443 2444 kbdhid - ok
15:30:55.0497 2444 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
15:30:55.0505 2444 KSecDD - ok
15:30:55.0530 2444 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
15:30:55.0533 2444 lltdio - ok
15:30:55.0557 2444 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
15:30:55.0561 2444 LSI_FC - ok
15:30:55.0581 2444 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
15:30:55.0585 2444 LSI_SAS - ok
15:30:55.0596 2444 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
15:30:55.0598 2444 LSI_SCSI - ok
15:30:55.0613 2444 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
15:30:55.0617 2444 luafv - ok
15:30:55.0645 2444 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
15:30:55.0648 2444 MBAMProtector - ok
15:30:55.0682 2444 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
15:30:55.0684 2444 megasas - ok
15:30:55.0703 2444 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
15:30:55.0727 2444 MegaSR - ok
15:30:55.0747 2444 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
15:30:55.0806 2444 Modem - ok
15:30:55.0829 2444 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
15:30:55.0832 2444 monitor - ok
15:30:55.0841 2444 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
15:30:55.0843 2444 mouclass - ok
15:30:55.0859 2444 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
15:30:55.0861 2444 mouhid - ok
15:30:55.0872 2444 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
15:30:55.0875 2444 MountMgr - ok
15:30:55.0898 2444 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
15:30:55.0900 2444 mpio - ok
15:30:55.0916 2444 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
15:30:55.0919 2444 mpsdrv - ok
15:30:55.0935 2444 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
15:30:55.0938 2444 Mraid35x - ok
15:30:55.0955 2444 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
15:30:55.0959 2444 MRxDAV - ok
15:30:56.0001 2444 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:30:56.0005 2444 mrxsmb - ok
15:30:56.0058 2444 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:30:56.0063 2444 mrxsmb10 - ok
15:30:56.0083 2444 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:30:56.0087 2444 mrxsmb20 - ok
15:30:56.0106 2444 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
15:30:56.0109 2444 msahci - ok
15:30:56.0120 2444 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
15:30:56.0123 2444 msdsm - ok
15:30:56.0146 2444 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
15:30:56.0149 2444 Msfs - ok
15:30:56.0171 2444 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
15:30:56.0174 2444 msisadrv - ok
15:30:56.0203 2444 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
15:30:56.0206 2444 MSKSSRV - ok
15:30:56.0233 2444 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
15:30:56.0235 2444 MSPCLOCK - ok
15:30:56.0254 2444 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
15:30:56.0256 2444 MSPQM - ok
15:30:56.0279 2444 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
15:30:56.0284 2444 MsRPC - ok
15:30:56.0305 2444 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
15:30:56.0307 2444 mssmbios - ok
15:30:56.0318 2444 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
15:30:56.0320 2444 MSTEE - ok
15:30:56.0342 2444 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
15:30:56.0345 2444 Mup - ok
15:30:56.0442 2444 mv61xx (8a1abf11f791fdf580f08b9cfc7e495d) C:\Windows\system32\drivers\mv61xx.sys
15:30:56.0465 2444 mv61xx - ok
15:30:56.0540 2444 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
15:30:56.0553 2444 NativeWifiP - ok
15:30:56.0592 2444 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
15:30:56.0602 2444 NDIS - ok
15:30:56.0622 2444 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
15:30:56.0624 2444 NdisTapi - ok
15:30:56.0641 2444 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
15:30:56.0643 2444 Ndisuio - ok
15:30:56.0663 2444 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
15:30:56.0667 2444 NdisWan - ok
15:30:56.0689 2444 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
15:30:56.0692 2444 NDProxy - ok
15:30:56.0711 2444 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
15:30:56.0714 2444 NetBIOS - ok
15:30:56.0735 2444 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
15:30:56.0741 2444 netbt - ok
15:30:56.0834 2444 netr28u (972e4066510017fd59e2806cff99fa16) C:\Windows\system32\DRIVERS\netr28u.sys
15:30:56.0838 2444 netr28u - ok
15:30:56.0857 2444 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
15:30:56.0862 2444 nfrd960 - ok
15:30:56.0913 2444 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
15:30:56.0915 2444 Npfs - ok
15:30:56.0927 2444 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
15:30:56.0928 2444 nsiproxy - ok
15:30:56.0996 2444 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
15:30:57.0022 2444 Ntfs - ok
15:30:57.0038 2444 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
15:30:57.0040 2444 ntrigdigi - ok
15:30:57.0054 2444 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
15:30:57.0056 2444 Null - ok
15:30:57.0214 2444 NVENETFD (d668632606d1cebf0b6ec64c1df7ed6f) C:\Windows\system32\DRIVERS\nvmfdx32.sys
15:30:57.0240 2444 NVENETFD - ok
15:30:57.0816 2444 nvlddmkm (847b1755f7757f825305a1ffe6dac3e9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:30:58.0008 2444 nvlddmkm - ok
15:30:58.0189 2444 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
15:30:58.0193 2444 nvraid - ok
15:30:58.0223 2444 nvrd32 (0d15327134e5871c922760acd7449e84) C:\Windows\system32\drivers\nvrd32.sys
15:30:58.0227 2444 nvrd32 - ok
15:30:58.0261 2444 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
15:30:58.0262 2444 nvstor - ok
15:30:58.0284 2444 nvstor32 (7df63192bcf9c20ec2f7492e7f7544f9) C:\Windows\system32\drivers\nvstor32.sys
15:30:58.0301 2444 nvstor32 - ok
15:30:58.0326 2444 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
15:30:58.0330 2444 nv_agp - ok
15:30:58.0339 2444 NwlnkFlt - ok
15:30:58.0350 2444 NwlnkFwd - ok
15:30:58.0414 2444 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
15:30:58.0424 2444 ohci1394 - ok
15:30:58.0453 2444 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
15:30:58.0456 2444 Parport - ok
15:30:58.0466 2444 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
15:30:58.0469 2444 partmgr - ok
15:30:58.0483 2444 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
15:30:58.0485 2444 Parvdm - ok
15:30:58.0498 2444 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
15:30:58.0502 2444 pci - ok
15:30:58.0521 2444 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
15:30:58.0524 2444 pciide - ok
15:30:58.0538 2444 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
15:30:58.0541 2444 pcmcia - ok
15:30:58.0579 2444 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
15:30:58.0603 2444 PEAUTH - ok
15:30:58.0677 2444 pnarp (63200893c9d5934a7504d20f68276cc7) C:\Windows\system32\DRIVERS\pnarp.sys
15:30:58.0679 2444 pnarp - ok
15:30:58.0704 2444 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
15:30:58.0707 2444 PptpMiniport - ok
15:30:58.0725 2444 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
15:30:58.0727 2444 Processor - ok
15:30:58.0860 2444 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
15:30:58.0874 2444 PSched - ok
15:30:58.0909 2444 purendis (748bcab4eff5959ed347c05a1c1a0af8) C:\Windows\system32\DRIVERS\purendis.sys
15:30:58.0911 2444 purendis - ok
15:30:58.0951 2444 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
15:30:58.0976 2444 ql2300 - ok
15:30:59.0022 2444 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
15:30:59.0025 2444 ql40xx - ok
15:30:59.0048 2444 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
15:30:59.0050 2444 QWAVEdrv - ok
15:30:59.0068 2444 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
15:30:59.0071 2444 RasAcd - ok
15:30:59.0093 2444 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:30:59.0096 2444 Rasl2tp - ok
15:30:59.0109 2444 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
15:30:59.0110 2444 RasPppoe - ok
15:30:59.0121 2444 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
15:30:59.0124 2444 RasSstp - ok
15:30:59.0146 2444 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
15:30:59.0157 2444 rdbss - ok
15:30:59.0179 2444 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:30:59.0181 2444 RDPCDD - ok
15:30:59.0207 2444 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
15:30:59.0218 2444 rdpdr - ok
15:30:59.0230 2444 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
15:30:59.0231 2444 RDPENCDD - ok
15:30:59.0258 2444 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
15:30:59.0263 2444 RDPWD - ok
15:30:59.0290 2444 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
15:30:59.0294 2444 rspndr - ok
15:30:59.0362 2444 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
15:30:59.0364 2444 SASDIFSV - ok
15:30:59.0375 2444 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
15:30:59.0378 2444 SASKUTIL - ok
15:30:59.0389 2444 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
15:30:59.0391 2444 sbp2port - ok
15:30:59.0420 2444 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:30:59.0422 2444 secdrv - ok
15:30:59.0456 2444 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
15:30:59.0458 2444 Serenum - ok
15:30:59.0483 2444 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
15:30:59.0487 2444 Serial - ok
15:30:59.0505 2444 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
15:30:59.0507 2444 sermouse - ok
15:30:59.0543 2444 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
15:30:59.0545 2444 sffdisk - ok
15:30:59.0563 2444 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
15:30:59.0566 2444 sffp_mmc - ok
15:30:59.0582 2444 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
15:30:59.0584 2444 sffp_sd - ok
15:30:59.0605 2444 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
15:30:59.0607 2444 sfloppy - ok
15:30:59.0621 2444 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
15:30:59.0623 2444 sisagp - ok
15:30:59.0634 2444 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
15:30:59.0636 2444 SiSRaid2 - ok
15:30:59.0659 2444 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
15:30:59.0662 2444 SiSRaid4 - ok
15:30:59.0714 2444 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
15:30:59.0718 2444 Smb - ok
15:30:59.0741 2444 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
15:30:59.0743 2444 spldr - ok
15:30:59.0809 2444 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
15:30:59.0816 2444 srv - ok
15:30:59.0869 2444 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
15:30:59.0873 2444 srv2 - ok
15:30:59.0890 2444 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
15:30:59.0894 2444 srvnet - ok
15:30:59.0921 2444 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
15:30:59.0923 2444 swenum - ok
15:30:59.0956 2444 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
15:30:59.0958 2444 Symc8xx - ok
15:30:59.0989 2444 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
15:30:59.0992 2444 Sym_hi - ok
15:31:00.0008 2444 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
15:31:00.0010 2444 Sym_u3 - ok
15:31:00.0081 2444 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
15:31:00.0106 2444 Tcpip - ok
15:31:00.0138 2444 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
15:31:00.0144 2444 Tcpip6 - ok
15:31:00.0164 2444 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
15:31:00.0167 2444 tcpipreg - ok
15:31:00.0212 2444 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
15:31:00.0214 2444 TDPIPE - ok
15:31:00.0225 2444 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
15:31:00.0227 2444 TDTCP - ok
15:31:00.0238 2444 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
15:31:00.0240 2444 tdx - ok
15:31:00.0263 2444 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
15:31:00.0265 2444 TermDD - ok
15:31:00.0291 2444 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:31:00.0293 2444 tssecsrv - ok
15:31:00.0319 2444 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
15:31:00.0321 2444 tunmp - ok
15:31:00.0332 2444 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
15:31:00.0334 2444 tunnel - ok
15:31:00.0356 2444 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
15:31:00.0358 2444 uagp35 - ok
15:31:00.0377 2444 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
15:31:00.0383 2444 udfs - ok
15:31:00.0406 2444 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
15:31:00.0409 2444 uliagpkx - ok
15:31:00.0431 2444 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
15:31:00.0455 2444 uliahci - ok
15:31:00.0483 2444 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
15:31:00.0486 2444 UlSata - ok
15:31:00.0523 2444 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
15:31:00.0527 2444 ulsata2 - ok
15:31:00.0559 2444 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
15:31:00.0562 2444 umbus - ok
15:31:00.0681 2444 usbccgp (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\drivers\usbccgp.sys
15:31:00.0716 2444 usbccgp - ok
15:31:00.0736 2444 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
15:31:00.0740 2444 usbcir - ok
15:31:00.0758 2444 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
15:31:00.0760 2444 usbehci - ok
15:31:00.0787 2444 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
15:31:00.0809 2444 usbhub - ok
15:31:00.0858 2444 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
15:31:00.0860 2444 usbohci - ok
15:31:00.0876 2444 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
15:31:00.0879 2444 usbprint - ok
15:31:00.0913 2444 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:31:00.0917 2444 USBSTOR - ok
15:31:00.0946 2444 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
15:31:00.0949 2444 usbuhci - ok
15:31:01.0005 2444 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
15:31:01.0006 2444 vga - ok
15:31:01.0021 2444 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
15:31:01.0023 2444 VgaSave - ok
15:31:01.0049 2444 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
15:31:01.0051 2444 viaagp - ok
15:31:01.0072 2444 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
15:31:01.0075 2444 ViaC7 - ok
15:31:01.0102 2444 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
15:31:01.0105 2444 viaide - ok
15:31:01.0126 2444 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
15:31:01.0129 2444 volmgr - ok
15:31:01.0154 2444 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
15:31:01.0171 2444 volmgrx - ok
15:31:01.0191 2444 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
15:31:01.0196 2444 volsnap - ok
15:31:01.0215 2444 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
15:31:01.0219 2444 vsmraid - ok
15:31:01.0246 2444 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
15:31:01.0248 2444 WacomPen - ok
15:31:01.0264 2444 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:31:01.0266 2444 Wanarp - ok
15:31:01.0269 2444 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:31:01.0271 2444 Wanarpv6 - ok
15:31:01.0324 2444 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
15:31:01.0326 2444 Wd - ok
15:31:01.0354 2444 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
15:31:01.0373 2444 Wdf01000 - ok
15:31:01.0414 2444 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
15:31:01.0417 2444 WmiAcpi - ok
15:31:01.0461 2444 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
15:31:01.0463 2444 ws2ifsl - ok
15:31:01.0511 2444 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:31:01.0515 2444 WUDFRd - ok
15:31:01.0543 2444 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
15:31:01.0568 2444 \Device\Harddisk0\DR0 - ok
15:31:01.0571 2444 Boot (0x1200) (fd5e859f60d04d29822cf3d1e87caffd) \Device\Harddisk0\DR0\Partition0
15:31:01.0572 2444 \Device\Harddisk0\DR0\Partition0 - ok
15:31:01.0572 2444 ============================================================
15:31:01.0572 2444 Scan finished
15:31:01.0572 2444 ============================================================
15:31:01.0580 4812 Detected object count: 0
15:31:01.0580 4812 Actual detected object count: 0
15:31:19.0754 3760 Deinitialize success

Virus Total link
https://www.virustotal.com/file/e3b0c44 ... 327610142/

Thanks
qqonlife
Active Member
 
Posts: 9
Joined: January 19th, 2012, 1:33 pm

Re: Key logger's are a pain.

Unread postby pgmigg » January 27th, 2012, 10:49 am

Hello qqonlife,

Thank you! :)

The logs are good and I would like to ask you to run one more scanner:

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

  1. Firstly please Disable any Antivirus you have active, as shown in This topic.
  2. Note: Don't forget to re-enable it after the scan.
  3. Next please click on the following link to open a new window to ESET online scannner
  4. Then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  5. Select the option YES, I accept the Terms of Use then click on: Image
  6. When prompted allow the Add-On/Active X to install.
  7. Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  8. Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  9. Now click on: Image
  10. The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  11. When completed the Online Scan will begin automatically.
  12. Do not touch either the mouse or keyboard during the scan otherwise it may stall.
  13. When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  14. Now click on: Image
  15. Use notepad to open the log file located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  16. Copy and paste that log as a reply to this topic.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of scan results from C:\Program Files\ESET\EsetOnlineScanner\log.txt file.

Thanks,
pgmigg
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3177
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Key logger's are a pain.

Unread postby qqonlife » January 29th, 2012, 1:12 pm

Hello Pgmigg , I am having trouble locating the log for the online scanner I've looked everywhere and I can't find it.
It says no threats found but I know you have to go over it sorry for the trouble is there anywhere else it could be located.
qqonlife
Active Member
 
Posts: 9
Joined: January 19th, 2012, 1:33 pm

Re: Key logger's are a pain.

Unread postby pgmigg » January 30th, 2012, 1:02 pm

Hello qqonlife,

Thank you for your patience... :)

Your latest set of logs appear to be clean! :cheers:
This is my general post for when your logs show no more signs of malware including any kind of Keylogging software.
Before I give you instructions how to keep your computer clean and secure, you need to make a few additional steps.

Step 0.
Now is a time to install required Service Pack 2 for Windows Vista. I strongly advise you to go to
Learn how to install Windows Vista SP2 and install it. Then please install all required Windows Updates including newest version of Internet Explorer (v.9).

Step 1.
Java Installation Needed!

Attention: Print these instructions or copy them. You will be closing your browser!!

DOWNLOAD LATEST VERSION
  1. Get the latest version (7u2) of Java Runtime Environment (JRE)... © Sun Microsystems, Inc.
  2. Click the "Download JRE" button to the right.
  3. Check "Accept License Agreement "
  4. Locate the entry for Windows x86 Offline and click on the associated file name, save the file to your desktop.

INSTALL Java
  1. Close all open applications (standard), especially your browser.
  2. From desktop please right-click on jre-7u2-windows-i586.exe select "Run As Administrator..." to
    install the newest version.
  3. Follow the on-screen directions. When installation is completed successfully, reboot your computer normally.
  4. Once the computer has been restarted, you can delete the "downloaded" installation file from your desktop.

OPTIONAL:
To prevent some unnecessary JAVA components from running when you boot your computer each time...
  1. Go to Control Panel and click on the JAVA icon.
  2. Press the Update tab and UNCHECK "Check for Updates Automatically". (You can check for updates manually.)
      Reply "Never Check" to the warning prompt.
  3. Now press the Advanced tab. Press the [+] to expand the "Miscellaneous" options.
  4. UNCHECK "Java Quick Starter".
  5. Press Apply and OK, then close the Java Control Panel and exit Control Panel.

Step 2.
OTL - Run Fix Script
You should still have OTL on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Copy and Paste the following code into the Image
    text box. Do not include the word Code
    Code: Select all
    :Commands
    [EMPTYTEMP]
    [CLEARRESTOREPOINTS]
    

  3. Click under the Custom Scan/Fixes box and paste the copied text.
  4. Click the Run Fix button. If prompted... click OK.
  5. OTL may ask to reboot the machine. Please do so if asked.

Step 3.
OTL-Cleanup
  1. Right click on OTL.exe and select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Press the CleanUp button.
  3. When done, you will be prompted to reboot your system to finish file removal, please select OK to reboot your computer.


Finally, please click HERE
to find a short guide to staying safer online.

Please don't hesitate to ask any additional questions.

Stay Safe! ;)
pgmigg
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3177
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 26 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware