Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Possible Browser Hijack

 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics
View previous topic :: View next topic  
Author Message
Tricktee5
Newbie


Joined: 12 Apr 2012
Last Visit: 13 Apr 2012
Posts: 7
PostPosted: Thu Apr 12, 2012 5:21 pm    Post subject: Possible Browser Hijack Reply with quote
I am having issues sometimes when i search with yahoo it directs me to www.happili.com. I looked it up and it says possible browser hijack and high security risk so i am concerned. My computer will lag like its bogged down when i only have one internet sites up and no programs running. Please Help! Below is the dds files.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22
Run by Teresa at 20:49:15 on 2012-04-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.894.133 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = About:Blank
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = About:Blank
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie9
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\jp2ssv.dll
TB: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{007D250F-487C-433E-96CD-09EEF06BF543} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{007D250F-487C-433E-96CD-09EEF06BF543}\C696E6B6379737 : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{220D6E7F-B58F-4369-8047-CEA0F424C479} : DhcpNameServer = 192.168.254.254
TCP: Interfaces\{A9994230-E886-4B16-A888-125C94719BEC} : DhcpNameServer = 192.168.254.254 192.168.254.254
TCP: Interfaces\{BAE510DC-8E73-437E-9031-91B59272C6EC} : DhcpNameServer = 192.168.2.1
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\jp2ssv.dll
TB-X64: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File
TB-X64: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R3 bcm44amd64;Broadcom 440x 10/100 Integrated Controller XP Driver;C:\Windows\system32\DRIVERS\b44amd64.sys --> C:\Windows\system32\DRIVERS\b44amd64.sys [?]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
RUnknown pavboot;pavboot; [x]
RUnknown TfFsMon;TfFsMon; [x]
RUnknown TfNetMon;TfNetMon; [x]
RUnknown TfSysMon;TfSysMon; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-10-28 2152152]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-1 253600]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2012-4-7 17152]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-04-13 00:24:52 -------- d-----w- C:\Users\Teresa\AppData\Local\{4D77F872-AFC2-4503-B622-DFF918A80262}
2012-04-12 07:05:00 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-04-12 07:05:00 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-04-12 07:01:16 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-12 07:01:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-12 07:01:15 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-12 07:01:13 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-12 07:01:13 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-12 07:01:13 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-12 07:01:13 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-11 11:56:12 -------- d-----w- C:\Users\Teresa\AppData\Local\{0B399025-6ACD-49AC-A8D7-69E2C91CF587}
2012-04-10 16:58:29 -------- d-----w- C:\Users\Teresa\AppData\Local\{DA9C4CA4-397B-465F-875C-10010B791E98}
2012-04-10 08:03:09 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A41AD94A-DF1D-4449-9D29-EAA06CA95EA5}\mpengine.dll
2012-04-10 02:50:52 -------- d-----w- C:\Program Files (x86)\Panda Security
2012-04-10 02:50:04 -------- d--h--w- C:\Windows\AxInstSV
2012-04-10 02:30:50 -------- d-----w- C:\Users\Teresa\AppData\Roaming\TestApp
2012-04-10 02:11:23 -------- d-----w- C:\ProgramData\PC Tools
2012-04-10 02:01:02 66048 ----a-w- C:\Windows\SysWow64\VCLSMP50.bpl
2012-04-10 02:01:02 26624 ----a-w- C:\Windows\SysWow64\ssmenu.dll
2012-04-10 02:01:02 248832 ----a-w- C:\Windows\SysWow64\VCLX50.bpl
2012-04-10 02:01:02 2020864 ----a-w- C:\Windows\SysWow64\VCL50.bpl
2012-04-10 02:01:02 -------- d-s---w- C:\Program Files (x86)\Common Files\Teknum Systems
2012-04-10 02:01:00 -------- d-----w- C:\Program Files (x86)\HandyBits
2012-04-07 07:45:56 16432 ----a-w- C:\Windows\System32\lsdelete.exe
2012-04-07 07:36:49 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2012-04-06 16:07:03 -------- d-----w- C:\Users\Teresa\AppData\Local\{AD6F1AED-9675-4BF9-B162-9BB4676759AA}
2012-04-05 13:57:32 -------- d-----w- C:\Users\Teresa\AppData\Local\{78E85A5A-1287-4CB4-B841-42878677D3EF}
2012-04-05 01:56:51 -------- d-----w- C:\Users\Teresa\AppData\Local\{EC24162E-91CA-4DE2-930E-BA6CB8050405}
2012-04-04 02:30:18 -------- d-----w- C:\Users\Teresa\AppData\Local\{9CBE703F-3989-4690-A07B-30BA5A26DBC6}
2012-04-03 14:29:23 -------- d-----w- C:\Users\Teresa\AppData\Local\{E4D02546-13A0-41C4-BBC9-1865ADF5BEE5}
2012-04-01 22:23:51 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-01 20:23:40 -------- d-----w- C:\Users\Teresa\AppData\Local\{8BF21727-7C38-11E1-826D-B8AC6F996F26}
2012-04-01 13:58:20 -------- dc----w- C:\Program Files\iPod
2012-04-01 13:58:01 -------- dc----w- C:\Program Files\iTunes
2012-04-01 13:58:01 -------- d-----w- C:\Program Files (x86)\iTunes
2012-03-31 16:15:38 -------- d-----w- C:\Users\Teresa\AppData\Local\{CD6116BF-BFCB-4EFC-AE81-BE44DF23527E}
2012-03-31 03:43:13 -------- d-----w- C:\Users\Teresa\AppData\Local\{8D6EB9D7-26D9-4B58-B0A4-7A00C6D6A8CF}
2012-03-30 12:26:54 -------- d-----w- C:\Users\Teresa\AppData\Local\{0A364303-91B1-48BF-B1AD-12CB7183771C}
2012-03-29 18:08:59 -------- d-----w- C:\Users\Teresa\AppData\Local\{89623324-D14D-429B-97F9-6A9AF6A26F4A}
2012-03-28 11:59:06 -------- d-----w- C:\Users\Teresa\AppData\Local\{9B49BCDA-0880-4097-B66B-92EC4A012243}
2012-03-28 11:58:43 -------- d-----w- C:\Users\Teresa\AppData\Local\{515C3694-5BE4-4EB8-864E-48B0A5D4EA8A}
2012-03-27 17:00:05 -------- d-----w- C:\Users\Teresa\AppData\Local\{36454EB4-ED6A-46D3-8546-4DE7ED2599B7}
2012-03-27 16:59:32 -------- d-----w- C:\Users\Teresa\AppData\Local\{4BB0433B-6721-4049-8CA0-5B81282A2A26}
2012-03-24 19:46:26 -------- d-----w- C:\Users\Teresa\AppData\Local\{0B03C821-E7BD-441A-BB5D-A761791D0900}
2012-03-24 19:45:59 -------- d-----w- C:\Users\Teresa\AppData\Local\{8E8F0DAB-0D01-440F-A753-771748CBD331}
2012-03-23 13:27:52 -------- d-----w- C:\Users\Teresa\AppData\Local\{822FE4C8-E736-49FD-9AB1-E63454DA051E}
2012-03-23 13:27:41 -------- d-----w- C:\Users\Teresa\AppData\Local\{E2CCA611-7C32-45BC-A937-FA69351CA14D}
2012-03-22 16:54:18 -------- d-----w- C:\Users\Teresa\AppData\Local\{B9A850CC-85FA-4E49-AED6-8D6D823B3B75}
2012-03-22 16:54:01 -------- d-----w- C:\Users\Teresa\AppData\Local\{DDF3FE70-20DA-4847-A465-A4CD8C46300B}
2012-03-21 14:35:05 -------- d-----w- C:\Users\Teresa\AppData\Local\{5FBC8A84-33C4-46A9-868D-B8B9359835AB}
2012-03-21 14:34:53 -------- d-----w- C:\Users\Teresa\AppData\Local\{7D9BEF4D-E181-4C8C-B8BF-C0BCDA12065E}
2012-03-21 00:20:29 -------- d-----w- C:\Users\Teresa\AppData\Local\{E45F15FE-9FC4-4266-B36D-25BE191240C7}
2012-03-21 00:20:06 -------- d-----w- C:\Users\Teresa\AppData\Local\{93E558A7-E22D-43DC-9984-653CE8209C77}
2012-03-20 12:19:36 -------- d-----w- C:\Users\Teresa\AppData\Local\{A0613BB3-5D9C-4DC6-9FD7-17CF921AED1D}
2012-03-20 12:19:07 -------- d-----w- C:\Users\Teresa\AppData\Local\{B2332FC8-6859-4599-8287-642E130243B7}
2012-03-19 23:52:34 -------- d-----w- C:\Users\Teresa\AppData\Local\{2417399D-BA05-4931-B231-BF8E26888C91}
2012-03-19 23:52:08 -------- d-----w- C:\Users\Teresa\AppData\Local\{E449448F-42EE-44F4-A023-BD18A6EA5DB3}
2012-03-19 02:57:07 -------- d-----w- C:\Users\Teresa\AppData\Local\{5B6CA200-D763-475A-BAB5-8E8424B64962}
2012-03-19 02:56:42 -------- d-----w- C:\Users\Teresa\AppData\Local\{C81DF2C0-2851-4041-ACA5-E83EC81B3651}
2012-03-18 14:46:06 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-18 14:46:06 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-18 14:43:50 -------- d-----w- C:\Users\Teresa\AppData\Local\{A09DAAC4-63A4-406C-875F-3FBAC30847B2}
2012-03-18 14:43:24 -------- d-----w- C:\Users\Teresa\AppData\Local\{A3F829D0-A69B-4230-9096-0490609D9670}
2012-03-17 04:01:39 -------- d-----w- C:\Users\Teresa\AppData\Local\{FBE30D19-C5AC-48BD-B862-E97A2C0F6F86}
2012-03-17 04:01:14 -------- d-----w- C:\Users\Teresa\AppData\Local\{E8EAE1B0-F31C-49D6-A725-1EF80A0AEB50}
2012-03-16 13:05:51 -------- d-----w- C:\Users\Teresa\AppData\Local\{6270DA54-58E6-4FC2-A52C-6B971C0AB0F4}
2012-03-16 13:05:16 -------- d-----w- C:\Users\Teresa\AppData\Local\{AEA34216-A47A-4DD1-AE44-BA1FE240FDAB}
2012-03-16 00:52:38 -------- d-----w- C:\Users\Teresa\AppData\Local\{5814EAC2-A245-4834-B10A-BA23E6C02EA6}
2012-03-16 00:52:13 -------- d-----w- C:\Users\Teresa\AppData\Local\{3952C767-65E4-479F-AE57-9989CE1FCD4D}
2012-03-15 12:51:45 -------- d-----w- C:\Users\Teresa\AppData\Local\{321E46AE-A73B-4255-8164-61CB30BDD0D2}
2012-03-15 12:51:17 -------- d-----w- C:\Users\Teresa\AppData\Local\{E76632FB-DE55-4603-9D00-CE9A13AF2B3C}
2012-03-14 23:21:14 -------- d-----w- C:\Users\Teresa\AppData\Local\{8E6F9A15-5E12-420F-8E5B-B62E057F0493}
2012-03-14 23:21:03 -------- d-----w- C:\Users\Teresa\AppData\Local\{E4AD7413-2920-45DC-86EC-60DB392EDBF3}
2012-03-14 11:20:35 -------- d-----w- C:\Users\Teresa\AppData\Local\{50FCA7E7-2D98-4AEA-9D87-E047C5E149D1}
2012-03-14 11:20:13 -------- d-----w- C:\Users\Teresa\AppData\Local\{E49B5EDD-5C65-4CD8-B775-58B64A282AEB}
.
==================== Find3M ====================
.
2012-04-07 07:41:31 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2012-04-01 22:23:51 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-06 06:53:37 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-06 05:59:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-06 05:59:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-23 13:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-01-25 06:38:39 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-01-25 06:38:38 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-01-25 06:33:30 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
.
============= FINISH: 20:50:08.58 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/18/2010 10:49:47 PM
System Uptime: 4/12/2012 7:31:10 AM (13 hours ago)
.
Motherboard: Dell Inc. | | Inspiron 1501
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-50 | Socket M2/S1G1 | 1600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 108 GiB total, 68.88 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 0 GiB total, 0.07 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP327: 4/10/2012 4:02:07 AM - Windows Update
RP328: 4/12/2012 3:00:14 AM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
7-Zip 9.22beta
Ad-Aware
Adobe Bridge 1.0
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.0
Adobe SVG Viewer 3.0
Apple Application Support
Apple Software Update
Coupon Printer for Windows
D3DX10
Facebook Video Calling 1.2.0.159
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
iConcepts Music Express
Java Auto Updater
Java(TM) 6 Update 22
Junk Mail filter update
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
Mozilla Firefox 11.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
OpenOffice.org 3.3
QuickTime
RICOH R5C83x/84x Media Driver Ver.3.53.02
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Smilebox
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
4/9/2012 10:55:42 PM, Error: Service Control Manager [7000] - The RkPavproc1 service failed to start due to the following error: This driver has been blocked from loading
4/9/2012 10:55:42 PM, Error: Application Popup [1060] - \??\C:\Windows\SysWow64\drivers\RkPavproc1.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
4/9/2012 10:14:51 PM, Error: Service Control Manager [7034] - The ThreatFire service terminated unexpectedly. It has done this 1 time(s).
4/9/2012 10:13:26 PM, Error: Service Control Manager [7030] - The ThreatFire service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
4/7/2012 3:31:20 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
4/7/2012 3:31:20 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/7/2012 3:31:20 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/7/2012 3:30:36 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
4/12/2012 7:33:08 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
4/12/2012 7:33:08 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
.
==== End Of File ===========================
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 19 May 2013
Posts: 9697
Location: Yorkshire
PostPosted: Fri Apr 13, 2012 5:17 am    Post subject: Reply with quote
Looking over your logs, back soon.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 19 May 2013
Posts: 9697
Location: Yorkshire
PostPosted: Fri Apr 13, 2012 5:26 am    Post subject: Reply with quote
Quote:
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Help with spyware removal" forum and wait for help.

Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi Tricktee5

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

I'd also recommend that you create a System Restore Point that we can restore to if necessary.


  • Click Start, and type Create a restore point into the Search programs and files box.
  • Now click on the Create a restore point icon at the top of the find list.
  • This will open a System Properties box, with the System Protection tab open ...

    • Click on the Create button in the lower part of the window.
    • Type Pre Malware Cleanup into the description box, then click Create.
    • Windows will now create a Restore Point and notify you when finished.
    • Exit any open windows.



Please observe these rules while we work:

  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.

If you can do these things, everything should go smoothly.

  • As you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator


Quote:
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Not a lot serious showing in your DDS logs, so I'll need you to run a couple of additional scans for me .....

First

Download TDSSKiller.zip and extract it to your Desktop.

  • Double click on TDSSKiller.exe to launch it.

    • If using Vista or Windows7, when prompted by UAC allow the prompt.

  • Click on Change parameters

    • Check Detect TDLFS file system
    • Click OK

  • Click on Start Scan
  • The scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • Post the contents in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT


Next

Download OTL by OldTimer to your Desktop.

If you already have a copy of OTL delete it and use this version.


  • Double click OTL.exe to launch the programme.
  • Check the following.

    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.

  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.

    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)

  • Please post me both logs.


Summary of the logs I need from you in your next post:

  • TDSSKiller log
  • OTL.txt
  • Extras.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Tricktee5
Newbie


Joined: 12 Apr 2012
Last Visit: 13 Apr 2012
Posts: 7
PostPosted: Fri Apr 13, 2012 7:42 am    Post subject: TDSSKiller log Reply with quote
11:38:00.0015 3004 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
11:38:00.0936 3004 ============================================================
11:38:00.0936 3004 Current date / time: 2012/04/13 11:38:00.0936
11:38:00.0936 3004 SystemInfo:
11:38:00.0936 3004
11:38:00.0936 3004 OS Version: 6.1.7601 ServicePack: 1.0
11:38:00.0936 3004 Product type: Workstation
11:38:00.0936 3004 ComputerName: PC
11:38:00.0936 3004 UserName: Teresa
11:38:00.0936 3004 Windows directory: C:\Windows
11:38:00.0936 3004 System windows directory: C:\Windows
11:38:00.0936 3004 Running under WOW64
11:38:00.0936 3004 Processor architecture: Intel x64
11:38:00.0936 3004 Number of processors: 2
11:38:00.0936 3004 Page size: 0x1000
11:38:00.0937 3004 Boot type: Normal boot
11:38:00.0937 3004 ============================================================
11:38:03.0829 3004 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:38:03.0834 3004 \Device\Harddisk0\DR0:
11:38:03.0834 3004 MBR used
11:38:03.0834 3004 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2B800, BlocksNum 0x32000
11:38:03.0834 3004 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x5D800, BlocksNum 0xD89B800
11:38:03.0967 3004 Initialize success
11:38:03.0967 3004 ============================================================
11:38:23.0236 3084 ============================================================
11:38:23.0236 3084 Scan started
11:38:23.0236 3084 Mode: Manual; TDLFS;
11:38:23.0237 3084 ============================================================
11:38:23.0961 3084 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:38:23.0967 3084 1394ohci - ok
11:38:24.0012 3084 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:38:24.0020 3084 ACPI - ok
11:38:24.0050 3084 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:38:24.0052 3084 AcpiPmi - ok
11:38:24.0171 3084 Adobe LM Service (8b46d5a1d3ef08232c04d0eafb871fb2) C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
11:38:24.0173 3084 Adobe LM Service - ok
11:38:24.0303 3084 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:38:24.0308 3084 AdobeFlashPlayerUpdateSvc - ok
11:38:24.0382 3084 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:38:24.0401 3084 adp94xx - ok
11:38:24.0434 3084 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:38:24.0441 3084 adpahci - ok
11:38:24.0464 3084 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:38:24.0469 3084 adpu320 - ok
11:38:24.0525 3084 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
11:38:24.0528 3084 AeLookupSvc - ok
11:38:24.0583 3084 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
11:38:24.0603 3084 AFD - ok
11:38:24.0647 3084 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:38:24.0650 3084 agp440 - ok
11:38:24.0672 3084 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
11:38:24.0675 3084 ALG - ok
11:38:24.0700 3084 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:38:24.0702 3084 aliide - ok
11:38:24.0715 3084 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:38:24.0717 3084 amdide - ok
11:38:24.0786 3084 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:38:24.0789 3084 AmdK8 - ok
11:38:24.0817 3084 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:38:24.0820 3084 AmdPPM - ok
11:38:24.0856 3084 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:38:24.0859 3084 amdsata - ok
11:38:24.0891 3084 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:38:24.0896 3084 amdsbs - ok
11:38:24.0922 3084 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:38:24.0924 3084 amdxata - ok
11:38:24.0994 3084 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:38:24.0997 3084 AppID - ok
11:38:25.0035 3084 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
11:38:25.0037 3084 AppIDSvc - ok
11:38:25.0092 3084 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
11:38:25.0094 3084 Appinfo - ok
11:38:25.0226 3084 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:38:25.0229 3084 Apple Mobile Device - ok
11:38:25.0283 3084 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:38:25.0286 3084 arc - ok
11:38:25.0308 3084 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:38:25.0311 3084 arcsas - ok
11:38:25.0359 3084 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:38:25.0361 3084 AsyncMac - ok
11:38:25.0394 3084 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:38:25.0394 3084 atapi - ok
11:38:25.0458 3084 Ati External Event Utility (bb7a2052ebb2e31080c0da9fa3f4ea4a) C:\Windows\system32\Ati2evxx.exe
11:38:25.0486 3084 Ati External Event Utility - ok
11:38:25.0669 3084 atikmdag (428ddcb79f4377726501867eada9c2d6) C:\Windows\system32\DRIVERS\atikmdag.sys
11:38:25.0835 3084 atikmdag - ok
11:38:25.0917 3084 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
11:38:25.0925 3084 atksgt - ok
11:38:26.0003 3084 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:38:26.0023 3084 AudioEndpointBuilder - ok
11:38:26.0041 3084 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:38:26.0047 3084 AudioSrv - ok
11:38:26.0119 3084 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
11:38:26.0123 3084 AxInstSV - ok
11:38:26.0197 3084 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:38:26.0207 3084 b06bdrv - ok
11:38:26.0283 3084 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:38:26.0289 3084 b57nd60a - ok
11:38:26.0405 3084 BCM43XX (fb4fda64f2e8552eaeb5986c3f34462c) C:\Windows\system32\DRIVERS\bcmwl664.sys
11:38:26.0486 3084 BCM43XX - ok
11:38:26.0548 3084 bcm44amd64 (2bc7c1697b633692a061a4a36ed9dfdd) C:\Windows\system32\DRIVERS\b44amd64.sys
11:38:26.0551 3084 bcm44amd64 - ok
11:38:26.0603 3084 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
11:38:26.0606 3084 BDESVC - ok
11:38:26.0627 3084 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:38:26.0629 3084 Beep - ok
11:38:26.0714 3084 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
11:38:26.0734 3084 BFE - ok
11:38:26.0806 3084 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
11:38:26.0870 3084 BITS - ok
11:38:26.0912 3084 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:38:26.0914 3084 blbdrive - ok
11:38:27.0046 3084 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
11:38:27.0083 3084 Bonjour Service - ok
11:38:27.0138 3084 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:38:27.0141 3084 bowser - ok
11:38:27.0187 3084 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:38:27.0188 3084 BrFiltLo - ok
11:38:27.0210 3084 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:38:27.0211 3084 BrFiltUp - ok
11:38:27.0262 3084 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
11:38:27.0265 3084 Browser - ok
11:38:27.0291 3084 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:38:27.0299 3084 Brserid - ok
11:38:27.0325 3084 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:38:27.0328 3084 BrSerWdm - ok
11:38:27.0338 3084 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:38:27.0342 3084 BrUsbMdm - ok
11:38:27.0355 3084 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:38:27.0359 3084 BrUsbSer - ok
11:38:27.0386 3084 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:38:27.0389 3084 BTHMODEM - ok
11:38:27.0443 3084 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
11:38:27.0446 3084 bthserv - ok
11:38:27.0475 3084 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:38:27.0479 3084 cdfs - ok
11:38:27.0530 3084 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
11:38:27.0535 3084 cdrom - ok
11:38:27.0593 3084 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:38:27.0596 3084 CertPropSvc - ok
11:38:27.0627 3084 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:38:27.0630 3084 circlass - ok
11:38:27.0673 3084 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:38:27.0681 3084 CLFS - ok
11:38:27.0775 3084 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:38:27.0777 3084 clr_optimization_v2.0.50727_32 - ok
11:38:27.0870 3084 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:38:27.0873 3084 clr_optimization_v2.0.50727_64 - ok
11:38:27.0974 3084 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:38:27.0978 3084 clr_optimization_v4.0.30319_32 - ok
11:38:28.0006 3084 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:38:28.0010 3084 clr_optimization_v4.0.30319_64 - ok
11:38:28.0147 3084 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:38:28.0149 3084 CmBatt - ok
11:38:28.0180 3084 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:38:28.0182 3084 cmdide - ok
11:38:28.0229 3084 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
11:38:28.0239 3084 CNG - ok
11:38:28.0268 3084 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:38:28.0270 3084 Compbatt - ok
11:38:28.0303 3084 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:38:28.0305 3084 CompositeBus - ok
11:38:28.0332 3084 COMSysApp - ok
11:38:28.0360 3084 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:38:28.0362 3084 crcdisk - ok
11:38:28.0435 3084 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
11:38:28.0440 3084 CryptSvc - ok
11:38:28.0495 3084 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:38:28.0508 3084 DcomLaunch - ok
11:38:28.0567 3084 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
11:38:28.0574 3084 defragsvc - ok
11:38:28.0638 3084 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:38:28.0642 3084 DfsC - ok
11:38:28.0702 3084 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
11:38:28.0708 3084 Dhcp - ok
11:38:28.0761 3084 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:38:28.0763 3084 discache - ok
11:38:28.0810 3084 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:38:28.0813 3084 Disk - ok
11:38:28.0852 3084 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
11:38:28.0857 3084 Dnscache - ok
11:38:28.0918 3084 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
11:38:28.0924 3084 dot3svc - ok
11:38:28.0980 3084 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
11:38:28.0985 3084 DPS - ok
11:38:29.0018 3084 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:38:29.0020 3084 drmkaud - ok
11:38:29.0083 3084 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:38:29.0119 3084 DXGKrnl - ok
11:38:29.0172 3084 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
11:38:29.0175 3084 EapHost - ok
11:38:29.0319 3084 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:38:29.0424 3084 ebdrv - ok
11:38:29.0466 3084 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
11:38:29.0469 3084 EFS - ok
11:38:29.0563 3084 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
11:38:29.0583 3084 ehRecvr - ok
11:38:29.0632 3084 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
11:38:29.0636 3084 ehSched - ok
11:38:29.0752 3084 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:38:29.0772 3084 elxstor - ok
11:38:29.0793 3084 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:38:29.0794 3084 ErrDev - ok
11:38:29.0871 3084 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
11:38:29.0879 3084 EventSystem - ok
11:38:29.0912 3084 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:38:29.0916 3084 exfat - ok
11:38:29.0949 3084 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:38:29.0954 3084 fastfat - ok
11:38:30.0038 3084 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
11:38:30.0068 3084 Fax - ok
11:38:30.0088 3084 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:38:30.0090 3084 fdc - ok
11:38:30.0123 3084 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
11:38:30.0125 3084 fdPHost - ok
11:38:30.0145 3084 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
11:38:30.0147 3084 FDResPub - ok
11:38:30.0161 3084 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:38:30.0163 3084 FileInfo - ok
11:38:30.0185 3084 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:38:30.0187 3084 Filetrace - ok
11:38:30.0207 3084 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:38:30.0208 3084 flpydisk - ok
11:38:30.0264 3084 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:38:30.0271 3084 FltMgr - ok
11:38:30.0342 3084 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
11:38:30.0387 3084 FontCache - ok
11:38:30.0532 3084 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:38:30.0534 3084 FontCache3.0.0.0 - ok
11:38:30.0557 3084 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:38:30.0560 3084 FsDepends - ok
11:38:30.0595 3084 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
11:38:30.0596 3084 Fs_Rec - ok
11:38:30.0678 3084 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:38:30.0684 3084 fvevol - ok
11:38:30.0716 3084 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:38:30.0718 3084 gagp30kx - ok
11:38:30.0785 3084 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:38:30.0787 3084 GEARAspiWDM - ok
11:38:30.0857 3084 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
11:38:30.0891 3084 gpsvc - ok
11:38:30.0915 3084 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:38:30.0916 3084 hcw85cir - ok
11:38:30.0965 3084 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:38:30.0973 3084 HdAudAddService - ok
11:38:31.0006 3084 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
11:38:31.0012 3084 HDAudBus - ok
11:38:31.0036 3084 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:38:31.0039 3084 HidBatt - ok
11:38:31.0062 3084 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:38:31.0065 3084 HidBth - ok
11:38:31.0086 3084 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:38:31.0089 3084 HidIr - ok
11:38:31.0133 3084 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
11:38:31.0136 3084 hidserv - ok
11:38:31.0173 3084 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
11:38:31.0175 3084 HidUsb - ok
11:38:31.0229 3084 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
11:38:31.0232 3084 hkmsvc - ok
11:38:31.0284 3084 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
11:38:31.0290 3084 HomeGroupListener - ok
11:38:31.0348 3084 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
11:38:31.0354 3084 HomeGroupProvider - ok
11:38:31.0375 3084 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:38:31.0377 3084 HpSAMD - ok
11:38:31.0458 3084 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:38:31.0479 3084 HTTP - ok
11:38:31.0534 3084 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:38:31.0536 3084 hwpolicy - ok
11:38:31.0573 3084 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
11:38:31.0576 3084 i8042prt - ok
11:38:31.0619 3084 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:38:31.0627 3084 iaStorV - ok
11:38:31.0802 3084 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:38:31.0837 3084 idsvc - ok
11:38:31.0897 3084 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:38:31.0899 3084 iirsp - ok
11:38:31.0969 3084 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
11:38:32.0003 3084 IKEEXT - ok
11:38:32.0041 3084 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:38:32.0042 3084 intelide - ok
11:38:32.0075 3084 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:38:32.0077 3084 intelppm - ok
11:38:32.0135 3084 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
11:38:32.0139 3084 IPBusEnum - ok
11:38:32.0191 3084 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:38:32.0194 3084 IpFilterDriver - ok
11:38:32.0254 3084 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
11:38:32.0273 3084 iphlpsvc - ok
11:38:32.0298 3084 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:38:32.0302 3084 IPMIDRV - ok
11:38:32.0326 3084 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:38:32.0330 3084 IPNAT - ok
11:38:32.0454 3084 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
11:38:32.0483 3084 iPod Service - ok
11:38:32.0520 3084 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:38:32.0522 3084 IRENUM - ok
11:38:32.0535 3084 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:38:32.0537 3084 isapnp - ok
11:38:32.0575 3084 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:38:32.0582 3084 iScsiPrt - ok
11:38:32.0619 3084 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
11:38:32.0622 3084 kbdclass - ok
11:38:32.0664 3084 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
11:38:32.0666 3084 kbdhid - ok
11:38:32.0704 3084 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:38:32.0707 3084 KeyIso - ok
11:38:32.0732 3084 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
11:38:32.0736 3084 KSecDD - ok
11:38:32.0771 3084 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
11:38:32.0776 3084 KSecPkg - ok
11:38:32.0820 3084 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:38:32.0822 3084 ksthunk - ok
11:38:32.0882 3084 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
11:38:32.0891 3084 KtmRm - ok
11:38:32.0948 3084 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
11:38:32.0955 3084 LanmanServer - ok
11:38:33.0030 3084 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
11:38:33.0058 3084 LanmanWorkstation - ok
11:38:33.0252 3084 Lavasoft Ad-Aware Service (ea38136981c61c571d52c380daad46ef) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
11:38:33.0323 3084 Lavasoft Ad-Aware Service - ok
11:38:33.0346 3084 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
11:38:33.0348 3084 Lavasoft Kernexplorer - ok
11:38:33.0415 3084 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
11:38:33.0417 3084 Lbd - ok
11:38:33.0491 3084 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
11:38:33.0494 3084 lirsgt - ok
11:38:33.0564 3084 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:38:33.0566 3084 lltdio - ok
11:38:33.0627 3084 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
11:38:33.0635 3084 lltdsvc - ok
11:38:33.0672 3084 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
11:38:33.0674 3084 lmhosts - ok
11:38:33.0718 3084 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:38:33.0721 3084 LSI_FC - ok
11:38:33.0740 3084 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:38:33.0744 3084 LSI_SAS - ok
11:38:33.0769 3084 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:38:33.0773 3084 LSI_SAS2 - ok
11:38:33.0802 3084 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:38:33.0805 3084 LSI_SCSI - ok
11:38:33.0833 3084 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:38:33.0835 3084 luafv - ok
11:38:33.0891 3084 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
11:38:33.0894 3084 Mcx2Svc - ok
11:38:33.0919 3084 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:38:33.0922 3084 megasas - ok
11:38:33.0958 3084 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:38:33.0965 3084 MegaSR - ok
11:38:34.0028 3084 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:38:34.0031 3084 MMCSS - ok
11:38:34.0051 3084 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:38:34.0053 3084 Modem - ok
11:38:34.0086 3084 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:38:34.0088 3084 monitor - ok
11:38:34.0140 3084 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
11:38:34.0143 3084 mouclass - ok
11:38:34.0181 3084 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:38:34.0183 3084 mouhid - ok
11:38:34.0237 3084 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:38:34.0240 3084 mountmgr - ok
11:38:34.0277 3084 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:38:34.0282 3084 mpio - ok
11:38:34.0308 3084 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:38:34.0311 3084 mpsdrv - ok
11:38:34.0392 3084 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
11:38:34.0424 3084 MpsSvc - ok
11:38:34.0473 3084 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:38:34.0479 3084 MRxDAV - ok
11:38:34.0516 3084 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:38:34.0520 3084 mrxsmb - ok
11:38:34.0590 3084 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:38:34.0597 3084 mrxsmb10 - ok
11:38:34.0619 3084 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:38:34.0623 3084 mrxsmb20 - ok
11:38:34.0659 3084 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:38:34.0661 3084 msahci - ok
11:38:34.0696 3084 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:38:34.0700 3084 msdsm - ok
11:38:34.0750 3084 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
11:38:34.0754 3084 MSDTC - ok
11:38:34.0812 3084 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:38:34.0814 3084 Msfs - ok
11:38:34.0854 3084 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:38:34.0856 3084 mshidkmdf - ok
11:38:34.0869 3084 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:38:34.0871 3084 msisadrv - ok
11:38:34.0921 3084 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
11:38:34.0927 3084 MSiSCSI - ok
11:38:34.0937 3084 msiserver - ok
11:38:34.0977 3084 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:38:34.0979 3084 MSKSSRV - ok
11:38:35.0007 3084 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:38:35.0008 3084 MSPCLOCK - ok
11:38:35.0040 3084 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:38:35.0041 3084 MSPQM - ok
11:38:35.0103 3084 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:38:35.0111 3084 MsRPC - ok
11:38:35.0148 3084 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:38:35.0150 3084 mssmbios - ok
11:38:35.0175 3084 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:38:35.0177 3084 MSTEE - ok
11:38:35.0196 3084 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:38:35.0198 3084 MTConfig - ok
11:38:35.0241 3084 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:38:35.0244 3084 Mup - ok
11:38:35.0310 3084 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
11:38:35.0330 3084 napagent - ok
11:38:35.0372 3084 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:38:35.0379 3084 NativeWifiP - ok
11:38:35.0438 3084 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:38:35.0472 3084 NDIS - ok
11:38:35.0496 3084 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:38:35.0499 3084 NdisCap - ok
11:38:35.0524 3084 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:38:35.0526 3084 NdisTapi - ok
11:38:35.0588 3084 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:38:35.0590 3084 Ndisuio - ok
11:38:35.0646 3084 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:38:35.0651 3084 NdisWan - ok
11:38:35.0703 3084 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:38:35.0705 3084 NDProxy - ok
11:38:35.0720 3084 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:38:35.0723 3084 NetBIOS - ok
11:38:35.0779 3084 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:38:35.0785 3084 NetBT - ok
11:38:35.0808 3084 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:38:35.0810 3084 Netlogon - ok
11:38:35.0890 3084 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
11:38:35.0899 3084 Netman - ok
11:38:35.0938 3084 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
11:38:35.0958 3084 netprofm - ok
11:38:36.0117 3084 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:38:36.0120 3084 NetTcpPortSharing - ok
11:38:36.0179 3084 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:38:36.0181 3084 nfrd960 - ok
11:38:36.0248 3084 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
11:38:36.0256 3084 NlaSvc - ok
11:38:36.0281 3084 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:38:36.0283 3084 Npfs - ok
11:38:36.0299 3084 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
11:38:36.0302 3084 nsi - ok
11:38:36.0324 3084 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:38:36.0326 3084 nsiproxy - ok
11:38:36.0415 3084 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:38:36.0472 3084 Ntfs - ok
11:38:36.0500 3084 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:38:36.0502 3084 Null - ok
11:38:36.0571 3084 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:38:36.0576 3084 nvraid - ok
11:38:36.0600 3084 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:38:36.0605 3084 nvstor - ok
11:38:36.0646 3084 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:38:36.0650 3084 nv_agp - ok
11:38:36.0692 3084 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:38:36.0694 3084 ohci1394 - ok
11:38:36.0753 3084 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:38:36.0761 3084 p2pimsvc - ok
11:38:36.0821 3084 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
11:38:36.0839 3084 p2psvc - ok
11:38:36.0891 3084 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:38:36.0895 3084 Parport - ok
11:38:36.0939 3084 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
11:38:36.0941 3084 partmgr - ok
11:38:36.0965 3084 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
11:38:36.0972 3084 PcaSvc - ok
11:38:36.0992 3084 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:38:36.0996 3084 pci - ok
11:38:37.0011 3084 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:38:37.0012 3084 pciide - ok
11:38:37.0045 3084 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:38:37.0050 3084 pcmcia - ok
11:38:37.0074 3084 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:38:37.0077 3084 pcw - ok
11:38:37.0119 3084 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:38:37.0139 3084 PEAUTH - ok
11:38:37.0221 3084 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
11:38:37.0225 3084 PerfHost - ok
11:38:37.0329 3084 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
11:38:37.0376 3084 pla - ok
11:38:37.0467 3084 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
11:38:37.0478 3084 PlugPlay - ok
11:38:37.0518 3084 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
11:38:37.0522 3084 PNRPAutoReg - ok
11:38:37.0565 3084 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:38:37.0571 3084 PNRPsvc - ok
11:38:37.0634 3084 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
11:38:37.0645 3084 PolicyAgent - ok
11:38:37.0705 3084 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
11:38:37.0710 3084 Power - ok
11:38:37.0815 3084 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:38:37.0819 3084 PptpMiniport - ok
11:38:37.0861 3084 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:38:37.0863 3084 Processor - ok
11:38:37.0930 3084 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
11:38:37.0937 3084 ProfSvc - ok
11:38:37.0978 3084 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:38:37.0980 3084 ProtectedStorage - ok
11:38:38.0042 3084 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:38:38.0047 3084 Psched - ok
11:38:38.0130 3084 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:38:38.0178 3084 ql2300 - ok
11:38:38.0203 3084 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:38:38.0206 3084 ql40xx - ok
11:38:38.0264 3084 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
11:38:38.0271 3084 QWAVE - ok
11:38:38.0292 3084 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:38:38.0295 3084 QWAVEdrv - ok
11:38:38.0322 3084 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:38:38.0323 3084 RasAcd - ok
11:38:38.0385 3084 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:38:38.0387 3084 RasAgileVpn - ok
11:38:38.0411 3084 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
11:38:38.0416 3084 RasAuto - ok
11:38:38.0471 3084 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:38:38.0475 3084 Rasl2tp - ok
11:38:38.0532 3084 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
11:38:38.0542 3084 RasMan - ok
11:38:38.0576 3084 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:38:38.0579 3084 RasPppoe - ok
11:38:38.0606 3084 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:38:38.0609 3084 RasSstp - ok
11:38:38.0673 3084 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:38:38.0680 3084 rdbss - ok
11:38:38.0698 3084 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:38:38.0701 3084 rdpbus - ok
11:38:38.0722 3084 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:38:38.0724 3084 RDPCDD - ok
11:38:38.0750 3084 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:38:38.0751 3084 RDPENCDD - ok
11:38:38.0778 3084 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:38:38.0780 3084 RDPREFMP - ok
11:38:38.0828 3084 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
11:38:38.0833 3084 RDPWD - ok
11:38:38.0906 3084 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:38:38.0911 3084 rdyboost - ok
11:38:38.0959 3084 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
11:38:38.0964 3084 RemoteAccess - ok
11:38:39.0013 3084 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
11:38:39.0019 3084 RemoteRegistry - ok
11:38:39.0076 3084 rimmptsk (e31960692cbb3a8bcdf300bc1d889e1f) C:\Windows\system32\DRIVERS\rimmpx64.sys
11:38:39.0078 3084 rimmptsk - ok
11:38:39.0111 3084 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
11:38:39.0115 3084 RpcEptMapper - ok
11:38:39.0165 3084 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
11:38:39.0167 3084 RpcLocator - ok
11:38:39.0230 3084 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:38:39.0238 3084 RpcSs - ok
11:38:39.0301 3084 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:38:39.0304 3084 rspndr - ok
11:38:39.0335 3084 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:38:39.0337 3084 SamSs - ok
11:38:39.0366 3084 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:38:39.0370 3084 sbp2port - ok
11:38:39.0404 3084 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
11:38:39.0410 3084 SCardSvr - ok
11:38:39.0455 3084 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:38:39.0457 3084 scfilter - ok
11:38:39.0534 3084 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
11:38:39.0570 3084 Schedule - ok
11:38:39.0622 3084 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:38:39.0623 3084 SCPolicySvc - ok
11:38:39.0669 3084 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
11:38:39.0672 3084 sdbus - ok
11:38:39.0727 3084 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
11:38:39.0733 3084 SDRSVC - ok
11:38:39.0804 3084 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:38:39.0806 3084 secdrv - ok
11:38:39.0848 3084 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
11:38:39.0852 3084 seclogon - ok
11:38:39.0903 3084 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
11:38:39.0907 3084 SENS - ok
11:38:39.0940 3084 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
11:38:39.0944 3084 SensrSvc - ok
11:38:39.0968 3084 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:38:39.0970 3084 Serenum - ok
11:38:40.0012 3084 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:38:40.0016 3084 Serial - ok
11:38:40.0070 3084 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:38:40.0072 3084 sermouse - ok
11:38:40.0145 3084 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
11:38:40.0150 3084 SessionEnv - ok
11:38:40.0186 3084 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
11:38:40.0188 3084 sffdisk - ok
11:38:40.0211 3084 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:38:40.0212 3084 sffp_mmc - ok
11:38:40.0225 3084 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\DRIVERS\sffp_sd.sys
11:38:40.0226 3084 sffp_sd - ok
11:38:40.0247 3084 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:38:40.0249 3084 sfloppy - ok
11:38:40.0307 3084 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
11:38:40.0316 3084 SharedAccess - ok
11:38:40.0377 3084 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
11:38:40.0387 3084 ShellHWDetection - ok
11:38:40.0416 3084 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:38:40.0417 3084 SiSRaid2 - ok
11:38:40.0447 3084 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:38:40.0449 3084 SiSRaid4 - ok
11:38:40.0481 3084 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:38:40.0484 3084 Smb - ok
11:38:40.0560 3084 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
11:38:40.0563 3084 SNMPTRAP - ok
11:38:40.0583 3084 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:38:40.0586 3084 spldr - ok
11:38:40.0651 3084 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
11:38:40.0664 3084 Spooler - ok
11:38:40.0815 3084 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
11:38:40.0919 3084 sppsvc - ok
11:38:40.0939 3084 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
11:38:40.0944 3084 sppuinotify - ok
11:38:40.0997 3084 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:38:41.0006 3084 srv - ok
11:38:41.0034 3084 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:38:41.0044 3084 srv2 - ok
11:38:41.0117 3084 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
11:38:41.0124 3084 SrvHsfHDA - ok
11:38:41.0187 3084 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
11:38:41.0234 3084 SrvHsfV92 - ok
11:38:41.0300 3084 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
11:38:41.0320 3084 SrvHsfWinac - ok
11:38:41.0347 3084 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:38:41.0351 3084 srvnet - ok
11:38:41.0408 3084 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
11:38:41.0415 3084 SSDPSRV - ok
11:38:41.0439 3084 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
11:38:41.0445 3084 SstpSvc - ok
11:38:41.0498 3084 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:38:41.0500 3084 stexstor - ok
11:38:41.0580 3084 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
11:38:41.0602 3084 stisvc - ok
11:38:41.0640 3084 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:38:41.0642 3084 swenum - ok
11:38:41.0677 3084 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
11:38:41.0699 3084 swprv - ok
11:38:41.0799 3084 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
11:38:41.0856 3084 SysMain - ok
11:38:41.0909 3084 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
11:38:41.0914 3084 TabletInputService - ok
11:38:41.0972 3084 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
11:38:41.0981 3084 TapiSrv - ok
11:38:42.0008 3084 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
11:38:42.0013 3084 TBS - ok
11:38:42.0148 3084 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
11:38:42.0207 3084 Tcpip - ok
11:38:42.0284 3084 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
11:38:42.0301 3084 TCPIP6 - ok
11:38:42.0372 3084 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:38:42.0375 3084 tcpipreg - ok
11:38:42.0431 3084 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:38:42.0433 3084 TDPIPE - ok
11:38:42.0464 3084 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
11:38:42.0466 3084 TDTCP - ok
11:38:42.0531 3084 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:38:42.0534 3084 tdx - ok
11:38:42.0571 3084 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:38:42.0573 3084 TermDD - ok
11:38:42.0650 3084 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
11:38:42.0669 3084 TermService - ok
11:38:42.0720 3084 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
11:38:42.0723 3084 Themes - ok
11:38:42.0774 3084 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:38:42.0777 3084 THREADORDER - ok
11:38:42.0801 3084 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
11:38:42.0806 3084 TrkWks - ok
11:38:42.0892 3084 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
11:38:42.0897 3084 TrustedInstaller - ok
11:38:42.0950 3084 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:38:42.0952 3084 tssecsrv - ok
11:38:43.0040 3084 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:38:43.0042 3084 TsUsbFlt - ok
11:38:43.0120 3084 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:38:43.0125 3084 tunnel - ok
11:38:43.0188 3084 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:38:43.0191 3084 uagp35 - ok
11:38:43.0261 3084 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:38:43.0269 3084 udfs - ok
11:38:43.0332 3084 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
11:38:43.0335 3084 UI0Detect - ok
11:38:43.0375 3084 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:38:43.0376 3084 uliagpkx - ok
11:38:43.0396 3084 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
11:38:43.0398 3084 umbus - ok
11:38:43.0427 3084 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:38:43.0429 3084 UmPass - ok
11:38:43.0465 3084 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
11:38:43.0475 3084 upnphost - ok
11:38:43.0525 3084 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
11:38:43.0528 3084 USBAAPL64 - ok
11:38:43.0580 3084 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys
11:38:43.0583 3084 usbccgp - ok
11:38:43.0616 3084 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:38:43.0620 3084 usbcir - ok
11:38:43.0640 3084 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
11:38:43.0643 3084 usbehci - ok
11:38:43.0699 3084 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:38:43.0707 3084 usbhub - ok
11:38:43.0738 3084 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
11:38:43.0741 3084 usbohci - ok
11:38:43.0793 3084 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:38:43.0794 3084 usbprint - ok
11:38:43.0860 3084 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
11:38:43.0862 3084 usbscan - ok
11:38:43.0902 3084 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:38:43.0905 3084 USBSTOR - ok
11:38:43.0927 3084 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
11:38:43.0930 3084 usbuhci - ok
11:38:43.0981 3084 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
11:38:43.0985 3084 UxSms - ok
11:38:44.0020 3084 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:38:44.0023 3084 VaultSvc - ok
11:38:44.0041 3084 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:38:44.0043 3084 vdrvroot - ok
11:38:44.0111 3084 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
11:38:44.0128 3084 vds - ok
11:38:44.0160 3084 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:38:44.0163 3084 vga - ok
11:38:44.0183 3084 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:38:44.0185 3084 VgaSave - ok
11:38:44.0218 3084 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:38:44.0224 3084 vhdmp - ok
11:38:44.0248 3084 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:38:44.0250 3084 viaide - ok
11:38:44.0278 3084 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:38:44.0281 3084 volmgr - ok
11:38:44.0343 3084 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:38:44.0351 3084 volmgrx - ok
11:38:44.0384 3084 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:38:44.0390 3084 volsnap - ok
11:38:44.0431 3084 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:38:44.0436 3084 vsmraid - ok
11:38:44.0528 3084 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
11:38:44.0586 3084 VSS - ok
11:38:44.0613 3084 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:38:44.0615 3084 vwifibus - ok
11:38:44.0635 3084 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:38:44.0637 3084 vwififlt - ok
11:38:44.0693 3084 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
11:38:44.0703 3084 W32Time - ok
11:38:44.0725 3084 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:38:44.0728 3084 WacomPen - ok
11:38:44.0793 3084 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:38:44.0797 3084 WANARP - ok
11:38:44.0814 3084 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:38:44.0815 3084 Wanarpv6 - ok
11:38:44.0905 3084 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
11:38:44.0951 3084 WatAdminSvc - ok
11:38:45.0049 3084 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
11:38:45.0096 3084 wbengine - ok
11:38:45.0153 3084 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
11:38:45.0160 3084 WbioSrvc - ok
11:38:45.0214 3084 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
11:38:45.0224 3084 wcncsvc - ok
11:38:45.0240 3084 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
11:38:45.0245 3084 WcsPlugInService - ok
11:38:45.0333 3084 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:38:45.0334 3084 Wd - ok
11:38:45.0372 3084 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:38:45.0390 3084 Wdf01000 - ok
11:38:45.0410 3084 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:38:45.0415 3084 WdiServiceHost - ok
11:38:45.0420 3084 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:38:45.0424 3084 WdiSystemHost - ok
11:38:45.0482 3084 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
11:38:45.0490 3084 WebClient - ok
11:38:45.0518 3084 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
11:38:45.0526 3084 Wecsvc - ok
11:38:45.0569 3084 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
11:38:45.0574 3084 wercplsupport - ok
11:38:45.0619 3084 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
11:38:45.0624 3084 WerSvc - ok
11:38:45.0646 3084 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:38:45.0648 3084 WfpLwf - ok
11:38:45.0660 3084 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:38:45.0665 3084 WIMMount - ok
11:38:45.0722 3084 WinDefend - ok
11:38:45.0736 3084 WinHttpAutoProxySvc - ok
11:38:45.0819 3084 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
11:38:45.0827 3084 Winmgmt - ok
11:38:45.0933 3084 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
11:38:46.0002 3084 WinRM - ok
11:38:46.0063 3084 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
11:38:46.0065 3084 WinUsb - ok
11:38:46.0137 3084 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
11:38:46.0171 3084 Wlansvc - ok
11:38:46.0351 3084 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:38:46.0404 3084 wlidsvc - ok
11:38:46.0560 3084 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:38:46.0562 3084 WmiAcpi - ok
11:38:46.0689 3084 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
11:38:46.0694 3084 wmiApSrv - ok
11:38:46.0775 3084 WMPNetworkSvc - ok
11:38:46.0839 3084 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
11:38:46.0843 3084 WPCSvc - ok
11:38:46.0888 3084 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
11:38:46.0894 3084 WPDBusEnum - ok
11:38:46.0945 3084 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:38:46.0947 3084 ws2ifsl - ok
11:38:46.0968 3084 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
11:38:46.0973 3084 wscsvc - ok
11:38:46.0986 3084 WSearch - ok
11:38:47.0114 3084 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
11:38:47.0187 3084 wuauserv - ok
11:38:47.0248 3084 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:38:47.0250 3084 WudfPf - ok
11:38:47.0292 3084 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:38:47.0297 3084 WUDFRd - ok
11:38:47.0352 3084 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
11:38:47.0357 3084 wudfsvc - ok
11:38:47.0383 3084 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
11:38:47.0415 3084 WwanSvc - ok
11:38:47.0468 3084 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:38:47.0605 3084 \Device\Harddisk0\DR0 - ok
11:38:47.0610 3084 Boot (0x1200) (4ad504751ef3a179355b41e61d736953) \Device\Harddisk0\DR0\Partition0
11:38:47.0612 3084 \Device\Harddisk0\DR0\Partition0 - ok
11:38:47.0643 3084 Boot (0x1200) (41a6675dd8cf6f193d51e378c4a7957d) \Device\Harddisk0\DR0\Partition1
11:38:47.0644 3084 \Device\Harddisk0\DR0\Partition1 - ok
11:38:47.0645 3084 ============================================================
11:38:47.0645 3084 Scan finished
11:38:47.0645 3084 ============================================================
11:38:47.0665 2788 Detected object count: 0
11:38:47.0665 2788 Actual detected object count: 0
Back to top
View user's profile Send private message
Tricktee5
Newbie


Joined: 12 Apr 2012
Last Visit: 13 Apr 2012
Posts: 7
PostPosted: Fri Apr 13, 2012 7:53 am    Post subject: OTL.txt Reply with quote
OTL logfile created on: 4/13/2012 11:46:37 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Teresa\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.11 Mb Total Physical Memory | 209.57 Mb Available Physical Memory | 23.44% Memory free
2.21 Gb Paging File | 1.12 Gb Available in Paging File | 50.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 108.30 Gb Total Space | 68.93 Gb Free Space | 63.64% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 71.84 Mb Free Space | 71.85% Space Free | Partition Type: NTFS

Computer Name: PC | User Name: Teresa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/13 11:44:31 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Teresa\Desktop\OTL.exe
PRC - [2012/03/18 10:46:06 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/12 07:36:04 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll
MOD - [2012/04/12 07:35:46 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll
MOD - [2012/04/01 18:23:51 | 008,797,344 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
MOD - [2012/03/18 10:46:05 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/02/15 08:09:06 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/15 08:08:59 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/15 08:07:54 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011/10/12 03:36:07 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll
MOD - [2011/10/12 03:35:21 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008/12/01 20:45:18 | 000,932,864 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2012/04/01 18:23:51 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/10/28 19:35:26 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/28 19:35:28 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/07 14:34:52 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/12/07 14:34:52 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/08 01:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:34:35 | 000,087,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b44amd64.sys -- (bcm44amd64)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/12/01 22:15:04 | 005,000,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2007/03/19 13:09:36 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV - [2012/04/07 03:41:31 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1327499806-559606498-3986796595-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
IE - HKU\S-1-5-21-1327499806-559606498-3986796595-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = About:Blank
IE - HKU\S-1-5-21-1327499806-559606498-3986796595-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = About:Blank
IE - HKU\S-1-5-21-1327499806-559606498-3986796595-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1327499806-559606498-3986796595-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.autocompletepro.com/?si=10186&bi=400
IE - HKU\S-1-5-21-1327499806-559606498-3986796595-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1327499806-559606498-3986796595-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1327499806-559606498-3986796595-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1327499806-559606498-3986796595-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 45 AC F9 AA 1A B1 CA 01 [binary data]
IE - HKU\S-1-5-21-1327499806-559606498-3986796595-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = About:Blank
IE - HKU\S-1-5-21-1327499806-559606498-3986796595-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = About:Blank
IE - HKU\S-1-5-21-1327499806-559606498-3986796595-1001\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}
IE - HKU\S-1-5-21-1327499806-559606498-3986796595-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1327499806-559606498-3986796595-1001\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}
IE - HKU\S-1-5-21-1327499806-559606498-3986796595-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1327499806-559606498-3986796595-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre1.6.0_22\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Teresa\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/18 10:46:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/22 16:38:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8BF21727-7C38-11E1-826D-B8AC6F996F26}: C:\Users\Teresa\AppData\Local\{8BF21727-7C38-11E1-826D-B8AC6F996F26}\ [2012/04/01 16:23:40 | 000,000,000 | ---D | M]

[2010/02/19 01:15:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Teresa\AppData\Roaming\Mozilla\Extensions
[2012/04/06 15:56:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\y9rrfetx.default\extensions
[2011/11/10 12:28:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/01 16:23:40 | 000,000,000 | ---D | M] (Translate This!) -- C:\USERS\TERESA\APPDATA\LOCAL\{8BF21727-7C38-11E1-826D-B8AC6F996F26}
[2012/03/18 10:46:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/07/29 14:33:10 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/10 12:28:31 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/10 12:28:31 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No CLSID value found.
O3 - HKU\S-1-5-21-1327499806-559606498-3986796595-1001\..\Toolbar\WebBrowser: (no name) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No CLSID value found.
O3 - HKU\S-1-5-21-1327499806-559606498-3986796595-1001\..\Toolbar\WebBrowser: (no name) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No CLSID value found.
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1327499806-559606498-3986796595-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{007D250F-487C-433E-96CD-09EEF06BF543}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{220D6E7F-B58F-4369-8047-CEA0F424C479}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9994230-E886-4B16-A888-125C94719BEC}: DhcpNameServer = 192.168.254.254 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BAE510DC-8E73-437E-9031-91B59272C6EC}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{76ba8b29-1d20-11df-9a3d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{76ba8b29-1d20-11df-9a3d-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/13 11:44:24 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Teresa\Desktop\OTL.exe
[2012/04/13 11:36:51 | 000,000,000 | ---D | C] -- C:\Users\Teresa\Desktop\tdsskiller
[2012/04/13 08:18:31 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{13FD5059-4C94-40A2-93B9-89296F9A7D21}
[2012/04/13 08:18:06 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{ADAC00FC-FB59-40A6-AE58-33C987BC8D4B}
[2012/04/13 07:06:03 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{95D64203-FF17-486A-ADD3-8003566D97F8}
[2012/04/13 07:05:41 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{7B7950F1-8847-4D18-A5F8-2E406DE2B8B2}
[2012/04/12 20:46:33 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Teresa\Desktop\dds.scr
[2012/04/12 20:24:52 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{4D77F872-AFC2-4503-B622-DFF918A80262}
[2012/04/12 03:05:00 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/04/12 03:04:59 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/12 03:04:58 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/04/12 03:04:57 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/04/12 03:04:57 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/04/12 03:04:57 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/04/12 03:04:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/12 03:04:56 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/04/12 03:04:55 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/04/12 03:04:55 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/04/12 03:04:55 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/04/12 03:04:28 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/04/12 03:04:27 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/04/12 03:04:26 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/04/12 03:01:16 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/04/12 03:01:16 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/04/12 03:01:13 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/04/11 07:56:12 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{0B399025-6ACD-49AC-A8D7-69E2C91CF587}
[2012/04/10 12:58:29 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{DA9C4CA4-397B-465F-875C-10010B791E98}
[2012/04/09 22:50:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2012/04/09 22:50:04 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2012/04/09 22:30:50 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Roaming\TestApp
[2012/04/09 22:11:23 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/04/09 22:01:02 | 002,020,864 | ---- | C] (Inprise Corporation) -- C:\Windows\SysWow64\VCL50.bpl
[2012/04/09 22:01:02 | 000,248,832 | ---- | C] (Inprise Corporation) -- C:\Windows\SysWow64\VCLX50.bpl
[2012/04/09 22:01:02 | 000,066,048 | ---- | C] (Inprise Corporation) -- C:\Windows\SysWow64\VCLSMP50.bpl
[2012/04/09 22:01:02 | 000,026,624 | ---- | C] (Teknum Systems AS) -- C:\Windows\SysWow64\ssmenu.dll
[2012/04/09 22:01:02 | 000,000,000 | --SD | C] -- C:\Program Files (x86)\Common Files\Teknum Systems
[2012/04/09 22:01:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HandyBits
[2012/04/07 03:36:49 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2012/04/07 03:36:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2012/04/06 12:07:03 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{AD6F1AED-9675-4BF9-B162-9BB4676759AA}
[2012/04/06 00:06:15 | 000,000,000 | ---D | C] -- C:\Users\Teresa\Desktop\Books
[2012/04/05 09:57:32 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{78E85A5A-1287-4CB4-B841-42878677D3EF}
[2012/04/04 21:56:51 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{EC24162E-91CA-4DE2-930E-BA6CB8050405}
[2012/04/03 22:30:18 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{9CBE703F-3989-4690-A07B-30BA5A26DBC6}
[2012/04/03 10:29:23 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{E4D02546-13A0-41C4-BBC9-1865ADF5BEE5}
[2012/04/01 18:23:51 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/01 16:23:40 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{8BF21727-7C38-11E1-826D-B8AC6F996F26}
[2012/04/01 09:59:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/04/01 09:58:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/04/01 09:58:01 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/04/01 09:58:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/03/31 12:15:38 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{CD6116BF-BFCB-4EFC-AE81-BE44DF23527E}
[2012/03/30 23:43:13 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{8D6EB9D7-26D9-4B58-B0A4-7A00C6D6A8CF}
[2012/03/30 08:26:54 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{0A364303-91B1-48BF-B1AD-12CB7183771C}
[2012/03/29 14:08:59 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{89623324-D14D-429B-97F9-6A9AF6A26F4A}
[2012/03/28 07:59:06 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{9B49BCDA-0880-4097-B66B-92EC4A012243}
[2012/03/28 07:58:43 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{515C3694-5BE4-4EB8-864E-48B0A5D4EA8A}
[2012/03/27 13:00:05 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{36454EB4-ED6A-46D3-8546-4DE7ED2599B7}
[2012/03/27 12:59:32 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{4BB0433B-6721-4049-8CA0-5B81282A2A26}
[2012/03/24 15:46:26 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{0B03C821-E7BD-441A-BB5D-A761791D0900}
[2012/03/24 15:45:59 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{8E8F0DAB-0D01-440F-A753-771748CBD331}
[2012/03/23 09:27:52 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{822FE4C8-E736-49FD-9AB1-E63454DA051E}
[2012/03/23 09:27:41 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{E2CCA611-7C32-45BC-A937-FA69351CA14D}
[2012/03/22 12:54:18 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{B9A850CC-85FA-4E49-AED6-8D6D823B3B75}
[2012/03/22 12:54:01 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{DDF3FE70-20DA-4847-A465-A4CD8C46300B}
[2012/03/21 10:35:05 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{5FBC8A84-33C4-46A9-868D-B8B9359835AB}
[2012/03/21 10:34:53 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{7D9BEF4D-E181-4C8C-B8BF-C0BCDA12065E}
[2012/03/20 20:20:29 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{E45F15FE-9FC4-4266-B36D-25BE191240C7}
[2012/03/20 20:20:06 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{93E558A7-E22D-43DC-9984-653CE8209C77}
[2012/03/20 08:19:36 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{A0613BB3-5D9C-4DC6-9FD7-17CF921AED1D}
[2012/03/20 08:19:07 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{B2332FC8-6859-4599-8287-642E130243B7}
[2012/03/19 19:52:34 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{2417399D-BA05-4931-B231-BF8E26888C91}
[2012/03/19 19:52:08 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{E449448F-42EE-44F4-A023-BD18A6EA5DB3}
[2012/03/18 22:57:07 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{5B6CA200-D763-475A-BAB5-8E8424B64962}
[2012/03/18 22:56:42 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{C81DF2C0-2851-4041-ACA5-E83EC81B3651}
[2012/03/18 10:43:50 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{A09DAAC4-63A4-406C-875F-3FBAC30847B2}
[2012/03/18 10:43:24 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{A3F829D0-A69B-4230-9096-0490609D9670}
[2012/03/17 00:01:39 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{FBE30D19-C5AC-48BD-B862-E97A2C0F6F86}
[2012/03/17 00:01:14 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{E8EAE1B0-F31C-49D6-A725-1EF80A0AEB50}
[2012/03/16 09:05:51 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{6270DA54-58E6-4FC2-A52C-6B971C0AB0F4}
[2012/03/16 09:05:16 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{AEA34216-A47A-4DD1-AE44-BA1FE240FDAB}
[2012/03/15 20:52:38 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{5814EAC2-A245-4834-B10A-BA23E6C02EA6}
[2012/03/15 20:52:13 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{3952C767-65E4-479F-AE57-9989CE1FCD4D}
[2012/03/15 08:51:45 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{321E46AE-A73B-4255-8164-61CB30BDD0D2}
[2012/03/15 08:51:17 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{E76632FB-DE55-4603-9D00-CE9A13AF2B3C}
[2012/03/14 19:21:14 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{8E6F9A15-5E12-420F-8E5B-B62E057F0493}
[2012/03/14 19:21:03 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{E4AD7413-2920-45DC-86EC-60DB392EDBF3}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/13 11:44:31 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Teresa\Desktop\OTL.exe
[2012/04/13 11:34:31 | 002,052,353 | ---- | M] () -- C:\Users\Teresa\Desktop\tdsskiller.zip
[2012/04/13 11:15:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/13 09:21:02 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1327499806-559606498-3986796595-1001UA.job
[2012/04/12 23:19:16 | 000,002,840 | ---- | M] () -- C:\Users\Teresa\Documents\Babysitting.odt
[2012/04/12 22:29:03 | 000,007,334 | ---- | M] () -- C:\Users\Teresa\Desktop\New OpenDocument Text.odt
[2012/04/12 20:46:41 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Teresa\Desktop\dds.scr
[2012/04/12 18:21:01 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1327499806-559606498-3986796595-1001Core.job
[2012/04/12 07:49:00 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/12 07:49:00 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/12 07:31:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/12 07:31:23 | 703,156,224 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/12 03:09:41 | 000,740,814 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/12 03:09:41 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/12 03:09:41 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/10 03:40:27 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/04/10 03:40:27 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/04/09 22:01:04 | 000,001,308 | ---- | M] () -- C:\Windows\SysWow64\tsdigsgn.dat
[2012/04/09 22:01:02 | 002,020,864 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWow64\VCL50.bpl
[2012/04/09 22:01:02 | 000,248,832 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWow64\VCLX50.bpl
[2012/04/09 22:01:02 | 000,066,048 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWow64\VCLSMP50.bpl
[2012/04/09 22:01:02 | 000,026,624 | ---- | M] (Teknum Systems AS) -- C:\Windows\SysWow64\ssmenu.dll
[2012/04/07 03:41:31 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2012/04/07 03:41:30 | 000,016,432 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2012/04/07 03:36:51 | 000,001,060 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2012/04/07 03:30:40 | 000,000,154 | ---- | M] () -- C:\Users\Teresa\AppData\Local\svcxdcl32.dat
[2012/04/01 18:23:51 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/01 18:23:51 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/04/01 16:45:28 | 000,001,076 | ---- | M] () -- C:\Users\Teresa\Documents - Shortcut.lnk
[2012/04/01 16:43:15 | 000,001,017 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/04/01 09:59:13 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/15 03:16:08 | 002,720,776 | ---- | M] () -- C:\Users\Teresa\Desktop\Hair March 2012 (1).JPG
[2012/03/15 03:15:42 | 002,721,335 | ---- | M] () -- C:\Users\Teresa\Desktop\Hair March 2012 (3).JPG
[2012/03/15 03:15:32 | 002,658,148 | ---- | M] () -- C:\Users\Teresa\Desktop\Hair March 2012 (2).JPG
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/13 11:34:24 | 002,052,353 | ---- | C] () -- C:\Users\Teresa\Desktop\tdsskiller.zip
[2012/04/12 23:10:40 | 000,002,840 | ---- | C] () -- C:\Users\Teresa\Documents\Babysitting.odt
[2012/04/12 22:29:03 | 000,007,334 | ---- | C] () -- C:\Users\Teresa\Desktop\New OpenDocument Text.odt
[2012/04/09 22:01:04 | 000,001,308 | ---- | C] () -- C:\Windows\SysWow64\tsdigsgn.dat
[2012/04/07 03:45:56 | 000,016,432 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2012/04/07 03:36:51 | 000,001,060 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2012/04/01 18:24:15 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/01 16:45:28 | 000,001,076 | ---- | C] () -- C:\Users\Teresa\Documents - Shortcut.lnk
[2012/04/01 16:20:37 | 000,000,154 | ---- | C] () -- C:\Users\Teresa\AppData\Local\svcxdcl32.dat
[2012/04/01 09:59:13 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/15 03:16:08 | 002,720,776 | ---- | C] () -- C:\Users\Teresa\Desktop\Hair March 2012 (1).JPG
[2012/03/15 03:15:42 | 002,721,335 | ---- | C] () -- C:\Users\Teresa\Desktop\Hair March 2012 (3).JPG
[2012/03/15 03:15:32 | 002,658,148 | ---- | C] () -- C:\Users\Teresa\Desktop\Hair March 2012 (2).JPG
[2011/11/30 11:36:01 | 000,007,602 | ---- | C] () -- C:\Users\Teresa\AppData\Local\Resmon.ResmonCfg
[2011/11/19 16:37:30 | 000,003,584 | ---- | C] () -- C:\Users\Teresa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/26 13:29:18 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/04/26 13:29:18 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/04/06 13:53:36 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/08/05 11:48:18 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/08/05 11:48:18 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2070N.DAT

========== LOP Check ==========

[2010/08/19 13:49:46 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\acccore
[2010/04/13 17:24:36 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\ArcadeTown Janes Realty2
[2011/04/06 13:54:39 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\AviDvdBurner
[2011/05/08 21:24:41 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\AvitoDvd
[2010/12/07 14:14:56 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\Free-backup.info
[2010/03/11 19:00:10 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\GetRightToGo
[2010/03/11 19:08:37 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\NVD
[2011/01/04 18:51:07 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\OpenOffice.org
[2010/03/17 12:14:03 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\PlayFirst
[2010/09/20 12:09:30 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\Smilebox
[2010/12/21 15:46:00 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\SoftGrid Client
[2010/11/18 15:02:20 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\Start
[2012/04/09 22:30:50 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\TestApp
[2010/03/11 19:09:52 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\TP
[2012/04/07 03:01:14 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\uTorrent
[2010/10/21 15:49:50 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\Windows Live Writer
[2012/04/12 18:21:01 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1327499806-559606498-3986796595-1001Core.job
[2012/04/13 09:21:02 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1327499806-559606498-3986796595-1001UA.job
[2011/12/14 10:01:34 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 168 bytes -> C:\Users\Teresa\Documents\Financial Information.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:93B0BB6F
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:BB188922
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
Back to top
View user's profile Send private message
Tricktee5
Newbie


Joined: 12 Apr 2012
Last Visit: 13 Apr 2012
Posts: 7
PostPosted: Fri Apr 13, 2012 7:55 am    Post subject: Extras.txt Reply with quote
OTL Extras logfile created on: 4/13/2012 11:46:37 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Teresa\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.11 Mb Total Physical Memory | 209.57 Mb Available Physical Memory | 23.44% Memory free
2.21 Gb Paging File | 1.12 Gb Available in Paging File | 50.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 108.30 Gb Total Space | 68.93 Gb Free Space | 63.64% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 71.84 Mb Free Space | 71.85% Space Free | Partition Type: NTFS

Computer Name: PC | User Name: Teresa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1327499806-559606498-3986796595-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Media Driver Ver.3.53.02
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E43196CF-182A-4D9E-9CE7-69616DBEE3B0}" = Ad-Aware
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.22beta
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"Photags Music Express" = iConcepts Music Express
"uTorrent" = µTorrent
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1327499806-559606498-3986796595-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Smilebox" = Smilebox

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
OTL Extras logfile created on: 4/13/2012 11:46:37 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Teresa\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.11 Mb Total Physical Memory | 209.57 Mb Available Physical Memory | 23.44% Memory free
2.21 Gb Paging File | 1.12 Gb Available in Paging File | 50.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 108.30 Gb Total Space | 68.93 Gb Free Space | 63.64% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 71.84 Mb Free Space | 71.85% Space Free | Partition Type: NTFS

Computer Name: PC | User Name: Teresa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1327499806-559606498-3986796595-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Media Driver Ver.3.53.02
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E43196CF-182A-4D9E-9CE7-69616DBEE3B0}" = Ad-Aware
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.22beta
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"Photags Music Express" = iConcepts Music Express
"uTorrent" = µTorrent
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1327499806-559606498-3986796595-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Smilebox" = Smilebox

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 19 May 2013
Posts: 9697
Location: Yorkshire
PostPosted: Fri Apr 13, 2012 8:33 am    Post subject: Reply with quote
OK, there's a few things we need to take care of .....

First

Please go to Control Panel > Programs > Uninstall a program and Uninstall the following:

Quote:
Java(TM) 6 Update 22
µTorrent


Old versions of Java can be exploited, and using P2P programs is the fastest way I know to pick up an infection ..... http://spywarewarrior.com/viewtopic.php?p=166646#166646

Reboot your computer when finished.

Now download and install JDK 6 Update 31 (JDK or JRE).



Next


  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.

Code:
:OTL
IE - HKU\S-1-5-21-1327499806-559606498-3986796595-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.autocompletepro.com/?si=10186&bi=400
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No CLSID value found.
O3 - HKU\S-1-5-21-1327499806-559606498-3986796595-1001\..\Toolbar\WebBrowser: (no name) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No CLSID value found.
O3 - HKU\S-1-5-21-1327499806-559606498-3986796595-1001\..\Toolbar\WebBrowser: (no name) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No CLSID value found.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O33 - MountPoints2\{76ba8b29-1d20-11df-9a3d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{76ba8b29-1d20-11df-9a3d-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe
[2012/04/13 08:18:31 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{13FD5059-4C94-40A2-93B9-89296F9A7D21}
[2012/04/13 08:18:06 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{ADAC00FC-FB59-40A6-AE58-33C987BC8D4B}
[2012/04/13 07:06:03 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{95D64203-FF17-486A-ADD3-8003566D97F8}
[2012/04/13 07:05:41 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{7B7950F1-8847-4D18-A5F8-2E406DE2B8B2}
[2012/04/12 20:24:52 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{4D77F872-AFC2-4503-B622-DFF918A80262}
[2012/04/11 07:56:12 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{0B399025-6ACD-49AC-A8D7-69E2C91CF587}
[2012/04/10 12:58:29 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{DA9C4CA4-397B-465F-875C-10010B791E98}
[2012/04/09 22:50:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2012/04/06 12:07:03 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{AD6F1AED-9675-4BF9-B162-9BB4676759AA}
[2012/04/05 09:57:32 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{78E85A5A-1287-4CB4-B841-42878677D3EF}
[2012/04/04 21:56:51 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{EC24162E-91CA-4DE2-930E-BA6CB8050405}
[2012/04/03 22:30:18 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{9CBE703F-3989-4690-A07B-30BA5A26DBC6}
[2012/04/03 10:29:23 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{E4D02546-13A0-41C4-BBC9-1865ADF5BEE5}
[2012/04/01 16:23:40 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{8BF21727-7C38-11E1-826D-B8AC6F996F26}
[2012/03/31 12:15:38 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{CD6116BF-BFCB-4EFC-AE81-BE44DF23527E}
[2012/03/30 23:43:13 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{8D6EB9D7-26D9-4B58-B0A4-7A00C6D6A8CF}
[2012/03/30 08:26:54 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{0A364303-91B1-48BF-B1AD-12CB7183771C}
[2012/03/29 14:08:59 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{89623324-D14D-429B-97F9-6A9AF6A26F4A}
[2012/03/28 07:59:06 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{9B49BCDA-0880-4097-B66B-92EC4A012243}
[2012/03/28 07:58:43 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{515C3694-5BE4-4EB8-864E-48B0A5D4EA8A}
[2012/03/27 13:00:05 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{36454EB4-ED6A-46D3-8546-4DE7ED2599B7}
[2012/03/27 12:59:32 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{4BB0433B-6721-4049-8CA0-5B81282A2A26}
[2012/03/24 15:46:26 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{0B03C821-E7BD-441A-BB5D-A761791D0900}
[2012/03/24 15:45:59 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{8E8F0DAB-0D01-440F-A753-771748CBD331}
[2012/03/23 09:27:52 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{822FE4C8-E736-49FD-9AB1-E63454DA051E}
[2012/03/23 09:27:41 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{E2CCA611-7C32-45BC-A937-FA69351CA14D}
[2012/03/22 12:54:18 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{B9A850CC-85FA-4E49-AED6-8D6D823B3B75}
[2012/03/22 12:54:01 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{DDF3FE70-20DA-4847-A465-A4CD8C46300B}
[2012/03/21 10:35:05 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{5FBC8A84-33C4-46A9-868D-B8B9359835AB}
[2012/03/21 10:34:53 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{7D9BEF4D-E181-4C8C-B8BF-C0BCDA12065E}
[2012/03/20 20:20:29 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{E45F15FE-9FC4-4266-B36D-25BE191240C7}
[2012/03/20 20:20:06 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{93E558A7-E22D-43DC-9984-653CE8209C77}
[2012/03/20 08:19:36 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{A0613BB3-5D9C-4DC6-9FD7-17CF921AED1D}
[2012/03/20 08:19:07 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{B2332FC8-6859-4599-8287-642E130243B7}
[2012/03/19 19:52:34 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{2417399D-BA05-4931-B231-BF8E26888C91}
[2012/03/19 19:52:08 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{E449448F-42EE-44F4-A023-BD18A6EA5DB3}
[2012/03/18 22:57:07 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{5B6CA200-D763-475A-BAB5-8E8424B64962}
[2012/03/18 22:56:42 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{C81DF2C0-2851-4041-ACA5-E83EC81B3651}
[2012/03/18 10:43:50 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{A09DAAC4-63A4-406C-875F-3FBAC30847B2}
[2012/03/18 10:43:24 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{A3F829D0-A69B-4230-9096-0490609D9670}
[2012/03/17 00:01:39 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{FBE30D19-C5AC-48BD-B862-E97A2C0F6F86}
[2012/03/17 00:01:14 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{E8EAE1B0-F31C-49D6-A725-1EF80A0AEB50}
[2012/03/16 09:05:51 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{6270DA54-58E6-4FC2-A52C-6B971C0AB0F4}
[2012/03/16 09:05:16 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{AEA34216-A47A-4DD1-AE44-BA1FE240FDAB}
[2012/03/15 20:52:38 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{5814EAC2-A245-4834-B10A-BA23E6C02EA6}
[2012/03/15 20:52:13 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{3952C767-65E4-479F-AE57-9989CE1FCD4D}
[2012/03/15 08:51:45 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{321E46AE-A73B-4255-8164-61CB30BDD0D2}
[2012/03/15 08:51:17 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{E76632FB-DE55-4603-9D00-CE9A13AF2B3C}
[2012/03/14 19:21:14 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{8E6F9A15-5E12-420F-8E5B-B62E057F0493}
[2012/03/14 19:21:03 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{E4AD7413-2920-45DC-86EC-60DB392EDBF3}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2012/04/07 03:01:14 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\uTorrent
@Alternate Data Stream - 168 bytes -> C:\Users\Teresa\Documents\Financial Information.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:93B0BB6F
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:BB188922
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

:Files
ipconfig /flushdns /c

:Commands
[emptytemp]
[resethosts]


  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.


Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Next

Please download Malwarebytes' Anti-Malware to your Desktop.


  • Double-click mbam-setup.exe and follow the prompts to install the program.



  • Click on the Malwarebytes' Anti-Malware icon to launch the programme.

    • Click the Updates tab.

      • Click Check for Updates and allow the programme to download the latest definitions.

    • Click the Scanner tab.

      • Check Perform Quick Scan.
      • Click Scan and wait for the scan to complete.
      • When the scan is complete, click OK, then Show Results.
      • Check all items except items in the C:\System Volume Information folder and click on Remove Selected.

        • A box will pop-up telling you that files have been quarantined.
        • A log will pop-up.

      • Post the log in your next reply please.




You can also access the log by doing the following

  • Click on the Logs tab.

    • Click on the log at the bottom of those listed to highlight it.
    • Click Open



Summary of the logs I need from you in your next post:

  • OTL fix log
  • MBAM log
  • Let me know how your computer is behaving now please.


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Tricktee5
Newbie


Joined: 12 Apr 2012
Last Visit: 13 Apr 2012
Posts: 7
PostPosted: Fri Apr 13, 2012 10:01 am    Post subject: OTL fix log Reply with quote
All processes killed
========== OTL ==========
HKU\S-1-5-21-1327499806-559606498-3986796595-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Default_Page_URL| /E : value set successfully!
Prefs.js: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.3.2 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: engine@conduit.com:3.2.5.2 removed from extensions.enabledItems
Prefs.js: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5BED3930-2E9E-76D8-BACC-80DF2188D455} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\ not found.
Registry value HKEY_USERS\S-1-5-21-1327499806-559606498-3986796595-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{5BED3930-2E9E-76D8-BACC-80DF2188D455} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\ not found.
Registry value HKEY_USERS\S-1-5-21-1327499806-559606498-3986796595-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76ba8b29-1d20-11df-9a3d-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76ba8b29-1d20-11df-9a3d-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76ba8b29-1d20-11df-9a3d-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76ba8b29-1d20-11df-9a3d-806e6f6e6963}\ not found.
File D:\Autorun.exe not found.
C:\Users\Teresa\AppData\Local\{13FD5059-4C94-40A2-93B9-89296F9A7D21} folder moved successfully.
C:\Users\Teresa\AppData\Local\{ADAC00FC-FB59-40A6-AE58-33C987BC8D4B} folder moved successfully.
C:\Users\Teresa\AppData\Local\{95D64203-FF17-486A-ADD3-8003566D97F8} folder moved successfully.
C:\Users\Teresa\AppData\Local\{7B7950F1-8847-4D18-A5F8-2E406DE2B8B2} folder moved successfully.
C:\Users\Teresa\AppData\Local\{4D77F872-AFC2-4503-B622-DFF918A80262} folder moved successfully.
C:\Users\Teresa\AppData\Local\{0B399025-6ACD-49AC-A8D7-69E2C91CF587} folder moved successfully.
C:\Users\Teresa\AppData\Local\{DA9C4CA4-397B-465F-875C-10010B791E98} folder moved successfully.
C:\Program Files (x86)\Panda Security folder moved successfully.
C:\Users\Teresa\AppData\Local\{AD6F1AED-9675-4BF9-B162-9BB4676759AA} folder moved successfully.
C:\Users\Teresa\AppData\Local\{78E85A5A-1287-4CB4-B841-42878677D3EF} folder moved successfully.
C:\Users\Teresa\AppData\Local\{EC24162E-91CA-4DE2-930E-BA6CB8050405} folder moved successfully.
C:\Users\Teresa\AppData\Local\{9CBE703F-3989-4690-A07B-30BA5A26DBC6} folder moved successfully.
C:\Users\Teresa\AppData\Local\{E4D02546-13A0-41C4-BBC9-1865ADF5BEE5} folder moved successfully.
C:\Users\Teresa\AppData\Local\{8BF21727-7C38-11E1-826D-B8AC6F996F26}\chrome\content folder moved successfully.
C:\Users\Teresa\AppData\Local\{8BF21727-7C38-11E1-826D-B8AC6F996F26}\chrome folder moved successfully.
C:\Users\Teresa\AppData\Local\{8BF21727-7C38-11E1-826D-B8AC6F996F26} folder moved successfully.
C:\Users\Teresa\AppData\Local\{CD6116BF-BFCB-4EFC-AE81-BE44DF23527E} folder moved successfully.
C:\Users\Teresa\AppData\Local\{8D6EB9D7-26D9-4B58-B0A4-7A00C6D6A8CF} folder moved successfully.
C:\Users\Teresa\AppData\Local\{0A364303-91B1-48BF-B1AD-12CB7183771C} folder moved successfully.
C:\Users\Teresa\AppData\Local\{89623324-D14D-429B-97F9-6A9AF6A26F4A} folder moved successfully.
C:\Users\Teresa\AppData\Local\{9B49BCDA-0880-4097-B66B-92EC4A012243} folder moved successfully.
C:\Users\Teresa\AppData\Local\{515C3694-5BE4-4EB8-864E-48B0A5D4EA8A} folder moved successfully.
C:\Users\Teresa\AppData\Local\{36454EB4-ED6A-46D3-8546-4DE7ED2599B7} folder moved successfully.
C:\Users\Teresa\AppData\Local\{4BB0433B-6721-4049-8CA0-5B81282A2A26} folder moved successfully.
C:\Users\Teresa\AppData\Local\{0B03C821-E7BD-441A-BB5D-A761791D0900} folder moved successfully.
C:\Users\Teresa\AppData\Local\{8E8F0DAB-0D01-440F-A753-771748CBD331} folder moved successfully.
C:\Users\Teresa\AppData\Local\{822FE4C8-E736-49FD-9AB1-E63454DA051E} folder moved successfully.
C:\Users\Teresa\AppData\Local\{E2CCA611-7C32-45BC-A937-FA69351CA14D} folder moved successfully.
C:\Users\Teresa\AppData\Local\{B9A850CC-85FA-4E49-AED6-8D6D823B3B75} folder moved successfully.
C:\Users\Teresa\AppData\Local\{DDF3FE70-20DA-4847-A465-A4CD8C46300B} folder moved successfully.
C:\Users\Teresa\AppData\Local\{5FBC8A84-33C4-46A9-868D-B8B9359835AB} folder moved successfully.
C:\Users\Teresa\AppData\Local\{7D9BEF4D-E181-4C8C-B8BF-C0BCDA12065E} folder moved successfully.
C:\Users\Teresa\AppData\Local\{E45F15FE-9FC4-4266-B36D-25BE191240C7} folder moved successfully.
C:\Users\Teresa\AppData\Local\{93E558A7-E22D-43DC-9984-653CE8209C77} folder moved successfully.
C:\Users\Teresa\AppData\Local\{A0613BB3-5D9C-4DC6-9FD7-17CF921AED1D} folder moved successfully.
C:\Users\Teresa\AppData\Local\{B2332FC8-6859-4599-8287-642E130243B7} folder moved successfully.
C:\Users\Teresa\AppData\Local\{2417399D-BA05-4931-B231-BF8E26888C91} folder moved successfully.
C:\Users\Teresa\AppData\Local\{E449448F-42EE-44F4-A023-BD18A6EA5DB3} folder moved successfully.
C:\Users\Teresa\AppData\Local\{5B6CA200-D763-475A-BAB5-8E8424B64962} folder moved successfully.
C:\Users\Teresa\AppData\Local\{C81DF2C0-2851-4041-ACA5-E83EC81B3651} folder moved successfully.
C:\Users\Teresa\AppData\Local\{A09DAAC4-63A4-406C-875F-3FBAC30847B2} folder moved successfully.
C:\Users\Teresa\AppData\Local\{A3F829D0-A69B-4230-9096-0490609D9670} folder moved successfully.
C:\Users\Teresa\AppData\Local\{FBE30D19-C5AC-48BD-B862-E97A2C0F6F86} folder moved successfully.
C:\Users\Teresa\AppData\Local\{E8EAE1B0-F31C-49D6-A725-1EF80A0AEB50} folder moved successfully.
C:\Users\Teresa\AppData\Local\{6270DA54-58E6-4FC2-A52C-6B971C0AB0F4} folder moved successfully.
C:\Users\Teresa\AppData\Local\{AEA34216-A47A-4DD1-AE44-BA1FE240FDAB} folder moved successfully.
C:\Users\Teresa\AppData\Local\{5814EAC2-A245-4834-B10A-BA23E6C02EA6} folder moved successfully.
C:\Users\Teresa\AppData\Local\{3952C767-65E4-479F-AE57-9989CE1FCD4D} folder moved successfully.
C:\Users\Teresa\AppData\Local\{321E46AE-A73B-4255-8164-61CB30BDD0D2} folder moved successfully.
C:\Users\Teresa\AppData\Local\{E76632FB-DE55-4603-9D00-CE9A13AF2B3C} folder moved successfully.
C:\Users\Teresa\AppData\Local\{8E6F9A15-5E12-420F-8E5B-B62E057F0493} folder moved successfully.
C:\Users\Teresa\AppData\Local\{E4AD7413-2920-45DC-86EC-60DB392EDBF3} folder moved successfully.
C:\Windows\msdownld.tmp\AS1A398D.tmp folder deleted successfully.
C:\Windows\msdownld.tmp folder deleted successfully.
Folder C:\Users\Teresa\AppData\Roaming\uTorrent\ not found.
ADS C:\Users\Teresa\Documents\Financial Information.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\ProgramData\TEMP:93B0BB6F deleted successfully.
ADS C:\ProgramData\TEMP:BB188922 deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Teresa\Desktop\cmd.bat deleted successfully.
C:\Users\Teresa\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mcx1-PC
->Temp folder emptied: 516 bytes
->Temporary Internet Files folder emptied: 211488 bytes
->Flash cache emptied: 41620 bytes

User: Public

User: Teresa
->Temp folder emptied: 2275568 bytes
->Temporary Internet Files folder emptied: 3024935 bytes
->Java cache emptied: 1 bytes
->FireFox cache emptied: 38973521 bytes
->Flash cache emptied: 556 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6072 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 43.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.39.2 log created on 04132012_134626

Files\Folders moved on Reboot...
C:\Users\Teresa\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
Back to top
View user's profile Send private message
Tricktee5
Newbie


Joined: 12 Apr 2012
Last Visit: 13 Apr 2012
Posts: 7
PostPosted: Fri Apr 13, 2012 10:11 am    Post subject: MBAM Log Reply with quote
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.13.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Teresa :: PC [administrator]

4/13/2012 2:05:12 PM
mbam-log-2012-04-13 (14-05-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 210007
Time elapsed: 5 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Back to top
View user's profile Send private message
Tricktee5
Newbie


Joined: 12 Apr 2012
Last Visit: 13 Apr 2012
Posts: 7
PostPosted: Fri Apr 13, 2012 10:15 am    Post subject: computer is behaving Reply with quote
It seems to be fixed as of now. Thank you so much.
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 19 May 2013
Posts: 9697
Location: Yorkshire
PostPosted: Fri Apr 13, 2012 12:56 pm    Post subject: Reply with quote
You're welcome, glad we could help. Smile

Time for a little tidying up then .....

First

Let's clear out OTL and the files and folders it created. This will also remove TDSSKiller.

  • Double click OTL.exe to launch the programme.
  • Click on the CleanUp! button.
  • OTL will download a list from the Internet, if your firewall or other defensive programmes alerts you, allow it access.
  • You will be prompted to allow the clean up procedure, click Yes
  • When finished exit out of OTL
  • Now delete OTL.exe (if still present).


As far as I can see, your computer looks clear of infection now.

Are you still noticing any problems ?

  • If you are let me know about them.
  • If not it's time to make your computer more secure.


Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.


If your computer is running slowly after your clean up, please read.

_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 19 May 2013
Posts: 9697
Location: Yorkshire
PostPosted: Mon Apr 16, 2012 9:10 am    Post subject: Reply with quote
Quote:
This topic is now closed.

If you are the originator of this topic, and you need it re-opened please pm a moderator, including a link to this topic.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Spyware Warrior Donations

Gary R

_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group